Archived U.S. Government Approved Protection Profile - U.S. Government Protection Profile Intrusion Detection System - Sensor for Medium Robustness Environments, Version 1.1
Short Name: pp_ids_sen_mr_v1.1
Technology Type: Wireless Monitoring
CC Version: 3.1
Sunset Date: 2009.10.01
Conformance Claim: Medium RobustnessProtection Profile
The US Government Protection Profile Intrusion Detection System - Sensor for Medium Robustness Environments (IDS Sensor PP) specifies a set of security functional and assurance requirements for Intrusion Detection System (IDS) products. An IDS monitors an Information Technology (IT) System for activity that may adversely affect the IT System may range from a computer system to a computer network. An IDS consists of a sensing capability, an analysis capability and an optional but recommended scanning capability. Sensing and scanning capabilities collect information regarding IT System activity and vulnerabilities, which is then analyzed. Sensing is meant to be a passive capability and scanning is an active capability.
Analyzing capabilities perform intrusion analysis and further categorization of the collected information. Scanning capabilities are optional for this PP because a base IDS only needs the capability to sense data from the IT environment being monitored and to have the capability to analyze the sensed data. The ST author is responsible for defining what components comprise the system. One or more components can provide the set of capabilities that are described in this document.
IDS Sensor PP-conformant products support the ability to statically monitor a set of IT resources in order to identify events that may be indicative of potential vulnerabilities in or misuse of those IT resources. IDS Sensor PP-conformant products also provide the ability to protect themselves and their associated data from unauthorized access and modification and ensure accountability for each users actions.
The IDS Sensor PP was constructed to provide a target and metric for the development of Sensors. This protection profile identifies a minimum set of security functions and assurances that represent the lowest common set of requirements that must be addressed at a Medium Robustness level by a useful Sensor product.
This PP defines:
It should be noted that just because a Sensor may be conformant with this PP, that Sensor should not be assumed to be interoperable with any other IDS component evaluated against a PP in the IDS family of PPs. There are no requirements for interoperability within the PPs.
Changes to PP:
The following areas were changed in the new version of the Protection Profile:
This U.S. Government Approved Protection Profile is not assigned to any Validated Products
This U.S. Government Approved Protection Profile does not have any related Technical Decisions
Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).
Please forward any general questions to our Q&A tool.