NIAP: Archived U.S. Government Approved Protection Profile - U.S. Government Protection Profile Intrusion Detection System - Analyz...

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Archived PPs  »»  Details  
Archived U.S. Government Approved Protection Profile - U.S. Government Protection Profile Intrusion Detection System - Analyzer for Medium Robustness Environments, Version 1.1

Short Name: pp_ids_ana_mr_v1.1

Technology Type: Wireless Monitoring

CC Version: 3.1

Date: 2007.06.18

Sunset Date: 2009.10.01 [Sunset Icon]

Conformance Claim: Medium Robustness

Protection Profile [PDF]

Validation Report [PDF]

Addendum [PDF]



The US Government Protection Profile Intrusion Detection System - Analyzer for Medium Robustness Environments (IDS Analyzer PP) specifies a set of security functional and assurance requirements for Intrusion Detection System (IDS) products. An IDS monitors an Information Technology (IT) System for activity that may adversely affect the IT System. An IT System may range from a computer system to a computer network. An IDS consists of a sensing capability, an analysis capability and an optional but recommended scanning capability. Sensing and scanning capabilities collect information regarding IT System activity and vulnerabilities, which is then analyzed. Sensing is meant to be a passive capability and scanning is an active capability.

Analyzing capabilities perform intrusion analysis and further categorization of the data collected. Scanning capabilities are optional for this PP because a base IDS only needs the capability to sense data from the IT environment being monitored and to have the capability to analyze the sensed data. The ST author is responsible for defining what components comprise the system. One or more components can provide the set of capabilities that are described in this document.

IDS Analyzer PP-conformant products support the ability to receive IDS data from the sensing and/or scanning capabilities and then apply analytical processes to derive conclusions about possible intrusions. IDS Analyzer products also provide the ability to protect themselves and their associated data from unauthorized access and modification and ensure accountability for each user's actions. The IDS Analyzer PP provides for a level of protection which is appropriate for IT environments that require detection of malicious and inadvertent attempts to gain unauthorized access to IT resources, and where the IDS can be appropriately protected from hostile attacks.

The IDS Analyzer PP was constructed to provide a target and metric for the development of Analyzers. This PP identifies security functions and assurances that represent the lowest common set of requirements that must be addressed for a useful Analyzer product at a Medium Robustness level.

This PP defines:

  • Assumptions about the security aspects of the environment in which the Target of Evaluation (TOE) will be used;
  • Threats that are to be addressed by the TOE;
  • Organizational policies that must be addressed by the TOE;
  • Security objectives of the TOE and its environment;
  • Functional and assurance requirements to meet the security objectives; and
  • Rationale demonstrating how the requirements meet the security objectives, and how the security objectives address the threats and policies.

It should be noted that just because an Analyzer may be conformant with this PP, that Analyzer should not be assumed to be interoperable with any other IDS component evaluated against a PP in the IDS family of PPs. There are no requirements for interoperability within the PPs.



Changes to PP:

The following areas were changed in the new version of the Protection Profile:

  1. Security Assurance Requirements
  2. Typographical errors
  3. Administrative comments

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home