NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Archived PPs  »»  Details  
Archived U.S. Government Approved Protection Profile - U.S. Government Biometric Verification Mode Protection Profile for Basic Robustness Environments, Version 1.1

Short Name: pp_bvm_br_v1.1

Technology Type: Biometrics

CC Version: 3.1

Date: 2007.07.25

Preceded By: pp_bvm_br_v1.0

Sunset Date: 2010.07.09 [Sunset Icon]

Conformance Claim: Basic Robustness

Protection Profile [PDF]

Validation Report [PDF]

CC Certificate [PDF]

Addendum [PDF]



The U.S. Government Biometric Verification Mode Protection Profile for Basic Robustness Environments specifies the minimum functional and assurance security requirements for biometric products operating in verification mode to provide authentication allowing physical and logical access control to facilities as well as to information systems in basic robustness environments. Biometric systems are enabling technologies designed to augment existing security measures by positively authenticating individuals based on measurable physical features or behaviors. Due to the unique nature of a biometrics TOE and the desire of the PP authors to attempt to accommodate the wide range of biometric technologies, explicit requirements were necessary, as was a great deal of refinement of the CC requirements.
The requirements section of this PP specifies a need to protect biometric templates, to provide confidentially, and integrity during transmission. Since the biometric package (which includes the user identifier and their associated reference template(s)) may be stored in a device outside the control of the TOE, the biometrics the biometric package is may be encrypted prior to transmission outside the TOE so that modification of the package can be detected.  Since this PP operates in a basic robustness environment, the vendor will select the best method to protect this data. .
A TOE conformant to this PP satisfies the specified functional requirements, as well as the Basic Robustness assurance requirements that are expressed in Section 5.3 TOE Security Assurance Requirements. The assurance requirements were originally based upon Evaluated Assurance Level (EAL) 2. In order to gain the necessary level of assurance for basic robustness environments, the addition of FLC_FLR.2 (Flaw Reporting Procedures) and AVA_MSU.1 (Examination of Guidance.) This PP defines:

  • assumptions about the security aspects of the environment in which the TOE will be used;
  • threats that are to be addressed by the TOE;
  • security objectives of the TOE and its environment;
  • functional and assurance requirements to meet those security objectives; and
  • rationale demonstrating how the requirements meet the security objectives, and how the security objectives address the threats.


The evaluation of the U. S. Government Biometric Verification Mode Protection Profile for Basic Robustness Environments, Version 1.0 provides specification for environments in which TOEs with various levels of robustness are appropriate to meet Basic Robustness level of independently assured security requirements. The assurance requirements were chosen to be consistent with this goal.


July 25, 2007
Assurance maintenance has been performed on this protection profile to update it to the common criteria version 3.1. This update caused a change in version number (from 1.0 to 1.1) that indicates an update has occurred. The updates included revisions based on the assurance requirements of the CC 3.1, removal of FPT_SEP and FPT_RVM since it is now covered by ADV_ARC and replacement of Explicitly stated requirements with Extended requirements (only the nomenclature changed and not the requirements.)

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home