Archived U.S. Government Approved Protection Profile - U.S. Government Virtual Private Network Boundary Gateway for Medium Robustness Environments, Version 1.01
Short Name: pp_vpn_mr_v1.01 Technology Type: Virtual Private Network CC Version: 2.x Date: 2008.12.01 Preceded By: pp_vpn_mr_v1.0 Succeeded By: pp_vpn_mr_v1.1
Sunset Date:
2008.12.01
Conformance Claim: Medium Robustness Protection Profile![]() Validation Report ![]() Addendum ![]()
PP OVERVIEWThe US Government Virtual Private Network (VPN) Boundary Gateway Protection Profile (PP) for Medium Robustness Environments was generated under the Enclave Boundary Security Technologies and Solutions (EBST&S) Support Program, sponsored by the National Security Agency (NSA). This PP is intended to be used as follows:
This PP specifies the minimum-security requirements for VPN devices (hereafter referred to as the Target of Evaluation (TOE)) used by the Department of Defense (DoD) in Medium Robustness Environments. The target robustness level of "medium" is specified in discussed in section 3.0 of this PP. The TOE may consist of one or more devices that act as part of an organization's overall security defense by encrypting traffic flowing between enclaves that are geographically separated. If the security policy specifies encryption, the TOE automatically encrypts all outgoing traffic from the enclave when it is destined for another enclave having the same security policy. If the security policy does not specify encryption, all outgoing traffic will be sent unencrypted. The TOE decrypts incoming traffic to the enclave when that traffic has been encrypted at the originating enclave. The TOE supports identification and authentication for the administrative roles (I&A). The TOE shall generate audit data of security relevant events and will meet the assurance requirements of Evaluation Assurance Level (EAL) 4 augmented as described in section 5.3 of this PP. This PP defines:
SECURITY EVALUATION SUMMARYThe evaluation was performed under the Common Criteria Evaluation and Validation Scheme (CCEVS). The purpose of the evaluation was to demonstrate that the US Government Virtual Private Network (VPN) Boundary Gateway Protection Profile (PP) for Medium Robustness Environments meets the APE security assurance requirements according to the Common Criteria for Information Technology Security Evaluation, Version 2.1 and Part 2 of the Common Methodology for Information Technology Security Evaluation, Version 1.0. Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by COACT, Inc. CAFÉ Lab. The evaluation was completed on April 26, 2006. The results of the US Government Virtual Private Network (VPN) Boundary Gateway Protection Profile (PP) for Medium Robustness evaluation can be found in US Government Virtual Private Network (VPN) Boundary Gateway Protection Profile (PP) for Medium Robustness Validation Report prepared by the CCEVS Validation Team. The evaluation was completed in April 2006. Results of the evaluation can be found in the Validation Report prepared by the National Information Assurance Partnership (NIAP) CCEVS-VR-06-0015. ENVIRONMENTAL STRENGTHSThe evaluation of the US Government Virtual Private Network (VPN) Boundary Gateway Protection Profile (PP) for Medium Robustness Environments, Version 1.0 provides specification for environments in which TOEs with various levels of robustness are appropriate to meet Medium Robustness level of independently assured security requirements. The assurance requirements were chosen to be consistent with this goal. ASSURANCE MAINTENANCEChanges were made to the validated U.S. Government Virtual Private Network (VPN) Boundary Gateway Protection Profile for Medium Robustness Environments version 1.0. These changes generated the U.S. Government Virtual Private Network (VPN) Boundary Gateway Protection Profile for Medium Robustness Environments Version 1.01. The changes reflected updates to cryptographic portion of the protection profile that were necessary based on comments from the CCTL and by the government cryptographic organization. These changes were reviewed by the Common Criteria Evaluation and Validation Scheme (CCEVS) Senior Technical Advisor and found to be correct, sound, and appropriate as updates to the previously evaluated Common Criteria version. This U.S. Government Approved Protection Profile is not assigned to any Validated ProductsThis U.S. Government Approved Protection Profile does not have any related Technical DecisionsPlease forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT). Please forward any general questions to our Q&A tool. |