NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: pp_router_mr_v1.1a

Technology Type: Router

CC Version: 3.1

Date: 2007.07.25

Sunset Date: 2009.10.01

Conformance Claim: Medium Robustness

PP OVERVIEW

NOTE:  Products certified against this PP meet all SFR's and SAR's except for AVA_VAN.4 & AVA_CCA_(EXT).1.  NIAP/CCEVS is no longer accepting products into evaluation with assurance components that require NSA evaluation resources.

The U.S. Government Router PP for Medium Robustness Environments specifies a set of security functional assurance requirements for Information Technology (IT) products. A router monitors, routes and manipulates network traffic to facilitate its delivery for the proper destination on a network or between networks. The Router PP is applicable to products regardless of whether they are externally or internally facing a given network. In addition, it addresses only security requirements and not any special considerations of any particular product design. The Router PP was constructed to provide a target metric for the deployment of router devices. This protection profile identifies security functions and assurances that represent the lowest common set of requirements that must be addressed at Medium Robustness level by a router. The assurance requirements are presented in Section 5.3.

This PP defines:

• Assumptions about the security aspects of the environment in which the Target of Evaluation (TOE) will be used;
• Threats that are to be addressed by the TOE;
• Organizational policies that must be addressed by the TOE;
• Security objectives of the TOE and its environment;
• Functional and assurance requirements to meet the security objectives; and
• Rationale demonstrating how the requirements meet the security objectives, and how the security objectives address the threats and policies.

ENVIRONMENTAL STRENGTHS

The evaluation of the U. S. Government Protection Profile (PP) Router for Medium Robustness Environments, Version 1.1 provides specification for environments in which TOEs with various levels of robustness are appropriate to meet Medium Robustness level of independently assured security requirements. The assurance requirements were chosen to be consistent with this goal.

ASSURANCE MAINTENANCE

July 25, 2007
Assurance maintenance has been performed on this protection profile to update it to the common criteria version 3.1. This update caused a change in version number (from 1.0 to 1.1) that indicates an update has occurred. The updates included revisions based on the assurance requirements of the CC 3.1, removal of FPT_SEP and FPT_RVM since it is now covered by ADV_ARC and replacement of Explicitly stated requirements with Extended requirements (only the nomenclature changed and not the requirements.)  Cryptographic functional requirements were also revised to reflect the latest updated standards.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions