NIAP: Archived U.S. Government Approved Protection Profile - Protection Profile for Network Devices Version 1.1

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Archived PPs  »»  Details  
Archived U.S. Government Approved Protection Profile - Protection Profile for Network Devices Version 1.1

Short Name: pp_nd_v1.1

Technology Type: Network Device

CC Version: 3.1

Date: 2012.06.08

Preceded By: pp_nd_v1.0

Succeeded By: cpp_nd_v1.0

Sunset Date: 2015.08.27 [Sunset Icon]

Conformance Claim: None

Protection Profile [PDF]

Addendum [PDF]

Addendum [PDF]

Addendum [PDF]

Control Mapping [PDF]

Errata [PDF]



This Protection Profile (PP), describing security requirements for a Network Device (defined to be an infrastructure device that can be connected to a network), is intended to provide a minimal, baseline set of requirements that are targeted at mitigating well defined and described threats. It represents an evolution of "traditional" Protection Profiles and the associated evaluation of the requirements contained within the document. This introduction will describe the features of a compliant TOE, and will also discuss the evolutionary aspects of the PP as a guide to readers of the document.

This is a Protection Profile (PP) for a network device. A network device in the context of this PP is a device composed of hardware and software that is connected to the network and has an infrastructure role in the overall enterprise. Examples of a "network device" that should claim compliance to this PP include routers, firewalls, IDSs, audit servers, and switches that have Layer 3 functionality. Examples of devices that connect to a network but are not suitable for evaluation against this PP include mobile devices ("smart phones"), end-user workstations, SQL servers, web servers, application servers, and database servers.

Compliant TOEs will provide security functionality that addresses threats to the TOE and implements policies that are imposed by law or regulation. Compliant TOEs must protect communications to and between elements of a distributed TOE (e.g., between a network IDS sensor and the centralized IDS manager) or instantiations of the TOE in a single enterprise (e.g., between routers). The TOE must offer identification and authentication services that support the composition of moderate complex passwords or passphrases, and make these services available locally (that is, a local logon) as well as remotely (remote login). The TOE must also offer auditing of a set of events that are associated with security-relevant activity on the TOE, although these events will be stored on a device that is distinct from the TOE. The TOE must offer some protection for common network denial of service attacks and must also provide the ability to verify the source of updates to the TOE.

While the protocols required by this PP make use of certificates, this version of the PP does not levy requirements on the certificate infrastructure (for example, using OCSP to verify a certificate's validity). Such requirements will be included in future versions of this document.

It is intended that the set of requirements in this PP is limited in scope in order to promote quicker, less costly evaluations that provide some value to end users. STs that include a large amount of additional functionality (and requirements) are discouraged. Future modules will be used to specify sets of additional functionality (e.g., Firewalls, VPNs), which can then be used by ST writers looking to specify additional functionality.

Version 1.1 was updated with comments from community review and application of product evaluations.

Assigned to the following Validated Products

Archived Related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home