NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Archived PPs  »»  Details  
Archived U.S. Government Approved Protection Profile - Protection Profile for Single-level Operating Systems in Environments Requiring Medium Robustness, Version 1.22

Short Name: pp_os_sl_mr_v1.22

Technology Type: Operating System

CC Version: 2.x

Date: 2001.05.23

Sunset Date: 2007.09.16 [Sunset Icon]

Conformance Claim: EAL4 Augmented

Protection Profile [PDF]

Validation Report [PDF]



Herewith a brief summary, sufficiently detailed to enable a potential user to detemine whether the PP is of interest.

The Protection Profile for Single-level Operating Systems in Environments Requiring Medium Robustness. specifies security requirements for commercial-off-the-shelf (COTS) general- purpose operating systems in networked environments containing sensitive information. This profile makes use of Department of Defense (DoD) Information Assurance (IA) guidance and policy as a basis to establish the requirements necessary to achieve the security objectives of the Target of Evaluation (TOE) and its environment.

Operating systems evaluated against this PP can operate in single-level or system high environments.

Conformant products support Identification and Authentication, Discretionary Access Control (DAC), an audit capability, and cryptographic services. These systems provide adequate security services, mechanisms, and assurances to process sensitive information in medium robustness environments, as specified in the Guidance and Policy for Department of Defense Information Assurance. (GiG). They can process mission supportive and mission administrative information. Mission critical information may be processed only if the environment provides the mechanisms to ensure availability of the data residing in the TOE (e.g., mirrored/duplicated data).

PP conformant systems may be suitable for use in non-DoD environments. The mechanisms specified by this PP may be appropriate for the protection of administrative, private, and sensitive information. When a company.s most sensitive information is to be sent over a publicly accessed network, the company should apply additional protection at the network boundaries.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home