Archived U.S. Government Approved Protection Profile - Protection Profile for Redaction Version 1.0
Short Name: pp_redaction_v1.0
Technology Type: Redaction Tool
CC Version: 3.1
Sunset Date: 2016.03.14
Conformance Claim: NoneProtection Profile
This document specifies Security Functional Requirements for Redaction Tools. This PP is limited to the redaction of electronic documents defined in standards such as the series International Organization for Standards (ISO)/International Electrotechnical Commission (IEC)-29500 (Office OpeneXtensible Markup Language (XML), e.g. Microsoft Word, PowerPoint, and Excel documents) and ISO/IEC-32000 (PDF), or the definitive standard for a format. This PP applies to an interactive tool requiring the user to selectively review and redact information one document at a time. Mail guards, filters, and batch redaction tools are beyond the scope of this PP.
Requirements that apply to features such as administrative control over particular redaction settings, multi-person review prior to release, etc., are outside the scope of this PP. The TOE may have those features but is not required to have them and their use and enforcement is governed by the organization’s redaction policy.
This PP covers the software functionality of the redaction process; it does not include requirements for how users should decide what to redact or other policy issues. Analysis of documents for covert data transfer is part of the decision-making process for what to redact and so occurs prior to the redaction itself. The requirements in this document are independent of requirements levied on document release by statute or the judiciary.
Data execution risks inherent in some file formats are beyond the scope of this PP. This PP assumes that scanning for such risks occurs prior to the document entering the redaction functionality of the TOE.
Documents to be redacted may contain objects that are vulnerable to steganography, such as images or video. Functional data such as scripts can contain strings or images that may not be accessible to the redaction tool. Analysis of such objects for attacks or covert data transfer will occur outside of the redaction process. An organization’s security policy will determine whether such objects are released or redacted in their entirety.
This U.S. Government Approved Protection Profile is not assigned to any Validated Products
This U.S. Government Approved Protection Profile does not have any related Technical Decisions
Please forward any general questions to our Q&A tool.