NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Approved PPs  »»  Details  
U.S. Government Approved Protection Profile - Protection Profile for Enterprise Security Management - Policy Management Version 2.1

Short Name: pp_esm_pm_v2.1

Technology Type: Enterprise Security Management

CC Version: 3.1

Date: 2013.11.21

Preceded By: pp_esm_pm_v1.4

Conformance Claim: None

Protection Profile [PDF]

Control Mapping [PDF]



This protection profile focuses on access control policy definition and management. ESM Policy Management products (PMs) will allow ESM Policy Administrators to configure and manage Access Control products in order to determine how objects should be protected throughout the enterprise. The output of this administrative action will be the production and distribution of policies to Access Control products. PMs should also be able to control the basic behavior of these products such as what access-control events they audit, where they store audited event data, and how they should operate in the event of a loss of communications with the PM.

TOEs compliant with this PP are expected to exhibit the following behavior:

  • Establish a trusted channel between itself and other Enterprise Security Management products
  • Provide evidence of its identity to other Enterprise Security Management products
  • Use organizational subject and attribute data to validate the identities and determine the authorities of Policy Administrators
  • Provide a trusted remote or local interface for Policy Administrators to create and distribute policies
  • Deconflict a policy that may contain contradictory data such as rules that both authorize and deny the same activity
  • Provide the ability to configure the policy enforcement behavior of Access Control products
  • Generate an audit trail of administrative behavior

Assigned to the following Validated Products

Active Related Technical Decisions

Archived Related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home