NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: pp_esm_pm_v2.1

Technology Type: Enterprise Security Management

CC Version: 3.1

Date: 2013.11.21

Preceded By: pp_esm_pm_v1.4

Conformance Claim: None

Protection Profile 

Control Mapping 

PP OVERVIEW

This protection profile focuses on access control policy definition and management. ESM Policy Management products (PMs) will allow ESM Policy Administrators to configure and manage Access Control products in order to determine how objects should be protected throughout the enterprise. The output of this administrative action will be the production and distribution of policies to Access Control products. PMs should also be able to control the basic behavior of these products such as what access-control events they audit, where they store audited event data, and how they should operate in the event of a loss of communications with the PM.

TOEs compliant with this PP are expected to exhibit the following behavior:

• Establish a trusted channel between itself and other Enterprise Security Management products
• Provide evidence of its identity to other Enterprise Security Management products
• Use organizational subject and attribute data to validate the identities and determine the authorities of Policy Administrators
• Provide a trusted remote or local interface for Policy Administrators to create and distribute policies
• Deconflict a policy that may contain contradictory data such as rules that both authorize and deny the same activity
• Provide the ability to configure the policy enforcement behavior of Access Control products
• Generate an audit trail of administrative behavior

Assigned to the following Validated Products

• VID11158 – VMware Carbon Black App Control v8.8.2
• VID11335 – Illumio Core v22.2.30

Active Related Technical Decisions

• 0621 – Corrections to FCS_TLS_EXT.1 in ESM PPs
  • References:  FCS_TLS_EXT.1
• 0576 – FTP_ITC and FTP_TRP Updated
  • References:  FTP_ITC.1, FTP_TRP.1
• 0574 – Update to FCS_SSH in ESM PPs
  • References:  FCS_SSH_EXT.1
• 0573 – Update to FCS_COP and FCS_CKM in ESM PPs
  • References:  FCS_CKM.1, FCS_COP.1
• 0079 – RBG Cryptographic Transitions per NIST SP 800-131A Revision 1
  • References:  PP_APP_v1.1
• 0066 – Clarification of FAU_STG_EXT.1 Requirement in ESM PPs
• 0055 – Move FTA_TAB.1 to Selection-Based Requirement
• 0042 – Removal of Low-level Crypto Failure Audit from PPs

Archived Related Technical Decisions

• 0575 – Update to FCS_TLS in ESM PPs
• 0541 – Update to cryptographic protocol SFRs in ESM PPs
• 0320 – TLS ciphers in ESM PPs
• 0245 – Updates to FTP_ITC and FTP_TRP for ESM PPs
• 0071 – Use of SHA-512 in ESM PPs