Archived U.S. Government Approved Protection Profile - PP-Module for SSL/TLS Inspection Proxy Version 1.0
Short Name: mod_stip_v1.0
Technology Type: Traffic Monitoring
CC Version: 3.1
Succeeded By: mod_stip_v1.1
Sunset Date: 2023.05.17
Conformance Claim: NoneProtection Profile
PP Configuration for ND-STIP_V1.0
This PP-Module is intended to specify the functionality of a network device that includes limited Certification Authority (CA) functionality to issue certificates for the purpose of providing network security services on the underlying plaintext. The device accomplishes this by terminating an intended TLS session between a monitored client and specified external servers. The device instead establishes a TLS session thread consisting of a TLS session between the device and the external server and a second TLS session between the device, acting as the external server, and the client. By replacing the end-to-end TLS session with two TLS sessions terminated at the TOE, the device is able to provide additional security services based on the decrypted plaintext.
This U.S. Government Approved Protection Profile is not assigned to any Validated Products
Archived Related Technical Decisions
Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).
Please forward any general questions to our Q&A tool.