NIAP
NIAP/CCEVS

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Approved PPs  »»  Details  
U.S. Government Approved Protection Profile - PP-Module for Endpoint Detection and Response Version 1.0

Short Name: mod_edr_v1.0

Technology Type: Enterprise Security Management

CC Version: 3.1

Date: 2020.10.23

Preceded By: not applicable

Conformance Claim: None

Protection Profile

Protection Profile [PDF]

Supporting Docs

Supporting Docs [PDF]

PP-Configuration for APP-EDR-HA_v1.0.pdf  [PDF]


 

PP OVERVIEW

An EDR is enterprise management software that collects endpoint host data to detect potentially unauthorized activity on endpoints and to enable threat hunting and other incident response actions to remediate malicious behaviors. These requirements cover basic security characteristics and behaviors for EDR products; the platform on which the EDR runs may be a physical or virtual Operating System (OS), and on-premises or in a cloud environment.

EDR products rely on additional software running on the endpoint, called the Host Agent, to communicate commands or policy changes and to receive endpoint host data. Security requirements for the Host Agent are addressed in the separate Host Agent (HA) PP-Module. Evaluation of an EDR system will require evaluations of different system components consisting of EDR and Host Agent. Each evaluation must satisfy the requirements in both the EDR and HA in addition to its Base-PP Application Software. Evaluation of an EDR system will require evaluation of different system components consisting of one EDR and at least one Host Agent. Therefore, the evaluation must claim conformance to a PP-Configuration that includes the PP-Module for Endpoint Detection and Response (EDR) and the PP-Module for Host Agent (HA).

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

 
Site Map              Contact Us              Home