NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: mod_ha_v1.0

Technology Type: Enterprise Security Management

CC Version: 3.1

Date: 2020.10.23

Preceded By: not applicable

Conformance Claim: None

Protection Profile 

Supporting Docs 

Control Mapping 

PP-Configuration for APP-EDR-HA_v1.0.pdf  

PP OVERVIEW

The boundary for the Host Agent includes all processes, all modules, and libraries bundled with the Host Agent. The Host Agent can run as a daemon or service on the platform but is not required to. The Host Agent is not expected to have a local or remote Graphical User Interface (GUI) for administration but having such an interface is not precluded by this PP-Module. It is expected that Host Agents will be managed by their associated ESM server or the underlying platform. The TOE boundary includes the communications channel with other Host Agents, an ESM server, or a cloud service. The platform operating system or execution environment upon which the Host Agent is executing is outside the scope of a Host Agent evaluation.

The requirements for the EDR are not covered in this PP-Module, however it is expected that an ESM system will evaluate against a PP-Configuration that includes both the EDR PP-Module and the Host Agent PP-Module. The EDR PP-Module covers the security functionality needed on the server or cloud service, and the paired Host Agent PP-Module covers the security functionality needed on the endpoint device (desktop, mobile device, etc.).  At this time only the EDR PP-Module is published and ready for use with this Host Agent PP-Module.  Future versions of this PP-Module will include requirements for other classes of ESM software.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

Active Related Technical Decisions

• 0749 – Update to FHA_CHA_EXT.1
  • References:  FHA_CHA_EXT.1
• 0733 – FMT_UNR_EXT.1 test functionality
  • References:  FMT_UNR_EXT.1, MOD_HA_V1.0-SD