U.S. Government Approved Protection Profile - PP-Module for Host Agent Version 1.0
Short Name: mod_ha_v1.0
Technology Type: Enterprise Security Management
CC Version: 3.1
Preceded By: not applicable
Conformance Claim: NoneProtection Profile
PP-Configuration for APP-EDR-HA_v1.0.pdf
The boundary for the Host Agent includes all processes, all modules, and libraries bundled with the Host Agent. The Host Agent can run as a daemon or service on the platform but is not required to. The Host Agent is not expected to have a local or remote Graphical User Interface (GUI) for administration but having such an interface is not precluded by this PP-Module. It is expected that Host Agents will be managed by their associated ESM server or the underlying platform. The TOE boundary includes the communications channel with other Host Agents, an ESM server, or a cloud service. The platform operating system or execution environment upon which the Host Agent is executing is outside the scope of a Host Agent evaluation.
The requirements for the EDR are not covered in this PP-Module, however it is expected that an ESM system will evaluate against a PP-Configuration that includes both the EDR PP-Module and the Host Agent PP-Module. The EDR PP-Module covers the security functionality needed on the server or cloud service, and the paired Host Agent PP-Module covers the security functionality needed on the endpoint device (desktop, mobile device, etc.). At this time only the EDR PP-Module is published and ready for use with this Host Agent PP-Module. Future versions of this PP-Module will include requirements for other classes of ESM software.
This U.S. Government Approved Protection Profile is not assigned to any Validated Products
Active Related Technical Decisions
Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).
Please forward any general questions to our Q&A tool.