NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: pp_ids_sys_v1.4

Technology Type: Wireless Monitoring

CC Version: 2.x

Date: 2002.02.04

Succeeded By: pp_ids_sys_v1.5

Sunset Date: 2008.03.21

Conformance Claim: EAL2

Protection Profile 

Validation Report 

CC Certificate 

PP OVERVIEW

Herewith a brief summary, sufficiently detailed to enable a potential user to determine whether the PP is of interest.

The Common Criteria (CC) Intrusion Detection System (System) Protection Profile specifies a set of security functional and assurance requirements for Information Technology (IT) products. An Intrusion Detection System (IDS) monitors an IT System for activity that may inappropriately affect the IT System's assets. An IT System may range from a computer system to a computer network. An IDS System (System) consists of Sensors, Scanners and Analyzers (i.e., IDS components). Sensors and Scanners collect information regarding IT System activity and vulnerabilities, and they forward the collected information to Analyzers. Analyzers perform intrusion analysis and reporting of the collected information.

IDSSYPP_V1.4-conformant products support the ability that monitor (both real-time and statically) an IT System for activity that may inappropriately affect the IT System's assets and react appropriately. IDSSYPP_V1.4-conformant products also provide the ability to protect themselves and their associated data from unauthorized access or modification and ensure accountability for authorized actions.

The IDSSYPP_V1.4 provides for a level of protection which is appropriate for IT environments that require detection of malicious and inadvertent attempts to gain inappropriate access to IT resources, where the System can be appropriately protected from hostile attacks. Though products that are IDSSYPP_V1.4-conformant can be used to monitor and analyze a system or network in a hostile environment, they are not designed to resist direct, hostile attacks. The IDSSYPP_V1.4 does not fully address the threats posed by malicious administrative or system development personnel. This profile is also not intended to result in products that are foolproof and able to detect intrusion attempts by hostile and well-funded attackers. IDSSYPP_V1.4-conformant products are suitable for use in both commercial and government environments.

The IDSSYPP_V1.4 was constructed to provide a target and metric for the development of systems. This PP identifies security functions and assurances that represent the lowest common set of requirements that should be addressed by a useful IDS System.

The IDSSYPP_V1.4 is generally applicable to products regardless of whether they are embedded, stand-alone, centralized, or distributed. However, it addresses only security requirements and not any special considerations of any particular product design.

SECURITY EVALUATION SUMMARY

Because a PP is written to be implementation-independent, there may be some ambiguities that do not arise until a specific implementation is being evaluated against it. When this happens, a resolution is established through the Observation Decision (OD) process in the form of a Precedent Decision (PD), which is to be used consistently in subsequent evaluations involving the PP in question. The Precedent Decisions specifically associated with this PP are listed below:

• PD-0097 Compliance with IDS System PP Export Requirements
• PD-0107 IDSSPP v1.4: FPT_STM.1 Must Be Met by the TOE
• PD-0116: IDSSPP v1.4: Compliance with the Selective Audit Requirement
• PD-0118: Assumptions in the IDS PP v1.4

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions