NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: pp_fw_al_br_v1.1

Technology Type: Firewall

CC Version: 3.1

Date: 2007.07.25

Preceded By: pp_fw_al_br_v1.0

Sunset Date: 2011.06.01

Conformance Claim: EAL2 Augmented

Protection Profile 

Addendum 

PP OVERVIEW

Herewith a brief summary, sufficiently detailed to enable a potential user to determine whether the PP is of interest.

This Application Level Firewall Protection Profile defines the minimum-security requirements for firewalls used by U. S. Government organizations handling unclassified information in a low-risk environment. Firewalls may consist of one or more devices that act as part of an organization's overall security defense by isolating an organization's internal network from the Internet or other external networks. The Protection Profile defines the assumptions about the security aspects of the environment in which the firewall will be used, defines the threats that are to be addressed by the firewall, defines implementation-independent security objectives of the firewall and its environment, defines the functional and assurance requirements to meet those objectives, and provides a rationale demonstrating how the requirements meet the security objectives.

SECURITY EVALUATION SUMMARY

Because a PP is written to be implementation-independent, there may be some ambiguities that do not arise until a specific implementation is being evaluated against it. When this happens, a resolution is established through the Observation Decision (OD) process in the form of a Precedent Decision (PD), which is to be used consistently in subsequent evaluations involving the PP in question. The Precedent Decisions specifically associated with this PP are listed below:

• PD-0001 Meaning of Resources in FDP_RIP.2
• PD-0018 Usage of the Term "Loopback Network" in the Application Level Firewall PP

ASSURANCE MAINTENANCE

July 25, 2007
- Assurance maintenance has been performed on this protection profile to update it to the common criteria version 3.1. This update caused a change in version number (from 1.0 to 1.1) that indicates an update has occurred. The updates included revisions based on the assurance requirements of the CC 3.1, removal of FPT_SEP and FPT_RVM since it is now covered by ADV_ARC and replacement of Explicitly stated requirements with Extended requirements (only the nomenclature changed and not the requirements.) Cryptographic functional requirements were also revised to reflect the latest updated standards.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions