NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: pp_esm_pm_v1.4

Technology Type: Enterprise Security Management

CC Version: 3.1

Date: 2012.05.23

Succeeded By: pp_esm_pm_v2.1

Sunset Date: 2013.11.21

Conformance Claim: None

Protection Profile 

PP OVERVIEW

This protection profile focuses on access control policy definition and management. ESM Policy Management products (PMs) will allow ESM Policy Administrators to configure and manage Access Control products in order to determine how objects should be protected throughout the enterprise. The output of this administrative action will be the production and distribution of policies to Access Control products. PMs should also be able to control the basic behavior of these products such as what events they audit, where they store audited event data, and how they should operate in the event of a loss of communications with the PM.

A TOE that is compliant with the ESM PM PP is expected to exhibit the following behavior:

• Establish a trusted channel between itself and other Enterprise Security Management products
• Provide evidence of its identity to other Enterprise Security Management products
• Utilize organizational subject and attribute data to validate the identities and determine the authorities of Policy Administrators
• Provide a trusted remote or local interface for Policy Administrators to create and distribute policies
• Deconflict a policy that may contain contradictory data such as rules that both authorize and deny the same activity
• Provide the ability to configure the policy enforcement behavior of Access Control products
• Generate an audit trail of administrative behavior

Optionally, the TOE may provide the ability to define subject or object attributes that are subsequently used in the enforcement of policies. For example, if the TOE manages a Host-Based Access Control product that utilizes a Mandatory Access Control model, it is necessary for sensitivity labels to be authoritatively defined and associated with objects and for clearances to be associated with subjects. This capability may be implemented by the TSF. If subject or object attribute management is necessary for access control enforcement and this is not enforced by the TSF, the Security Target (ST) author must indicate how these attributes are defined and maintained. For example, object attributes may be maintained by an operating system in the Operational Environment.

Note that this is one of many Protection Profiles in the ESM PP family. This PP is meant to be used for one component in an ESM system and not to work in isolation. At minimum, at least one compatible Access Control product must be identified. Compatibility is defined by the ability of that product to consume policies that are produced by the TOE. Depending on how access control is implemented in the organization, ESM PP solutions for identity management, authentication, and auditing may need to be implemented as well. If any of these components are expected to be deployed against an organizational baseline, a secure configuration management solution may also need to be deployed. A customer could seriously compromise the overall security of the enterprise architecture if they are to deploy a solution without using all applicable ESM PP evaluated products.

Assigned to the following Validated Product

• VID10530 – CA Layer 7 SecureSpan SOA Gateway v8.0

This U.S. Government Approved Protection Profile does not have any related Technical Decisions