NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: pp_ndcpp_vpn_gw_ep_v2.0

Technology Type: Virtual Private Network

CC Version: 3.1

Date: 2015.12.01

Preceded By: pp_nd_vpn_gw_ep_v1.1

Succeeded By: ep_vpn_gw_v2.1

Sunset Date: 2017.03.08

Conformance Claim: None

Protection Profile 

PP OVERVIEW

This EP specifically addresses network gateway devices that terminate IPsec VPN tunnels. A compliant VPN Gateway is a device composed of hardware and software that is connected to two or more distinct networks and has an infrastructure role in the overall enterprise network. In particular, a VPN Gateway establishes a secure tunnel that provides an authenticated and encrypted path to another site(s) and thereby decreases the risk of exposure of information transiting an untrusted network.

The baseline requirements of this EP are those determined necessary for a multi-site VPN Gateway device. However, a compliant TOE may contain the ability to act as a headend for remote clients. Because this capability is optional, the remote client based requirements have been included within Appendix D.

Since this EP builds on the NDcPP, conformant TOEs are obligated to implement the functionality required in the NDcPP along with the additional functionality defined in this EP in response to the threat environment discussed subsequently herein.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

Archived Related Technical Decision

• 0107 – FCS_CKM - ANSI X9.31-1998, Section 4.1.for Cryptographic Key Generation