NIAP: U.S. Government Approved Protection Profile - Extended Package for Redaction Tools
NIAP/CCEVS

Short Name: pp_app_red_ep_v2.0

Technology Type: Redaction Tool

CC Version: 3.1

Date: 11 December 2015

Preceded By: pp_redaction_v1.0

Conformance Claim: None



 

PP OVERVIEW

The scope of this Extended Package (EP) is to describe the security functionality of Redaction tools in terms of [CC]. Redaction is the process of selectively removing and replacing information from a document or other logical container of data for release to an audience not intended to view that information. Redacted information is not limited to classified material; other examples include privacy data, proprietary information, trade secrets, and legal strategy. Instances of redaction include replacing classified text with a black box to release a document to an unclassified environment, replacing privacy-related data such as telephone numbers with all Xs to release a database to a contractor, converting a proprietary format document to Portable Document Format (PDF) to release a what-you-see-is-what-you-get (WYSIWYG) document. The risk from improper or incomplete redaction is the inadvertent disclosure of classified or sensitive data.

Redaction is not sanitization. In the sanitization process, information is removed with no indication that the sanitization process took place. In the redaction process, selected visible information is removed and replaced with something innocuous (e.g. black box or text) so that the reader knows redaction took place. This replacement is a critical part of the process not shared with sanitization.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions

Please forward any questions or comments to pp-comments@niap-ccevs.org

Site Map              Contact Us              Home