NIAP: U.S. Government Approved Protection Profile - Protection Profile for Enterprise Security Management-Access Control Version 2.1

Short Name: pp_esm_ac_v2.1

Technology Type: Enterprise Security Management

CC Version: 3.1

Date: 12 November 2013

Preceded By: pp_esm_ac_v2

Conformance Claim: None



This Protection Profile focuses on access control decision and enforcement. A product/product component that conforms to this Protection Profile consumes a centrally-defined access control policy and enforces it. In doing so, it provides preventative security to the enterprise in a consistent manner. A product that conforms to this Protection Profile is expected to intercept requests against some type of defined resource (such as a file system object on a workstation or a web site on an organizational intranet) and determine if the request should be allowed. In an ESM environment, this capability is called a Policy Decision Point, or PDP. It will then enforce the results of this determination or pass the decision to a trusted entity that does the enforcement itself. In an ESM environment, this second capability is called a Policy Enforcement Point, or PEP. Products that are compliant with the profile defined in this document provide both Policy Decision and Policy Enforcement. Some ESM products only provide policy decision and defer enforcement to the operating environment; in such cases, the only way to evaluate such products against this Profile is to draw the TOE boundary such that the operational environment enforcement component is recategorized as a TOE component.

Assigned to the following Validated Products

Related Technical Decisions

  • 0320 – TLS ciphers in ESM PPs
  • 0245 – Updates to FTP_ITC and FTP_TRP for ESM PPs
  • 0079 – RBG Cryptographic Transitions per NIST SP 800-131A Revision 1
  • 0071 – Use of SHA-512 in ESM PPs
  • 0066 – Clarification of FAU_STG_EXT.1 Requirement in ESM PPs
  • 0042 – Removal of Low-level Crypto Failure Audit from PPs

Please forward any questions or comments to

Site Map              Contact Us              Home