NIAP: U.S. Government Approved Protection Profile - Protection Profile for Enterprise Security Management - Policy Management Versi...

Short Name: pp_esm_pm_v2.1

Technology Type: Enterprise Security Management

CC Version: 3.1

Date: 21 November 2013

Preceded By: pp_esm_pm_v1.4

Conformance Claim: None



This protection profile focuses on access control policy definition and management. ESM Policy Management products (PMs) will allow ESM Policy Administrators to configure and manage Access Control products in order to determine how objects should be protected throughout the enterprise. The output of this administrative action will be the production and distribution of policies to Access Control products. PMs should also be able to control the basic behavior of these products such as what access-control events they audit, where they store audited event data, and how they should operate in the event of a loss of communications with the PM.

TOEs compliant with this PP are expected to exhibit the following behavior:

  • Establish a trusted channel between itself and other Enterprise Security Management products
  • Provide evidence of its identity to other Enterprise Security Management products
  • Use organizational subject and attribute data to validate the identities and determine the authorities of Policy Administrators
  • Provide a trusted remote or local interface for Policy Administrators to create and distribute policies
  • Deconflict a policy that may contain contradictory data such as rules that both authorize and deny the same activity
  • Provide the ability to configure the policy enforcement behavior of Access Control products
  • Generate an audit trail of administrative behavior

Assigned to the following Validated Products

Related Technical Decisions

  • 0320 – TLS ciphers in ESM PPs
  • 0245 – Updates to FTP_ITC and FTP_TRP for ESM PPs
  • 0079 – RBG Cryptographic Transitions per NIST SP 800-131A Revision 1
  • 0071 – Use of SHA-512 in ESM PPs
  • 0066 – Clarification of FAU_STG_EXT.1 Requirement in ESM PPs
  • 0055 – Move FTA_TAB.1 to Selection-Based Requirement
  • 0042 – Removal of Low-level Crypto Failure Audit from PPs

Please forward any questions or comments to

Site Map              Contact Us              Home