NIAP: U.S. Government Approved Protection Profile - collaborative Protection Profile for Network Devices Version 2.0 + Errata 20180314
NIAP/CCEVS

Short Name: cpp_nd_v2.0e

Technology Type: Network Device

CC Version: 3.1

Date: 14 March 2018

Transition End Date: 14 March 2018

Preceded By: cpp_nd_v2.0

To Be Succeeded By: cpp_nd_v2.1

Sunset Date: 10 September 2019 [Sunset Icon]

Conformance Claim: None

 

PP OVERVIEW

This is a Collaborative Protection Profile (cPP) whose Target of Evaluation (TOE) is a network device. It provides a minimal set of security requirements expected by all network devices that
target the mitigation of a set of defined threats. This baseline set of requirements will be built upon by future cPPs to provide an overall set of security solutions for networks up to carrier
and enterprise scale. A network device in the context of this cPP is a device composed of both hardware and software that is connected to the network and has an infrastructure role within
the network. The TOE may be standalone or distributed, where a distributed TOE is one that requires multiple distinct components to operate as a logical whole in order to fulfil the
requirements of this cPP. 

Assigned to the following Validated Products

Related Technical Decisions

  • 0412 – NIT Technical Decision for FCS_SSHS_EXT.1.5 SFR and AA discrepancy
  • 0411 – NIT Technical Decision for FCS_SSHC_EXT.1.5, Test 1 - Server and client side seem to be confused
  • 0410 – NIT technical decision for Redundant assurance activities associated with FAU_GEN.1
  • 0409 – NIT decision for Applicability of FIA_AFL.1 to key-based SSH authentication
  • 0408 – NIT Technical Decision for local vs. remote administrator accounts
  • 0407 – NIT Technical Decision for handling Certification of Cloud Deployments
  • 0402 – NIT Technical Decision for RSA-based FCS_CKM.2 Selection
  • 0401 – NIT Technical Decision for Reliance on external servers to meet SFRs
  • 0400 – NIT Technical Decision for FCS_CKM.2 and elliptic curve-based key establishment
  • 0399 – NIT Technical Decision for Manual installation of CRL (FIA_X509_EXT.2)
  • 0398 – NIT Technical Decision for FCS_SSH*EXT.1.1 RFCs for AES-CTR
  • 0397 – NIT Technical Decision for Fixing AES-CTR Mode Tests
  • 0396 – NIT Technical Decision for FCS_TLSC_EXT.1.1, Test 2
  • 0395 – NIT Technical Decision for Different Handling of TLS1.1 and TLS1.2
  • 0394 – NIT Technical Decision for Audit of Management Activities related to Cryptographic Keys
  • 0343 – NIT Technical Decision for Updating FCS_IPSEC_EXT.1.14 Tests
  • 0342 – NIT Technical Decision for TLS and DTLS Server Tests
  • 0341 – NIT Technical Decision for TLS wildcard checking
  • 0340 – NIT Technical Decision for Handling of the basicConstraints extension in CA and leaf certificates
  • 0339 – NIT Technical Decision for Making password-based authentication optional in FCS_SSHS_EXT.1.2
  • 0338 – NIT Technical Decision for Access Banner Verification
  • 0337 – NIT Technical Decision for Selections in FCS_SSH*_EXT.1.6
  • 0336 – NIT Technical Decision for Audit requirements for FCS_SSH*_EXT.1.8
  • 0335 – NIT Technical Decision for FCS_DTLS Mandatory Cipher Suites
  • 0334 – NIT Technical Decision for Testing SSH when password-based authentication is not supported
  • 0333 – NIT Technical Decision for Applicability of FIA_X509_EXT.3
  • 0324 – NIT Technical Decision for Correction of section numbers in SD Table 1
  • 0323 – NIT Technical Decision for DTLS server testing - Empty Certificate Authorities list
  • 0322 – NIT Technical Decision for TLS server testing - Empty Certificate Authorities list
  • 0321 – Protection of NTP communications
  • 0291 – NIT technical decision for DH14 and FCS_CKM.1
  • 0290 – NIT technical decision for physical interruption of trusted path/channel.
  • 0289 – NIT technical decision for FCS_TLSC_EXT.x.1 Test 5e
  • 0281 – NIT Technical Decision for Testing both thresholds for SSH rekey
  • 0262 – NIT Technical Decision for TLS server testing - Empty Certificate Authorities list
  • 0260 – NIT Technical Decision for Typo in FCS_SSHS_EXT.1.4
  • 0259 – NIT Technical Decision for Support for X509 ssh rsa authentication IAW RFC 6187
  • 0257 – NIT Technical Decision for Updating FCS_DTLSC_EXT.x.2/FCS_TLSC_EXT.x.2 Tests 1-4
  • 0256 – NIT Technical Decision for Handling of TLS connections with and without mutual authentication
  • 0228 – NIT Technical Decision for CA certificates - basicConstraints validation

Please forward any questions or comments to pp-comments@niap-ccevs.org

Site Map              Contact Us              Home