NIAP: Archived U.S. Government Approved Protection Profile - Extended Package for VPN Gateways Version 2.0

Short Name: pp_ndcpp_vpn_gw_ep_v2.0

Technology Type: Virtual Private Network

CC Version: 3.1

Date: 01 December 2015

Preceded By: pp_nd_vpn_gw_ep_v1.1

Succeeded By: ep_vpn_gw_v2.1

Sunset Date: 08 March 2017 [Sunset Icon]

Conformance Claim: None



This EP specifically addresses network gateway devices that terminate IPsec VPN tunnels. A compliant VPN Gateway is a device composed of hardware and software that is connected to two or more distinct networks and has an infrastructure role in the overall enterprise network. In particular, a VPN Gateway establishes a secure tunnel that provides an authenticated and encrypted path to another site(s) and thereby decreases the risk of exposure of information transiting an untrusted network.

The baseline requirements of this EP are those determined necessary for a multi-site VPN Gateway device. However, a compliant TOE may contain the ability to act as a headend for remote clients. Because this capability is optional, the remote client based requirements have been included within Appendix D.

Since this EP builds on the NDcPP, conformant TOEs are obligated to implement the functionality required in the NDcPP along with the additional functionality defined in this EP in response to the threat environment discussed subsequently herein.

Assigned to the following Validated Products

Related Technical Decision

  • 0107 – FCS_CKM - ANSI X9.31-1998, Section 4.1.for Cryptographic Key Generation

Please forward any questions or comments to

Site Map              Contact Us              Home