NIAP: U.S. Government Approved Protection Profile - PP-Module for File Encryption Enterprise Management Version 1.0

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Approved PPs  »»  Details  
U.S. Government Approved Protection Profile - PP-Module for File Encryption Enterprise Management Version 1.0

Short Name: mod_feem_v1.0

Technology Type: Encrypted Storage

CC Version: 3.1

Date: 2019.07.30

Conformance Claim: None

Protection Profile

Protection Profile [PDF]

Supporting Docs [PDF]

Supporting Docs

PP-Configuration for APP-FE-FEEM_v1.0 [PDF]

Control Mapping [PDF]



The scope of the File Encryption Enterprise Management PP-Module is to describe the security functionality of a file encryption enterprise management product in terms of [CC] and to define functional and assurance requirements for such products.

The use case for a product conforming to the File Encryption PP-Module is to protect data at rest on a device that is lost or stolen while powered off without any prior access by an adversary. The use case where an adversary obtains a device that is in a powered state and is able to make modifications to the environment or the TOE itself (e.g., evil maid attacks) is not addressed by that module. The module does contain protections to mitigate the potential for attack with a powered on device, but they are not sufficient to protect data from a skilled adversary with physical access.

While that use case is still true for the Enterprise Management PP-Module, this PP-module also expands the use case to include protecting the communications between the Enterprise Management Server and the client device through the use of a trusted channel. It also expands the use case to include the optional abilities of the EM to interact with clients (with proper authorization), to direct it to perform sanitation of keys and material on the device, to manage and store parts of the key chain required for decryption on the client, or to issue a recovery credential to reset the authentication factor if it has been lost.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

Active Related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home