Validated Protection Profile - U.S. Government Protection Profile Intrusion Detection System - System for Medium Robustness Environments, Version 1.1

Short Name: pp_ids_sys_mr_v1.1

Technology Type: IDS/IPS

CC Version: 3.1

Date: 18 June 2007

Conformance Claim: Medium Robustness

Protection Profile [PDF]
Validation Report [PDF]
CC Certificate [PDF]


Assurance Continuity Maintenance Report [PDF]

Please note: This serves as an addendum to the VR for the Original Evaluated PP

PP OVERVIEW

The US Government Intrusion Detection System (IDS)- System Protection Profile for Medium Robustness Environments (IDS System PP) specifies a set of security functional and assurance requirements for Intrusion Detection System products. An IDS monitors an Information Technology (IT) System for activity that may inappropriately affect the IT System . An IT System may range from a computer system to a computer network. An IDS consists of a sensing capability, an analysis capability and an optional but recommended scanning capability. Sensing and scanning capabilities collect information regarding IT System activity and vulnerabilities, which is then analyzed. Sensing is meant to be a passive capability and scanning is an active capability.

Analyzing capabilities perform intrusion analysis and further categorization of the collected information. Scanning capabilities are optional for this PP because a base IDS only needs the capability to sense data from the IT environment being monitored and to have the capability to analyze the sensed data. The ST author is responsible for defining what components comprise the system. One or more components can provide the set of capabilities that are described in this document.

IDS System PP-conformant products support the ability to monitor, analyze, and manage a set of IT system resources in order to identify events that may be indicative of potential vulnerabilities in or misuse of those IT resources. IDS System PP-conformant products also provide the ability to protect themselves and their associated data from unauthorized access and modification and ensure accountability for each user's actions.

The IDS System PP was constructed to provide a target and metric for the development of IDS Systems. This protection profile identifies security functions and assurances that represent the lowest common set of requirements that must be addressed at a Medium Robustness level by a useful IDS System.

This PP defines:

  • Assumptions about the security aspects of the environment in which the Target of Evaluation (TOE) will be used;
  • Threats that are to be addressed by the TOE;
  • Organizational policies that must be addressed by the TOE;
  • Security objectives of the TOE and its environment;
  • Functional and assurance requirements to meet the security objectives; and
  • Rationale demonstrating how the requirements meet the security objectives, and how the security objectives address the threats and policies.

The IDS System PP is applicable to products regardless of whether they are self-contained, or distributed. In addition, it addresses only security requirements and not any special considerations of any particular product design.

ASSURANCE MAINTENANCE

Changes to PP:

The following areas were changed in the new version of the Protection Profile:

  1. Security Assurance Requirements
  2. Typographical errors
  3. Administrative comments

This Validated Protection Profile is not assigned to any Validated Products

Please forward any questions or comments to pp-comments@niap-ccevs.org