• Home

  • Documents

  • PP-Module for Voice and Video over IP (VVoIP) · 1 day ago · PP-Module for MDM Agents, Version...
26
PP-Module for Voice and Video over IP (VVoIP) Version: 1.0 2015-08-14 National Information Assurance Partnership

PP-Module for Voice and Video over IP (VVoIP) · 1 day ago · PP-Module for MDM Agents, Version 1.0 PP-Module for File Encryption Enterprise Management, Version 1.0 PP-Module for

  • Upload
    others

  • View
    5

  • Download
    0

Embed Size (px)

Citation preview

  • PP-ModuleforVoiceandVideooverIP(VVoIP)

    Version:1.02015-08-14

    NationalInformationAssurancePartnership

  • RevisionHistory

    Version Date Comment

    Round1 2015-04-23 Firstdraftofversion1.0forcomment

    1.0 2015-08-14 Release-firstversionreleased

    Contents

    1 Overview1.1 Terms1.1.1 CommonCriteriaTerms1.1.2 TechnicalTerms

    2 CompliantTargetsofEvaluation2.1 TOEBoundary2.2 TOEPlatform3 UseCases4 Threats5 Assumptions6 SecurityObjectivesfortheTOE7 SecurityObjectivesfortheOperationalEnvironment7.1 SecurityObjectivesRationale8 SecurityRequirements8.1 TOESecurityFunctionalRequirements8.2 TOESecurityFunctionalRequirementsRationale9 ConsistencyRationaleAppendixA- OptionalSFRsA.1 StrictlyOptionalRequirementsA.2 ObjectiveRequirementsA.3 ObjectiveRequirementsAppendixB- Selection-basedSFRsAppendixC- ExtendedComponentDefinitionsC.1 BackgroundandScopeC.2 ExtendedComponentDefinitionsAppendixD- InherentlySatisfiedRequirementsAppendixE- ReferencesAppendixF- BibliographyAppendixG- AcronymsAppendixH- BibliographyAppendixI- Acronyms

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#ppoverviewfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#glossaryfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#cc-termsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#tech-termsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#TOEdescriptionfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#TOEboundaryfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#TOEplatformfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#usecasesfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#threatsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#assumptionsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#SecurityObjectivesTOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#SecurityObjectivesTOEorEnvironmentfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#SORfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#sfrsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#man-sfrsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#obj-req-mapfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#mod-conratfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#opt-sfrsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#strictly-optional-sfrsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#objective-sfrsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#objective-sfrsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#sel-sfrsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#ext-comp-defsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#ext-comp-defs-bgfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#ext-comp-defs-bgfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#satisfiedreqsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#bibliofile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#bibliographyfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#acronymsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#bibliographyfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#acronyms

  • 1OverviewThescopeofthisProtectionProfile(PP)istodescribethesecurityfunctionalityofQQQQproductsintermsof[CC]andtodefinefunctionalandassurancerequirementsforsuchproducts.Anoperatingsystemissoftwarethatmanagescomputerhardwareandsoftwareresources,andprovidescommonservicesforapplicationprograms.Thehardwareitmanagesmaybephysical,virtualorimaginary.SomethingThisisgoingtoshowsometests:

    TermswithabbrslikeASLR,orAPI,shouldbefoundalinkedautomatically.Andcomponentscanbereferedtobytheirname:FQQ_QQQ.1Andsocanrequirements:FQQ_QQQ.1.1orbytheiruniqueidentifier:FQQ_QQQ.1.1OryoucanstopthemASLRThisishowyoudoapicture:

    Figure1:Niap'sLogoAndthisishowyoureferenceit:Figure1Thisishowyoudoanequationwithanarbitrarycounter:

    (1)

    Andthisishowyoureferenceit:1Thefollowingcontentshouldbeincludedif:

    "this"isselectedfromFQQ_QQQ.1.1Sometext

    Thefollowingcontentshouldbeincludedif:theTOEimplements"WidgetThing"

    SometingdependentonafeatureAndhere'stheauditeventtableformandatoryrequirements.Testforanxreftosection

    Andthisisanothersentence(orfragment).Iaddedthissentenceanddeletedthenextone.ThisusesthepluralacronymOSes.

    1.1TermsThefollowingsectionslistCommonCriteriaandtechnologytermsusedinthisdocument.

    1.1.1CommonCriteriaTerms

    Assurance GroundsforconfidencethataTOEmeetstheSFRs[CC].

    BaseProtectionProfile(Base-PP)

    ProtectionProfileusedasabasistobuildaPP-Configuration.

    CommonCriteria(CC)

    CommonCriteriaforInformationTechnologySecurityEvaluation(InternationalStandardISO/IEC15408).

    CommonCriteriaTestingLaboratory

    WithinthecontextoftheCommonCriteriaEvaluationandValidationScheme(CCEVS),anITsecurityevaluationfacility,accreditedbytheNationalVoluntaryLaboratoryAccreditationProgram(NVLAP)andapprovedbytheNIAPValidationBodytoconductCommonCriteria-basedevaluations.

    CommonEvaluation

    CommonEvaluationMethodologyforInformationTechnologySecurityEvaluation.

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#bibCCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ASLRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_APIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#figure-fig-logofile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#cc-quadeqfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#bibCCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_Base-PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Configurationfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ISOfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ITfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_NIAP

  • Methodology(CEM)

    DistributedTOE

    ATOEcomposedofmultiplecomponentsoperatingasalogicalwhole.

    OperationalEnvironment(OE)

    HardwareandsoftwarethatareoutsidetheTOEboundarythatsupporttheTOEfunctionalityandsecuritypolicy.

    ProtectionProfile(PP)

    Animplementation-independentsetofsecurityrequirementsforacategoryofproducts.

    ProtectionProfileConfiguration(PP-Configuration)

    AcomprehensivesetofsecurityrequirementsforaproducttypethatconsistsofatleastoneBase-PPandatleastonePP-Module.

    ProtectionProfileModule(PP-Module)

    Animplementation-independentstatementofsecurityneedsforaTOEtypecomplementarytooneormoreBaseProtectionProfiles.

    SecurityAssuranceRequirement(SAR)

    ArequirementtoassurethesecurityoftheTOE.

    SecurityFunctionalRequirement(SFR)

    ArequirementforsecurityenforcementbytheTOE.

    SecurityTarget(ST)

    Asetofimplementation-dependentsecurityrequirementsforaspecificproduct.

    TOESecurityFunctionality(TSF)

    Thesecurityfunctionalityoftheproductunderevaluation.

    TOESummarySpecification(TSS)

    AdescriptionofhowaTOEsatisfiestheSFRsinanST.

    TargetofEvaluation(TOE)

    Theproductunderevaluation.

    1.1.2TechnicalTerms

    AddressSpaceLayoutRandomization(ASLR)

    Ananti-exploitationfeaturewhichloadsmemorymappingsintounpredictablelocations.ASLRmakesitmoredifficultforanattackertoredirectcontroltocodethattheyhaveintroducedintotheaddressspaceofaprocess.

    Administrator Anadministratorisresponsibleformanagementactivities,includingsettingpoliciesthatareappliedbytheenterpriseontheoperatingsystem.Thisadministratorcouldbeactingremotelythroughamanagementserver,fromwhichthesystemreceivesconfigurationpolicies.Anadministratorcanenforcesettingsonthesystemwhichcannotbeoverriddenbynon-administratorusers.

    Application(app)

    Softwarethatrunsonaplatformandperformstasksonbehalfoftheuserorowneroftheplatform,aswellasitssupportingdocumentation.

    ApplicationProgrammingInterface(API)

    Aspecificationofroutines,datastructures,objectclasses,andvariablesthatallowsanapplicationtomakeuseofservicesprovidedbyanothersoftwarecomponent,suchasalibrary.APIsareoftenprovidedforasetoflibrariesincludedwiththeplatform.

    Credential Datathatestablishestheidentityofauser,e.g.acryptographickeyorpassword.

    CriticalSecurityParameters(CSP)

    Informationthatiseitheruserorsystemdefinedandisusedtooperateacryptographicmoduleinprocessingencryptionfunctionsincludingcryptographickeysandauthenticationdata,suchaspasswords,thedisclosureormodificationofwhichcancompromisethesecurityofacryptographicmoduleorthesecurityoftheinformationprotectedbythemodule.

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CEMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Configurationfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_Base-PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SARfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SFRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_STfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_STfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ASLRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ASLRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_appfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_APIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSP

  • DARProtection

    Countermeasuresthatpreventattackers,eventhosewithphysicalaccess,fromextractingdatafromnon-volatilestorage.Commontechniquesincludedataencryptionandwiping.

    DataExecutionPrevention(DEP)

    Ananti-exploitationfeatureofmodernoperatingsystemsexecutingonmoderncomputerhardware,whichenforcesanon-executepermissiononpagesofmemory.DEPpreventspagesofmemoryfromcontainingbothdataandinstructions,whichmakesitmoredifficultforanattackertointroduceandexecutecode.

    Developer AnentitythatwritesOSsoftware.Forthepurposesofthisdocument,vendorsanddevelopersarethesame.

    GeneralPurposeOperatingSystem

    AclassofOSesdesignedtosupportawide-varietyofworkloadsconsistingofmanyconcurrentapplicationsorservices.TypicalcharacteristicsforOSesinthisclassincludesupportforthird-partyapplications,supportformultipleusers,andsecurityseparationbetweenusersandtheirrespectiveresources.GeneralPurposeOperatingSystemsalsolackthereal-timeconstraintthatdefinesRealTimeOperatingSystems(RTOS).RTOSestypicallypowerrouters,switches,andembeddeddevices.

    Host-basedFirewall

    Asoftware-basedfirewallimplementationrunningontheOSforfilteringinboundandoutboundnetworktraffictoandfromprocessesrunningontheOS.

    OperatingSystem(OS)

    Softwarethatmanagesphysicalandlogicalresourcesandprovidesservicesforapplications.ThetermsTOEandOSareinterchangeableinthisdocument.

    PersonallyIdentifiableInformation(PII)

    Anyinformationaboutanindividualmaintainedbyanagency,including,butnotlimitedto,education,financialtransactions,medicalhistory,andcriminaloremploymenthistoryandinformationwhichcanbeusedtodistinguishortraceanindividual'sidentity,suchastheirname,socialsecuritynumber,dateandplaceofbirth,mother'smaidenname,biometricrecords,etc.,includinganyotherpersonalinformationwhichislinkedorlinkabletoanindividual.[OMB]

    SensitiveData SensitivedatamayincludealluserorenterprisedataormaybespecificapplicationdatasuchasPII,emails,messaging,documents,calendaritems,andcontacts.Sensitivedatamustminimallyincludecredentialsandkeys.SensitivedatashallbeidentifiedintheOS'sTSSbytheSTauthor.

    User Auserissubjecttoconfigurationpoliciesappliedtotheoperatingsystembyadministrators.Onsomesystemsundercertainconfigurations,anormalusercantemporarilyelevateprivilegestothatofanadministrator.Atthattime,suchausershouldbeconsideredanadministrator.

    VirtualMachine(VM)

    BlahBlahBlah

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DARfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DEPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DEPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PIIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#bibOMBfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PIIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_STfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_VM

  • 2CompliantTargetsofEvaluation

    2.1TOEBoundary

    Figure2:GeneralTOE

    2.2TOEPlatform

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOE

  • 3UseCasesRequirementsinthisProtectionProfilearedesignedtoaddressthesecurityproblemsinatleastthefollowingusecases.Theseusecasesareintentionallyverybroad,asmanyspecificusecasesexistforanoperatingsystem.Theseusecasesmayalsooverlapwithoneanother.Anoperatingsystem'sfunctionalitymayevenbeeffectivelyextendedbyprivilegedapplicationsinstalledontoit.However,theseareoutofscopeofthisPP.

    [USECASE1]Elephant-owndeviceThisiseverythingweneedtodescribeinwordsaboutthisusecase.Forathelistofappropriateselectionsandacceptableassignmentvaluesforthisconfiguration,see.

    ThisPP-ModuleinheritsexactconformanceasrequiredfromthespecifiedBase-PPsandasdefinedintheCCandCEMaddendaforExactConformance,Selection-BasedSFRs,andOptionalSFRs(datedMay2017).

    ThefollowingPPsandPP-ModulesareallowedtobespecifiedinaPP-ConfigurationwiththisPP-Module:PP-ModuleforMDMAgents,Version1.0PP-ModuleforFileEncryptionEnterpriseManagement,Version1.0PP-ModuleforFileEncryption,Version2.0

    ThisPP-ModuleisconformanttoParts2(extended)and3(extended)ofCommonCriteriaVersion3.1,Revision5[CC]whenAppPP,GPOSPP,orMDFistheBase-PP.ThisPP-ModuleisconformanttoParts2(extended)and3(conformant)ofCommonCriteriaVersion3.1,Revision5[CC]whenMDMPPistheBase-PP.

    ThisPP-ModuledoesnotclaimconformancetoanyProtectionProfile.

    ThisPP-Moduledoesnotclaimconformancetoanypackages.ThesecurityproblemisdescribedintermsofthethreatsthattheOSisexpectedtoaddress,assumptionsabouttheoperationalenvironment,andanyorganizationalsecuritypoliciesthattheOSisexpectedtoenforce.

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CEMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Configurationfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_Base-PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_Base-PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OS

  • 4ThreatsT.NETWORK_ATTACK

    Anattackerispositionedonacommunicationschannelorelsewhereonthenetworkinfrastructure.AttackersmayengageincommunicationswithapplicationsandservicesrunningonorpartoftheOSwiththeintentofcompromise.Engagementmayconsistofalteringexistinglegitimatecommunications.

    T.NETWORK_EAVESDROPAnattackerispositionedonacommunicationschannelorelsewhereonthenetworkinfrastructure.AttackersmaymonitorandgainaccesstodataexchangedbetweenapplicationsandservicesthatarerunningonorpartoftheOS.

    T.LOCAL_ATTACKAnattackermaycompromiseapplicationsrunningontheOS.ThecompromisedapplicationmayprovidemaliciouslyformattedinputtotheOSthroughavarietyofchannelsincludingunprivilegedsystemcallsandmessagingviathefilesystem.

    T.LIMITED_PHYSICAL_ACCESSAnattackermayattempttoaccessdataontheOSwhilehavingalimitedamountoftimewiththephysicaldevice.

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OS

  • 5AssumptionsTheseassumptionsaremadeontheOperationalEnvironmentinordertobeabletoensurethatthesecurityfunctionalityspecifiedinthePP-ModulecanbeprovidedbytheTOE.IftheTOEisplacedinanOperationalEnvironmentthatdoesnotmeettheseassumptions,theTOEmaynolongerbeabletoprovideallofitssecurityfunctionality.

    A.PLATFORMTheOSreliesuponatrustworthycomputingplatformforitsexecution.ThisunderlyingplatformisoutofscopeofthisPP.

    A.PROPER_USERTheuseroftheOSisnotwillfullynegligentorhostile,andusesthesoftwareincompliancewiththeappliedenterprisesecuritypolicy.Atthesametime,malicioussoftwarecouldactastheuser,sorequirementswhichconfinemalicioussubjectsarestillinscope.

    A.PROPER_ADMINTheadministratoroftheOSisnotcareless,willfullynegligentorhostile,andadministerstheOSwithincomplianceoftheappliedenterprisesecuritypolicy.

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OS

  • 6SecurityObjectivesfortheTOEO.ACCOUNTABILITY

    ConformantOSesensurethatinformationexiststhatallowsadministratorstodiscoverunintentionalissueswiththeconfigurationandoperationoftheoperatingsystemanddiscoveritscause.Gatheringeventinformationandimmediatelytransmittingittoanothersystemcanalsoenableincidentresponseintheeventofsystemcompromise.

    O.INTEGRITYConformantOSesensuretheintegrityoftheirupdatepackages.OSesareseldomifevershippedwithouterrors,andtheabilitytodeploypatchesandupdateswithintegrityiscriticaltoenterprisenetworksecurity.ConformantOSesprovideexecutionenvironment-basedmitigationsthatincreasethecosttoattackersbyaddingcomplexitytothetaskofcompromisingsystems.

    O.MANAGEMENTTofacilitatemanagementbyusersandtheenterprise,conformantOSesprovideconsistentandsupportedinterfacesfortheirsecurity-relevantconfigurationandmaintenance.Thisincludesthedeploymentofapplicationsandapplicationupdatesthroughtheuseofplatform-supporteddeploymentmechanismsandformats,aswellasprovidingmechanismsforconfigurationandapplicationexecutioncontrol.

    O.PROTECTED_STORAGEToaddresstheissueoflossofconfidentialityofcredentialsintheeventoflossofphysicalcontrolofthestoragemedium,conformantOSesprovidedata-at-restprotectionforcredentials.ConformantOSesalsoprovideaccesscontrolswhichallowuserstokeeptheirfilesprivatefromotherusersofthesamesystem.

    O.PROTECTED_COMMSToaddressbothpassive(eavesdropping)andactive(packetmodification)networkattackthreats,conformantOSesprovidemechanismstocreatetrustedchannelsforCSPandsensitivedata.BothCSPandsensitivedatashouldnotbeexposedoutsideoftheplatform.

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSP

  • 7SecurityObjectivesfortheOperationalEnvironmentTheOperationalEnvironmentoftheTOEimplementstechnicalandproceduralmeasurestoassisttheTOEincorrectlyprovidingitssecurityfunctionality(whichisdefinedbythesecurityobjectivesfortheTOE).ThesecurityobjectivesfortheOperationalEnvironmentconsistofasetofstatementsdescribingthegoalsthattheOperationalEnvironmentshouldachieve.ThissectiondefinesthesecurityobjectivesthataretobeaddressedbytheITdomainorbynon-technicalorproceduralmeans.TheassumptionsidentifiedinSection3areincorporatedassecurityobjectivesfortheenvironment.ThefollowingsecurityobjectivesfortheoperationalenvironmentassisttheOSincorrectlyprovidingitssecurityfunctionality.Thesetrackwiththeassumptionsabouttheenvironment.

    OE.PLATFORMTheOSreliesonbeinginstalledontrustedhardware.

    OE.PROPER_USERTheuseroftheOSisnotwillfullynegligentorhostile,andusesthesoftwarewithincomplianceoftheappliedenterprisesecuritypolicy.Standarduseraccountsareprovisionedinaccordancewiththeleastprivilegemodel.Usersrequiringhigherlevelsofaccessshouldhaveaseparateaccountdedicatedforthatuse.

    OE.PROPER_ADMINTheadministratoroftheOSisnotcareless,willfullynegligentorhostile,andadministerstheOSwithincomplianceoftheappliedenterprisesecuritypolicy.

    7.1SecurityObjectivesRationaleThissectiondescribeshowtheassumptions,threats,andorganizationsecuritypoliciesmaptothesecurityobjectives.

    Threat,Assumption,orOSP SecurityObjectives Rationale

    T.NETWORK_ATTACK O.PROTECTED_COMMS ThethreatT.NETWORK_ATTACKiscounteredbyO.PROTECTED_COMMSasthisprovidesforintegrityoftransmitteddata.

    O.INTEGRITY ThethreatT.NETWORK_ATTACKiscounteredbyO.INTEGRITYasthisprovidesforintegrityofsoftwarethatisinstalledontothesystemfromthenetwork.

    O.MANAGEMENT ThethreatT.NETWORK_ATTACKiscounteredbyO.MANAGEMENTasthisprovidesfortheabilitytoconfiguretheOStodefendagainstnetworkattack.

    O.ACCOUNTABILITY ThethreatT.NETWORK_ATTACKiscounteredbyO.ACCOUNTABILITYasthisprovidesamechanismfortheOStoreportbehaviorthatmayindicateanetworkattackhasoccurred.

    T.NETWORK_EAVESDROP O.PROTECTED_COMMS ThethreatT.NETWORK_EAVESDROPiscounteredbyO.PROTECTED_COMMSasthisprovidesforconfidentialityoftransmitteddata.

    O.MANAGEMENT ThethreatT.NETWORK_EAVESDROPiscounteredbyO.MANAGEMENTasthisprovidesfortheabilitytoconfiguretheOStoprotecttheconfidentialityofitstransmitteddata.

    T.LOCAL_ATTACK O.INTEGRITY TheobjectiveO.INTEGRITYprotectsagainsttheuseofmechanismsthatweakentheTOEwithregardtoattackbyothersoftwareontheplatform.

    O.ACCOUNTABILITY TheobjectiveO.ACCOUNTABILITYprotectsagainstlocalattacksbyprovidingamechanismtoreportbehaviorthatmayindicatealocalattackisoccurringorhas

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ITfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.NETWORK_ATTACKfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.PROTECTED_COMMSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.NETWORK_ATTACKfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.PROTECTED_COMMSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.INTEGRITYfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.NETWORK_ATTACKfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.INTEGRITYfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.MANAGEMENTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.NETWORK_ATTACKfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.MANAGEMENTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.ACCOUNTABILITYfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.NETWORK_ATTACKfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.ACCOUNTABILITYfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.NETWORK_EAVESDROPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.PROTECTED_COMMSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.NETWORK_EAVESDROPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.PROTECTED_COMMSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.MANAGEMENTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.NETWORK_EAVESDROPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.MANAGEMENTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.LOCAL_ATTACKfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.INTEGRITYfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.INTEGRITYfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.ACCOUNTABILITYfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.ACCOUNTABILITY

  • occurred.

    T.LIMITED_PHYSICAL_ACCESS O.PROTECTED_STORAGE TheobjectiveO.PROTECTED_STORAGEprotectsagainstunauthorizedattemptstoaccessphysicalstorageusedbytheTOE.

    A.PLATFORM OE.PLATFORM TheoperationalenvironmentobjectiveOE.PLATFORMisrealizedthroughA.PLATFORM.

    A.PROPER_USER OE.PROPER_USER TheoperationalenvironmentobjectiveOE.PROPER_USERisrealizedthroughA.PROPER_USER.

    A.PROPER_ADMIN OE.PROPER_ADMIN TheoperationalenvironmentobjectiveOE.PROPER_ADMINisrealizedthroughA.PROPER_ADMIN.

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.LIMITED_PHYSICAL_ACCESSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.PROTECTED_STORAGEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.PROTECTED_STORAGEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#A.PLATFORMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#OE.PLATFORMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#OE.PLATFORMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#A.PLATFORMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#A.PROPER_USERfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#OE.PROPER_USERfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#OE.PROPER_USERfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#A.PROPER_USERfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#A.PROPER_ADMINfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#OE.PROPER_ADMINfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#OE.PROPER_ADMINfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#A.PROPER_ADMIN

  • 8SecurityRequirementsThischapterdescribesthesecurityrequirementswhichhavetobefulfilledbytheproductunderevaluation.ThoserequirementscomprisefunctionalcomponentsfromPart2andassurancecomponentsfromPart3of[CC].Thefollowingconventionsareusedforthecompletionofoperations:

    Refinementoperation(denotedbyboldtextorstrikethroughtext):isusedtoadddetailstoarequirement(includingreplacinganassignmentwithamorerestrictiveselection)ortoremovepartoftherequirementthatismadeirrelevantthroughthecompletionofanotheroperation,andthusfurtherrestrictsarequirement.Selection(denotedbyitalicizedtext):isusedtoselectoneormoreoptionsprovidedbythe[CC]instatingarequirement.Assignmentoperation(denotedbyitalicizedtext):isusedtoassignaspecificvaluetoanunspecifiedparameter,suchasthelengthofapassword.Showingthevalueinsquarebracketsindicatesassignment.Iterationoperation:isindicatedbyappendingtheSFRnamewithaslashanduniqueidentifiersuggestingthepurposeoftheoperation,e.g."/EXAMPLE1."

    8.1TOESecurityFunctionalRequirementsThisPP-ModuledoesnotdefineanymandatorySFRs.

    8.2TOESecurityFunctionalRequirementsRationaleThefollowingrationaleprovidesjustificationforeachsecurityobjectivefortheTOE,showingthattheSFRsaresuitabletomeetandachievethesecurityobjectives:

    OBJECTIVE ADDRESSEDBY RATIONALE

    FAU_GEN.1 'causeFAU_GEN.1isawesome

    FTP_ITC_EXT.1 CauseFTPreasons

    FPT_SBOP_EXT.1 Forreasons

    FPT_ASLR_EXT.1 ASLRForreasons

    FPT_TUD_EXT.1 Forreasons

    FPT_TUD_EXT.2 Forreasons

    FCS_COP.1/HASH Forreasons

    FCS_COP.1/SIGN Forreasons

    FCS_COP.1/KEYHMAC Forreasons

    FPT_ACF_EXT.1 Forreasons

    FPT_SRP_EXT.1 Forreasons

    FIA_X509_EXT.1 Forreasons

    FPT_TST_EXT.1 Forreasons

    FTP_ITC_EXT.1 Forreasons

    FPT_W^X_EXT.1 Forreasons

    FIA_AFL.1 Forreasons

    FIA_UAU.5 Forreasons

    FMT_MOF_EXT.1 Forreasons

    FMT_SMF_EXT.1 Forreasons

    FTA_TAB.1 Forreasons

    FTP_TRP.1 Forreasons

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#bibCCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SFRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ASLR

  • FCS_STO_EXT.1,FCS_RBG_EXT.1,FCS_COP.1/ENCRYPT,FDP_ACF_EXT.1 Rationaleforabigchunk

    FCS_RBG_EXT.1,FCS_CKM.1,FCS_CKM.2,FCS_CKM_EXT.4,FCS_COP.1/ENCRYPT,FCS_COP.1/HASH,FCS_COP.1/SIGN,FCS_COP.1/HMAC,FDP_IFC_EXT.1,FIA_X509_EXT.1,FIA_X509_EXT.2,FTP_ITC_EXT.1

    Rationaleforabigchunk

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_HMAC

  • 9ConsistencyRationale

  • AppendixA-OptionalSFRs

    A.1StrictlyOptionalRequirementsThisPP-ModuledoesnotdefineanyOptionalSFRs.

    A.2ObjectiveRequirementsThisPP-ModuledoesnotdefineanyObjectiveSFRs.

    A.3ObjectiveRequirementsThisPP-ModuledoesnotdefineanyObjectiveSFRs.

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Module

  • AppendixB-Selection-basedSFRsThisPP-Moduledoesnotdefineanyselection-basedSFRs.

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Module

  • AppendixC-ExtendedComponentDefinitionsThisappendixcontainsthedefinitionsfortheextendedrequirementsthatareusedinthePP-ModuleincludingthoseusedinAppendicesAthroughC.

    C.1BackgroundandScopeThisappendixprovidesadefinitionforalloftheextendedcomponentsintroducedinthisPP-Module.Thesecomponentsareidentifiedinthefollowingtable:

    FunctionalClass FunctionalComponents

    C.2ExtendedComponentDefinitions

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Module

  • AppendixD-InherentlySatisfiedRequirementsThisappendixlistsrequirementsthatshouldbeconsideredsatisfiedbyproductssuccessfullyevaluatedagainstthisProtectionProfile.However,theserequirementsarenotfeaturedexplicitlyasSFRsandshouldnotbeincludedintheST.TheyarenotincludedasstandaloneSFRsbecauseitwouldincreasethetime,cost,andcomplexityofevaluation.Thisapproachispermittedby[CC]Part1,8.2Dependenciesbetweencomponents.Thisinformationbenefitssystemsengineeringactivitieswhichcallforinclusionofparticularsecuritycontrols.EvaluationagainsttheProtectionProfileprovidesevidencethatthesecontrolsarepresentandhavebeenevaluated.

    Requirement RationaleforSatisfaction

    FIA_UAU.1-Timingofauthentication

    FIA_AFL.1implicitlyrequiresthattheOSperformallnecessaryactions,includingthoseonbehalfoftheuserwhohasnotbeenauthenticated,inordertoauthenticate;thereforeitisduplicativetoincludetheseactionsasaseparateassignmentandtest.

    FIA_UID.1-Timingofidentification

    FIA_AFL.1implicitlyrequiresthattheOSperformallnecessaryactions,includingthoseonbehalfoftheuserwhohasnotbeenidentified,inordertoauthenticate;thereforeitisduplicativetoincludetheseactionsasaseparateassignmentandtest.

    FMT_SMR.1-Securityroles

    FMT_MOF_EXT.1specifiesrole-basedmanagementfunctionsthatimplicitlydefinesuserandprivilegedaccounts;therefore,itisduplicativetoincludeseparaterolerequirements.

    FPT_STM.1-Reliabletimestamps

    FAU_GEN.1.2explicitlyrequiresthattheOSassociatetimestampswithauditrecords;thereforeitisduplicativetoincludeaseparatetimestamprequirement.

    FTA_SSL.1-TSF-initiatedsessionlocking

    FMT_MOF_EXT.1definesrequirementsformanagingsessionlocking;therefore,itisduplicativetoincludeaseparatesessionlockingrequirement.

    FTA_SSL.2-User-initiatedlocking

    FMT_MOF_EXT.1definesrequirementsforuser-initiatedsessionlocking;therefore,itisduplicativetoincludeaseparatesessionlockingrequirement.

    FAU_STG.1-Protectedaudittrailstorage

    FPT_ACF_EXT.1definesarequirementtoprotectauditlogs;therefore,itisduplicativetoincludeaseparateprotectionofaudittrailrequirements.

    FAU_GEN.2-Useridentityassociation

    FAU_GEN.1.2explicitlyrequiresthattheOSrecordanyuseraccountassociatedwitheachevent;therefore,itisduplicativetoincludeaseparaterequirementtoassociateauseraccountwitheachevent.

    FAU_SAR.1-Auditreview

    FPT_ACF_EXT.1.2requiresthatauditlogs(andotherobjects)areprotectedfromreadingbyunprivilegedusers;therefore,itisduplicativetoincludeaseparaterequirementtoprotectonlytheauditinformation.

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_STfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#bibCCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OS

  • AppendixE-References

  • AppendixF-Bibliography

    Identifier Title

    [CC] CommonCriteriaforInformationTechnologySecurityEvaluation-Part1:IntroductionandGeneralModel,CCMB-2017-04-001,Version3.1,Revision5,April2017.Part2:SecurityFunctionalComponents,CCMB-2017-04-002,Version3.1,Revision5,April2017.Part3:SecurityAssuranceComponents,CCMB-2017-04-003,Version3.1,Revision5,April2017.

    [CEM] CommonEvaluationMethodologyforInformationTechnologySecurity-EvaluationMethodology,CCMB-2012-09-004,Version3.1,Revision4,September2012.

    [CESG] CESG-EndUserDevicesSecurityandConfigurationGuidance

    [CSA] ComputerSecurityActof1987,H.R.145,June11,1987.

    [OMB] ReportingIncidentsInvolvingPersonallyIdentifiableInformationandIncorporatingtheCostforSecurityinAgencyInformationTechnologyInvestments,OMBM-06-19,July12,2006.

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CChttp://www.commoncriteriaportal.org/files/ccfiles/CCPART1V3.1R5.pdfhttp://www.commoncriteriaportal.org/files/ccfiles/CCPART2V3.1R5.pdfhttp://www.commoncriteriaportal.org/files/ccfiles/CCPART3V3.1R5.pdffile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CEMhttp://www.commoncriteriaportal.org/files/ccfiles/CEMV3.1R4.pdffile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CESGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CESGhttps://www.gov.uk/government/collections/end-user-devices-security-guidancefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSAhttp://csrc.nist.gov/groups/SMA/ispab/documents/csa_87.txtfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OMBhttp://www.whitehouse.gov/sites/default/files/omb/memoranda/fy2006/m06-19.pdffile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OMB

  • AppendixG-Acronyms

    Acronym Meaning

    AES AdvancedEncryptionStandard

    API ApplicationProgrammingInterface

    API ApplicationProgrammingInterface

    ASLR AddressSpaceLayoutRandomization

    Base-PP BaseProtectionProfile

    CC CommonCriteria

    CEM CommonEvaluationMethodology

    CESG Communications-ElectronicsSecurityGroup

    CMC CertificateManagementoverCMS

    CMS CryptographicMessageSyntax

    CN CommonNames

    CRL CertificateRevocationList

    CSA ComputerSecurityAct

    CSP CriticalSecurityParameters

    DAR DataAtRest

    DEP DataExecutionPrevention

    DES DataEncryptionStandard

    DHE Diffie-HellmanEphemeral

    DNS DomainNameSystem

    DRBG DeterministicRandomBitGenerator

    DSS DigitalSignatureStandard

    DSS DigitalSignatureStandard

    DT Date/TimeVector

    DTLS DatagramTransportLayerSecurity

    EAP ExtensibleAuthenticationProtocol

    ECDHE EllipticCurveDiffie-HellmanEphemeral

    ECDSA EllipticCurveDigitalSignatureAlgorithm

    EST EnrollmentoverSecureTransport

    FIPS FederalInformationProcessingStandards

    HMAC Hash-basedMessageAuthenticationCode

    HTTP HypertextTransferProtocol

    HTTPS HypertextTransferProtocolSecure

    IETF InternetEngineeringTaskForce

    IP InternetProtocol

    ISO InternationalOrganizationforStandardization

    IT InformationTechnology

    ITSEF InformationTechnologySecurityEvaluationFacility

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_AESfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_APIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_APIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ASLRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_Base-PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CEMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CESGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CMCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CMSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CMSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CNfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CRLfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSAfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DARfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DEPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DESfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DHEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DNSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DRBGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DSSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DSSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DTLSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_EAPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ECDHEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ECDSAfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ESTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_FIPSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_HMACfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_HTTPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_HTTPSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_IETFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_IPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ISOfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ITfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ITSEF

  • NIAP NationalInformationAssurancePartnership

    NIST NationalInstituteofStandardsandTechnology

    OCSP OnlineCertificateStatusProtocol

    OE OperationalEnvironment

    OID ObjectIdentifier

    OMB OfficeofManagementandBudget

    OS OperatingSystem

    PII PersonallyIdentifiableInformation

    PKI PublicKeyInfrastructure

    PP ProtectionProfile

    PP ProtectionProfile

    PP-Configuration ProtectionProfileConfiguration

    PP-Module ProtectionProfileModule

    RBG RandomBitGenerator

    RFC RequestforComment

    RNG RandomNumberGenerator

    RNGVS RandomNumberGeneratorValidationSystem

    S/MIME Secure/Multi-purposeInternetMailExtensions

    SAN SubjectAlternativeName

    SAR SecurityAssuranceRequirement

    SFR SecurityFunctionalRequirement

    SHA SecureHashAlgorithm

    SIP SessionInitiationProtocol

    ST SecurityTarget

    SWID SoftwareIdentification

    TLS TransportLayerSecurity

    TOE TargetofEvaluation

    TSF TOESecurityFunctionality

    TSFI TSFInterface

    TSS TOESummarySpecification

    URI UniformResourceIdentifier

    URL UniformResourceLocator

    USB UniversalSerialBus

    VM VirtualMachine

    XCCDF eXtensibleConfigurationChecklistDescriptionFormat

    XOR ExclusiveOr

    app Application

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_NIAPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_NISTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OCSPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OIDfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OMBfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PIIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PKIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Configurationfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_RBGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_RFCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_RNGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_RNGVSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_S/MIMEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SANfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SARfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SFRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SHAfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SIPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_STfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SWIDfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TLSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSFIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_URIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_URLfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_USBfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_VMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_XCCDFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_XORfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_app

  • AppendixH-Bibliography

    Identifier Title

    [CC] CommonCriteriaforInformationTechnologySecurityEvaluation-Part1:IntroductionandGeneralModel,CCMB-2017-04-001,Version3.1,Revision5,April2017.Part2:SecurityFunctionalComponents,CCMB-2017-04-002,Version3.1,Revision5,April2017.Part3:SecurityAssuranceComponents,CCMB-2017-04-003,Version3.1,Revision5,April2017.

    [CEM] CommonEvaluationMethodologyforInformationTechnologySecurity-EvaluationMethodology,CCMB-2012-09-004,Version3.1,Revision4,September2012.

    [CESG] CESG-EndUserDevicesSecurityandConfigurationGuidance

    [CSA] ComputerSecurityActof1987,H.R.145,June11,1987.

    [OMB] ReportingIncidentsInvolvingPersonallyIdentifiableInformationandIncorporatingtheCostforSecurityinAgencyInformationTechnologyInvestments,OMBM-06-19,July12,2006.

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CChttp://www.commoncriteriaportal.org/files/ccfiles/CCPART1V3.1R5.pdfhttp://www.commoncriteriaportal.org/files/ccfiles/CCPART2V3.1R5.pdfhttp://www.commoncriteriaportal.org/files/ccfiles/CCPART3V3.1R5.pdffile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CEMhttp://www.commoncriteriaportal.org/files/ccfiles/CEMV3.1R4.pdffile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CESGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CESGhttps://www.gov.uk/government/collections/end-user-devices-security-guidancefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSAhttp://csrc.nist.gov/groups/SMA/ispab/documents/csa_87.txtfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OMBhttp://www.whitehouse.gov/sites/default/files/omb/memoranda/fy2006/m06-19.pdffile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OMB

  • AppendixI-Acronyms

    Acronym Meaning

    AES AdvancedEncryptionStandard

    API ApplicationProgrammingInterface

    API ApplicationProgrammingInterface

    ASLR AddressSpaceLayoutRandomization

    Base-PP BaseProtectionProfile

    CC CommonCriteria

    CEM CommonEvaluationMethodology

    CESG Communications-ElectronicsSecurityGroup

    CMC CertificateManagementoverCMS

    CMS CryptographicMessageSyntax

    CN CommonNames

    CRL CertificateRevocationList

    CSA ComputerSecurityAct

    CSP CriticalSecurityParameters

    DAR DataAtRest

    DEP DataExecutionPrevention

    DES DataEncryptionStandard

    DHE Diffie-HellmanEphemeral

    DNS DomainNameSystem

    DRBG DeterministicRandomBitGenerator

    DSS DigitalSignatureStandard

    DSS DigitalSignatureStandard

    DT Date/TimeVector

    DTLS DatagramTransportLayerSecurity

    EAP ExtensibleAuthenticationProtocol

    ECDHE EllipticCurveDiffie-HellmanEphemeral

    ECDSA EllipticCurveDigitalSignatureAlgorithm

    EST EnrollmentoverSecureTransport

    FIPS FederalInformationProcessingStandards

    HMAC Hash-basedMessageAuthenticationCode

    HTTP HypertextTransferProtocol

    HTTPS HypertextTransferProtocolSecure

    IETF InternetEngineeringTaskForce

    IP InternetProtocol

    ISO InternationalOrganizationforStandardization

    IT InformationTechnology

    ITSEF InformationTechnologySecurityEvaluationFacility

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_AESfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_APIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_APIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ASLRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_Base-PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CEMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CESGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CMCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CMSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CMSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CNfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CRLfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSAfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DARfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DEPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DESfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DHEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DNSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DRBGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DSSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DSSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DTLSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_EAPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ECDHEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ECDSAfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ESTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_FIPSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_HMACfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_HTTPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_HTTPSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_IETFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_IPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ISOfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ITfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ITSEF

  • NIAP NationalInformationAssurancePartnership

    NIST NationalInstituteofStandardsandTechnology

    OCSP OnlineCertificateStatusProtocol

    OE OperationalEnvironment

    OID ObjectIdentifier

    OMB OfficeofManagementandBudget

    OS OperatingSystem

    PII PersonallyIdentifiableInformation

    PKI PublicKeyInfrastructure

    PP ProtectionProfile

    PP ProtectionProfile

    PP-Configuration ProtectionProfileConfiguration

    PP-Module ProtectionProfileModule

    RBG RandomBitGenerator

    RFC RequestforComment

    RNG RandomNumberGenerator

    RNGVS RandomNumberGeneratorValidationSystem

    S/MIME Secure/Multi-purposeInternetMailExtensions

    SAN SubjectAlternativeName

    SAR SecurityAssuranceRequirement

    SFR SecurityFunctionalRequirement

    SHA SecureHashAlgorithm

    SIP SessionInitiationProtocol

    ST SecurityTarget

    SWID SoftwareIdentification

    TLS TransportLayerSecurity

    TOE TargetofEvaluation

    TSF TOESecurityFunctionality

    TSFI TSFInterface

    TSS TOESummarySpecification

    URI UniformResourceIdentifier

    URL UniformResourceLocator

    USB UniversalSerialBus

    VM VirtualMachine

    XCCDF eXtensibleConfigurationChecklistDescriptionFormat

    XOR ExclusiveOr

    app Application

    file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_NIAPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_NISTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OCSPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OIDfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OMBfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PIIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PKIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Configurationfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_RBGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_RFCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_RNGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_RNGVSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_S/MIMEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SANfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SARfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SFRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SHAfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SIPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_STfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SWIDfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TLSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSFIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_URIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_URLfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_USBfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_VMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_XCCDFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_XORfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_app

Pp module content outline

Pp module content outline

Health & Medicine
Module - 6 - PP - I

Module - 6 - PP - I

Documents
Module 4 discussion 2 pp

Module 4 discussion 2 pp

Education
Edu 210-module-12-pp-nov2013

Edu 210-module-12-pp-nov2013

Education
Module Time Pp t

Module Time Pp t

Documents
collaborative PP-Module for Biometric enrolment and verification - … · 2021. 2. 26. · This is a collaborative Protection Profile Module (PP-Module) used to extend a base PP for

collaborative PP-Module for Biometric enrolment and verification - … · 2021. 2. 26. · This is a collaborative Protection Profile Module (PP-Module) used to extend a base PP for

Documents
Waves and Sound Reading Assignments Module 14 pp 341- 353 Module 14 pp 353 - 364 Homework Assignment Module 14 Study Guide Questions p 365 # 1 -10 Module

Waves and Sound Reading Assignments Module 14 pp 341- 353 Module 14 pp 353 - 364 Homework Assignment Module 14 Study Guide Questions p 365 # 1 -10 Module

Documents
A “GAP-Model” based Framework for Online VVoIP QoE Measurement

A “GAP-Model” based Framework for Online VVoIP QoE Measurement

Documents
PP-Module for Stateful Traffic Filter Firewalls

PP-Module for Stateful Traffic Filter Firewalls

Documents
Integration Between PP Module and PM

Integration Between PP Module and PM

Documents
PP‐Module for Video/Display Devices

PP‐Module for Video/Display Devices

Documents
Module Bond Pp t

Module Bond Pp t

Documents
IBS354 PP Chapter 10 Module 12

IBS354 PP Chapter 10 Module 12

Education
PP-Module CSP Time stamp and auditThe PP-Module claims conformance to CC version 3.1 Revision 5. Conformance of this PP-Module with respect to CC Part 2 [CC2] (security functional

PP-Module CSP Time stamp and auditThe PP-Module claims conformance to CC version 3.1 Revision 5. Conformance of this PP-Module with respect to CC Part 2 [CC2] (security functional

Documents
Scrap Calculation in Pp Module

Scrap Calculation in Pp Module

Documents
IBS354 PP Chapter 9 Module 11

IBS354 PP Chapter 9 Module 11

Education
Trm Planets Training Pp Module

Trm Planets Training Pp Module

Technology
The case of missing customer module one pp ts

The case of missing customer module one pp ts

Business
SAP Module PP Course Transaction & Configuration

SAP Module PP Course Transaction & Configuration

Documents
IBS354 PP Chapter 8 Module 10

IBS354 PP Chapter 8 Module 10

Education
IBS354 PP Chapter 11 Module 13

IBS354 PP Chapter 11 Module 13

Education
IBS354 PP Chapter 3 Module 3 & 4

IBS354 PP Chapter 3 Module 3 & 4

Education
collaborative PP-Module for Biometric enrolment … › pr-draft3 › MOD-BIO-enrl-v0...• PP-Module Date: March 13, 2020 3.2. Base PP identification Base PP of this PP-Module is

collaborative PP-Module for Biometric enrolment … › pr-draft3 › MOD-BIO-enrl-v0...• PP-Module Date: March 13, 2020 3.2. Base PP identification Base PP of this PP-Module is

Documents
Word 2016 module 4 pp

Word 2016 module 4 pp

Technology
PP-Module for Bluetooth - NIAP-CCEVS

PP-Module for Bluetooth - NIAP-CCEVS

Documents
Module 5 PP

Module 5 PP

Business
Module 8 PP

Module 8 PP

Documents
Integration Between PP and SD Module

Integration Between PP and SD Module

Documents
Supporting Document Mandatory Technical Document PP-Module

Supporting Document Mandatory Technical Document PP-Module

Documents
6 - PP Module itutor01

6 - PP Module itutor01

Documents