PP-Module for Voice and Video over IP (VVoIP) · 1 day ago · PP-Module for MDM Agents, Version...
Transcript of PP-Module for Voice and Video over IP (VVoIP) · 1 day ago · PP-Module for MDM Agents, Version...
-
PP-ModuleforVoiceandVideooverIP(VVoIP)
Version:1.02015-08-14
NationalInformationAssurancePartnership
-
RevisionHistory
Version Date Comment
Round1 2015-04-23 Firstdraftofversion1.0forcomment
1.0 2015-08-14 Release-firstversionreleased
Contents
1 Overview1.1 Terms1.1.1 CommonCriteriaTerms1.1.2 TechnicalTerms
2 CompliantTargetsofEvaluation2.1 TOEBoundary2.2 TOEPlatform3 UseCases4 Threats5 Assumptions6 SecurityObjectivesfortheTOE7 SecurityObjectivesfortheOperationalEnvironment7.1 SecurityObjectivesRationale8 SecurityRequirements8.1 TOESecurityFunctionalRequirements8.2 TOESecurityFunctionalRequirementsRationale9 ConsistencyRationaleAppendixA- OptionalSFRsA.1 StrictlyOptionalRequirementsA.2 ObjectiveRequirementsA.3 ObjectiveRequirementsAppendixB- Selection-basedSFRsAppendixC- ExtendedComponentDefinitionsC.1 BackgroundandScopeC.2 ExtendedComponentDefinitionsAppendixD- InherentlySatisfiedRequirementsAppendixE- ReferencesAppendixF- BibliographyAppendixG- AcronymsAppendixH- BibliographyAppendixI- Acronyms
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#ppoverviewfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#glossaryfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#cc-termsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#tech-termsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#TOEdescriptionfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#TOEboundaryfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#TOEplatformfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#usecasesfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#threatsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#assumptionsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#SecurityObjectivesTOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#SecurityObjectivesTOEorEnvironmentfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#SORfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#sfrsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#man-sfrsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#obj-req-mapfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#mod-conratfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#opt-sfrsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#strictly-optional-sfrsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#objective-sfrsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#objective-sfrsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#sel-sfrsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#ext-comp-defsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#ext-comp-defs-bgfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#ext-comp-defs-bgfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#satisfiedreqsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#bibliofile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#bibliographyfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#acronymsfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#bibliographyfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#acronyms
-
1OverviewThescopeofthisProtectionProfile(PP)istodescribethesecurityfunctionalityofQQQQproductsintermsof[CC]andtodefinefunctionalandassurancerequirementsforsuchproducts.Anoperatingsystemissoftwarethatmanagescomputerhardwareandsoftwareresources,andprovidescommonservicesforapplicationprograms.Thehardwareitmanagesmaybephysical,virtualorimaginary.SomethingThisisgoingtoshowsometests:
TermswithabbrslikeASLR,orAPI,shouldbefoundalinkedautomatically.Andcomponentscanbereferedtobytheirname:FQQ_QQQ.1Andsocanrequirements:FQQ_QQQ.1.1orbytheiruniqueidentifier:FQQ_QQQ.1.1OryoucanstopthemASLRThisishowyoudoapicture:
Figure1:Niap'sLogoAndthisishowyoureferenceit:Figure1Thisishowyoudoanequationwithanarbitrarycounter:
(1)
Andthisishowyoureferenceit:1Thefollowingcontentshouldbeincludedif:
"this"isselectedfromFQQ_QQQ.1.1Sometext
Thefollowingcontentshouldbeincludedif:theTOEimplements"WidgetThing"
SometingdependentonafeatureAndhere'stheauditeventtableformandatoryrequirements.Testforanxreftosection
Andthisisanothersentence(orfragment).Iaddedthissentenceanddeletedthenextone.ThisusesthepluralacronymOSes.
1.1TermsThefollowingsectionslistCommonCriteriaandtechnologytermsusedinthisdocument.
1.1.1CommonCriteriaTerms
Assurance GroundsforconfidencethataTOEmeetstheSFRs[CC].
BaseProtectionProfile(Base-PP)
ProtectionProfileusedasabasistobuildaPP-Configuration.
CommonCriteria(CC)
CommonCriteriaforInformationTechnologySecurityEvaluation(InternationalStandardISO/IEC15408).
CommonCriteriaTestingLaboratory
WithinthecontextoftheCommonCriteriaEvaluationandValidationScheme(CCEVS),anITsecurityevaluationfacility,accreditedbytheNationalVoluntaryLaboratoryAccreditationProgram(NVLAP)andapprovedbytheNIAPValidationBodytoconductCommonCriteria-basedevaluations.
CommonEvaluation
CommonEvaluationMethodologyforInformationTechnologySecurityEvaluation.
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#bibCCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ASLRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_APIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#figure-fig-logofile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#cc-quadeqfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#bibCCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_Base-PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Configurationfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ISOfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ITfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_NIAP
-
Methodology(CEM)
DistributedTOE
ATOEcomposedofmultiplecomponentsoperatingasalogicalwhole.
OperationalEnvironment(OE)
HardwareandsoftwarethatareoutsidetheTOEboundarythatsupporttheTOEfunctionalityandsecuritypolicy.
ProtectionProfile(PP)
Animplementation-independentsetofsecurityrequirementsforacategoryofproducts.
ProtectionProfileConfiguration(PP-Configuration)
AcomprehensivesetofsecurityrequirementsforaproducttypethatconsistsofatleastoneBase-PPandatleastonePP-Module.
ProtectionProfileModule(PP-Module)
Animplementation-independentstatementofsecurityneedsforaTOEtypecomplementarytooneormoreBaseProtectionProfiles.
SecurityAssuranceRequirement(SAR)
ArequirementtoassurethesecurityoftheTOE.
SecurityFunctionalRequirement(SFR)
ArequirementforsecurityenforcementbytheTOE.
SecurityTarget(ST)
Asetofimplementation-dependentsecurityrequirementsforaspecificproduct.
TOESecurityFunctionality(TSF)
Thesecurityfunctionalityoftheproductunderevaluation.
TOESummarySpecification(TSS)
AdescriptionofhowaTOEsatisfiestheSFRsinanST.
TargetofEvaluation(TOE)
Theproductunderevaluation.
1.1.2TechnicalTerms
AddressSpaceLayoutRandomization(ASLR)
Ananti-exploitationfeaturewhichloadsmemorymappingsintounpredictablelocations.ASLRmakesitmoredifficultforanattackertoredirectcontroltocodethattheyhaveintroducedintotheaddressspaceofaprocess.
Administrator Anadministratorisresponsibleformanagementactivities,includingsettingpoliciesthatareappliedbytheenterpriseontheoperatingsystem.Thisadministratorcouldbeactingremotelythroughamanagementserver,fromwhichthesystemreceivesconfigurationpolicies.Anadministratorcanenforcesettingsonthesystemwhichcannotbeoverriddenbynon-administratorusers.
Application(app)
Softwarethatrunsonaplatformandperformstasksonbehalfoftheuserorowneroftheplatform,aswellasitssupportingdocumentation.
ApplicationProgrammingInterface(API)
Aspecificationofroutines,datastructures,objectclasses,andvariablesthatallowsanapplicationtomakeuseofservicesprovidedbyanothersoftwarecomponent,suchasalibrary.APIsareoftenprovidedforasetoflibrariesincludedwiththeplatform.
Credential Datathatestablishestheidentityofauser,e.g.acryptographickeyorpassword.
CriticalSecurityParameters(CSP)
Informationthatiseitheruserorsystemdefinedandisusedtooperateacryptographicmoduleinprocessingencryptionfunctionsincludingcryptographickeysandauthenticationdata,suchaspasswords,thedisclosureormodificationofwhichcancompromisethesecurityofacryptographicmoduleorthesecurityoftheinformationprotectedbythemodule.
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CEMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Configurationfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_Base-PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SARfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SFRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_STfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_STfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ASLRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ASLRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_appfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_APIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSP
-
DARProtection
Countermeasuresthatpreventattackers,eventhosewithphysicalaccess,fromextractingdatafromnon-volatilestorage.Commontechniquesincludedataencryptionandwiping.
DataExecutionPrevention(DEP)
Ananti-exploitationfeatureofmodernoperatingsystemsexecutingonmoderncomputerhardware,whichenforcesanon-executepermissiononpagesofmemory.DEPpreventspagesofmemoryfromcontainingbothdataandinstructions,whichmakesitmoredifficultforanattackertointroduceandexecutecode.
Developer AnentitythatwritesOSsoftware.Forthepurposesofthisdocument,vendorsanddevelopersarethesame.
GeneralPurposeOperatingSystem
AclassofOSesdesignedtosupportawide-varietyofworkloadsconsistingofmanyconcurrentapplicationsorservices.TypicalcharacteristicsforOSesinthisclassincludesupportforthird-partyapplications,supportformultipleusers,andsecurityseparationbetweenusersandtheirrespectiveresources.GeneralPurposeOperatingSystemsalsolackthereal-timeconstraintthatdefinesRealTimeOperatingSystems(RTOS).RTOSestypicallypowerrouters,switches,andembeddeddevices.
Host-basedFirewall
Asoftware-basedfirewallimplementationrunningontheOSforfilteringinboundandoutboundnetworktraffictoandfromprocessesrunningontheOS.
OperatingSystem(OS)
Softwarethatmanagesphysicalandlogicalresourcesandprovidesservicesforapplications.ThetermsTOEandOSareinterchangeableinthisdocument.
PersonallyIdentifiableInformation(PII)
Anyinformationaboutanindividualmaintainedbyanagency,including,butnotlimitedto,education,financialtransactions,medicalhistory,andcriminaloremploymenthistoryandinformationwhichcanbeusedtodistinguishortraceanindividual'sidentity,suchastheirname,socialsecuritynumber,dateandplaceofbirth,mother'smaidenname,biometricrecords,etc.,includinganyotherpersonalinformationwhichislinkedorlinkabletoanindividual.[OMB]
SensitiveData SensitivedatamayincludealluserorenterprisedataormaybespecificapplicationdatasuchasPII,emails,messaging,documents,calendaritems,andcontacts.Sensitivedatamustminimallyincludecredentialsandkeys.SensitivedatashallbeidentifiedintheOS'sTSSbytheSTauthor.
User Auserissubjecttoconfigurationpoliciesappliedtotheoperatingsystembyadministrators.Onsomesystemsundercertainconfigurations,anormalusercantemporarilyelevateprivilegestothatofanadministrator.Atthattime,suchausershouldbeconsideredanadministrator.
VirtualMachine(VM)
BlahBlahBlah
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DARfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DEPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DEPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PIIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#bibOMBfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PIIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_STfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_VM
-
2CompliantTargetsofEvaluation
2.1TOEBoundary
Figure2:GeneralTOE
2.2TOEPlatform
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOE
-
3UseCasesRequirementsinthisProtectionProfilearedesignedtoaddressthesecurityproblemsinatleastthefollowingusecases.Theseusecasesareintentionallyverybroad,asmanyspecificusecasesexistforanoperatingsystem.Theseusecasesmayalsooverlapwithoneanother.Anoperatingsystem'sfunctionalitymayevenbeeffectivelyextendedbyprivilegedapplicationsinstalledontoit.However,theseareoutofscopeofthisPP.
[USECASE1]Elephant-owndeviceThisiseverythingweneedtodescribeinwordsaboutthisusecase.Forathelistofappropriateselectionsandacceptableassignmentvaluesforthisconfiguration,see.
ThisPP-ModuleinheritsexactconformanceasrequiredfromthespecifiedBase-PPsandasdefinedintheCCandCEMaddendaforExactConformance,Selection-BasedSFRs,andOptionalSFRs(datedMay2017).
ThefollowingPPsandPP-ModulesareallowedtobespecifiedinaPP-ConfigurationwiththisPP-Module:PP-ModuleforMDMAgents,Version1.0PP-ModuleforFileEncryptionEnterpriseManagement,Version1.0PP-ModuleforFileEncryption,Version2.0
ThisPP-ModuleisconformanttoParts2(extended)and3(extended)ofCommonCriteriaVersion3.1,Revision5[CC]whenAppPP,GPOSPP,orMDFistheBase-PP.ThisPP-ModuleisconformanttoParts2(extended)and3(conformant)ofCommonCriteriaVersion3.1,Revision5[CC]whenMDMPPistheBase-PP.
ThisPP-ModuledoesnotclaimconformancetoanyProtectionProfile.
ThisPP-Moduledoesnotclaimconformancetoanypackages.ThesecurityproblemisdescribedintermsofthethreatsthattheOSisexpectedtoaddress,assumptionsabouttheoperationalenvironment,andanyorganizationalsecuritypoliciesthattheOSisexpectedtoenforce.
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CEMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Configurationfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_Base-PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_Base-PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OS
-
4ThreatsT.NETWORK_ATTACK
Anattackerispositionedonacommunicationschannelorelsewhereonthenetworkinfrastructure.AttackersmayengageincommunicationswithapplicationsandservicesrunningonorpartoftheOSwiththeintentofcompromise.Engagementmayconsistofalteringexistinglegitimatecommunications.
T.NETWORK_EAVESDROPAnattackerispositionedonacommunicationschannelorelsewhereonthenetworkinfrastructure.AttackersmaymonitorandgainaccesstodataexchangedbetweenapplicationsandservicesthatarerunningonorpartoftheOS.
T.LOCAL_ATTACKAnattackermaycompromiseapplicationsrunningontheOS.ThecompromisedapplicationmayprovidemaliciouslyformattedinputtotheOSthroughavarietyofchannelsincludingunprivilegedsystemcallsandmessagingviathefilesystem.
T.LIMITED_PHYSICAL_ACCESSAnattackermayattempttoaccessdataontheOSwhilehavingalimitedamountoftimewiththephysicaldevice.
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OS
-
5AssumptionsTheseassumptionsaremadeontheOperationalEnvironmentinordertobeabletoensurethatthesecurityfunctionalityspecifiedinthePP-ModulecanbeprovidedbytheTOE.IftheTOEisplacedinanOperationalEnvironmentthatdoesnotmeettheseassumptions,theTOEmaynolongerbeabletoprovideallofitssecurityfunctionality.
A.PLATFORMTheOSreliesuponatrustworthycomputingplatformforitsexecution.ThisunderlyingplatformisoutofscopeofthisPP.
A.PROPER_USERTheuseroftheOSisnotwillfullynegligentorhostile,andusesthesoftwareincompliancewiththeappliedenterprisesecuritypolicy.Atthesametime,malicioussoftwarecouldactastheuser,sorequirementswhichconfinemalicioussubjectsarestillinscope.
A.PROPER_ADMINTheadministratoroftheOSisnotcareless,willfullynegligentorhostile,andadministerstheOSwithincomplianceoftheappliedenterprisesecuritypolicy.
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OS
-
6SecurityObjectivesfortheTOEO.ACCOUNTABILITY
ConformantOSesensurethatinformationexiststhatallowsadministratorstodiscoverunintentionalissueswiththeconfigurationandoperationoftheoperatingsystemanddiscoveritscause.Gatheringeventinformationandimmediatelytransmittingittoanothersystemcanalsoenableincidentresponseintheeventofsystemcompromise.
O.INTEGRITYConformantOSesensuretheintegrityoftheirupdatepackages.OSesareseldomifevershippedwithouterrors,andtheabilitytodeploypatchesandupdateswithintegrityiscriticaltoenterprisenetworksecurity.ConformantOSesprovideexecutionenvironment-basedmitigationsthatincreasethecosttoattackersbyaddingcomplexitytothetaskofcompromisingsystems.
O.MANAGEMENTTofacilitatemanagementbyusersandtheenterprise,conformantOSesprovideconsistentandsupportedinterfacesfortheirsecurity-relevantconfigurationandmaintenance.Thisincludesthedeploymentofapplicationsandapplicationupdatesthroughtheuseofplatform-supporteddeploymentmechanismsandformats,aswellasprovidingmechanismsforconfigurationandapplicationexecutioncontrol.
O.PROTECTED_STORAGEToaddresstheissueoflossofconfidentialityofcredentialsintheeventoflossofphysicalcontrolofthestoragemedium,conformantOSesprovidedata-at-restprotectionforcredentials.ConformantOSesalsoprovideaccesscontrolswhichallowuserstokeeptheirfilesprivatefromotherusersofthesamesystem.
O.PROTECTED_COMMSToaddressbothpassive(eavesdropping)andactive(packetmodification)networkattackthreats,conformantOSesprovidemechanismstocreatetrustedchannelsforCSPandsensitivedata.BothCSPandsensitivedatashouldnotbeexposedoutsideoftheplatform.
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSP
-
7SecurityObjectivesfortheOperationalEnvironmentTheOperationalEnvironmentoftheTOEimplementstechnicalandproceduralmeasurestoassisttheTOEincorrectlyprovidingitssecurityfunctionality(whichisdefinedbythesecurityobjectivesfortheTOE).ThesecurityobjectivesfortheOperationalEnvironmentconsistofasetofstatementsdescribingthegoalsthattheOperationalEnvironmentshouldachieve.ThissectiondefinesthesecurityobjectivesthataretobeaddressedbytheITdomainorbynon-technicalorproceduralmeans.TheassumptionsidentifiedinSection3areincorporatedassecurityobjectivesfortheenvironment.ThefollowingsecurityobjectivesfortheoperationalenvironmentassisttheOSincorrectlyprovidingitssecurityfunctionality.Thesetrackwiththeassumptionsabouttheenvironment.
OE.PLATFORMTheOSreliesonbeinginstalledontrustedhardware.
OE.PROPER_USERTheuseroftheOSisnotwillfullynegligentorhostile,andusesthesoftwarewithincomplianceoftheappliedenterprisesecuritypolicy.Standarduseraccountsareprovisionedinaccordancewiththeleastprivilegemodel.Usersrequiringhigherlevelsofaccessshouldhaveaseparateaccountdedicatedforthatuse.
OE.PROPER_ADMINTheadministratoroftheOSisnotcareless,willfullynegligentorhostile,andadministerstheOSwithincomplianceoftheappliedenterprisesecuritypolicy.
7.1SecurityObjectivesRationaleThissectiondescribeshowtheassumptions,threats,andorganizationsecuritypoliciesmaptothesecurityobjectives.
Threat,Assumption,orOSP SecurityObjectives Rationale
T.NETWORK_ATTACK O.PROTECTED_COMMS ThethreatT.NETWORK_ATTACKiscounteredbyO.PROTECTED_COMMSasthisprovidesforintegrityoftransmitteddata.
O.INTEGRITY ThethreatT.NETWORK_ATTACKiscounteredbyO.INTEGRITYasthisprovidesforintegrityofsoftwarethatisinstalledontothesystemfromthenetwork.
O.MANAGEMENT ThethreatT.NETWORK_ATTACKiscounteredbyO.MANAGEMENTasthisprovidesfortheabilitytoconfiguretheOStodefendagainstnetworkattack.
O.ACCOUNTABILITY ThethreatT.NETWORK_ATTACKiscounteredbyO.ACCOUNTABILITYasthisprovidesamechanismfortheOStoreportbehaviorthatmayindicateanetworkattackhasoccurred.
T.NETWORK_EAVESDROP O.PROTECTED_COMMS ThethreatT.NETWORK_EAVESDROPiscounteredbyO.PROTECTED_COMMSasthisprovidesforconfidentialityoftransmitteddata.
O.MANAGEMENT ThethreatT.NETWORK_EAVESDROPiscounteredbyO.MANAGEMENTasthisprovidesfortheabilitytoconfiguretheOStoprotecttheconfidentialityofitstransmitteddata.
T.LOCAL_ATTACK O.INTEGRITY TheobjectiveO.INTEGRITYprotectsagainsttheuseofmechanismsthatweakentheTOEwithregardtoattackbyothersoftwareontheplatform.
O.ACCOUNTABILITY TheobjectiveO.ACCOUNTABILITYprotectsagainstlocalattacksbyprovidingamechanismtoreportbehaviorthatmayindicatealocalattackisoccurringorhas
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ITfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.NETWORK_ATTACKfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.PROTECTED_COMMSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.NETWORK_ATTACKfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.PROTECTED_COMMSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.INTEGRITYfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.NETWORK_ATTACKfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.INTEGRITYfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.MANAGEMENTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.NETWORK_ATTACKfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.MANAGEMENTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.ACCOUNTABILITYfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.NETWORK_ATTACKfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.ACCOUNTABILITYfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.NETWORK_EAVESDROPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.PROTECTED_COMMSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.NETWORK_EAVESDROPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.PROTECTED_COMMSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.MANAGEMENTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.NETWORK_EAVESDROPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.MANAGEMENTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.LOCAL_ATTACKfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.INTEGRITYfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.INTEGRITYfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.ACCOUNTABILITYfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.ACCOUNTABILITY
-
occurred.
T.LIMITED_PHYSICAL_ACCESS O.PROTECTED_STORAGE TheobjectiveO.PROTECTED_STORAGEprotectsagainstunauthorizedattemptstoaccessphysicalstorageusedbytheTOE.
A.PLATFORM OE.PLATFORM TheoperationalenvironmentobjectiveOE.PLATFORMisrealizedthroughA.PLATFORM.
A.PROPER_USER OE.PROPER_USER TheoperationalenvironmentobjectiveOE.PROPER_USERisrealizedthroughA.PROPER_USER.
A.PROPER_ADMIN OE.PROPER_ADMIN TheoperationalenvironmentobjectiveOE.PROPER_ADMINisrealizedthroughA.PROPER_ADMIN.
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#T.LIMITED_PHYSICAL_ACCESSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.PROTECTED_STORAGEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#O.PROTECTED_STORAGEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#A.PLATFORMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#OE.PLATFORMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#OE.PLATFORMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#A.PLATFORMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#A.PROPER_USERfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#OE.PROPER_USERfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#OE.PROPER_USERfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#A.PROPER_USERfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#A.PROPER_ADMINfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#OE.PROPER_ADMINfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#OE.PROPER_ADMINfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#A.PROPER_ADMIN
-
8SecurityRequirementsThischapterdescribesthesecurityrequirementswhichhavetobefulfilledbytheproductunderevaluation.ThoserequirementscomprisefunctionalcomponentsfromPart2andassurancecomponentsfromPart3of[CC].Thefollowingconventionsareusedforthecompletionofoperations:
Refinementoperation(denotedbyboldtextorstrikethroughtext):isusedtoadddetailstoarequirement(includingreplacinganassignmentwithamorerestrictiveselection)ortoremovepartoftherequirementthatismadeirrelevantthroughthecompletionofanotheroperation,andthusfurtherrestrictsarequirement.Selection(denotedbyitalicizedtext):isusedtoselectoneormoreoptionsprovidedbythe[CC]instatingarequirement.Assignmentoperation(denotedbyitalicizedtext):isusedtoassignaspecificvaluetoanunspecifiedparameter,suchasthelengthofapassword.Showingthevalueinsquarebracketsindicatesassignment.Iterationoperation:isindicatedbyappendingtheSFRnamewithaslashanduniqueidentifiersuggestingthepurposeoftheoperation,e.g."/EXAMPLE1."
8.1TOESecurityFunctionalRequirementsThisPP-ModuledoesnotdefineanymandatorySFRs.
8.2TOESecurityFunctionalRequirementsRationaleThefollowingrationaleprovidesjustificationforeachsecurityobjectivefortheTOE,showingthattheSFRsaresuitabletomeetandachievethesecurityobjectives:
OBJECTIVE ADDRESSEDBY RATIONALE
FAU_GEN.1 'causeFAU_GEN.1isawesome
FTP_ITC_EXT.1 CauseFTPreasons
FPT_SBOP_EXT.1 Forreasons
FPT_ASLR_EXT.1 ASLRForreasons
FPT_TUD_EXT.1 Forreasons
FPT_TUD_EXT.2 Forreasons
FCS_COP.1/HASH Forreasons
FCS_COP.1/SIGN Forreasons
FCS_COP.1/KEYHMAC Forreasons
FPT_ACF_EXT.1 Forreasons
FPT_SRP_EXT.1 Forreasons
FIA_X509_EXT.1 Forreasons
FPT_TST_EXT.1 Forreasons
FTP_ITC_EXT.1 Forreasons
FPT_W^X_EXT.1 Forreasons
FIA_AFL.1 Forreasons
FIA_UAU.5 Forreasons
FMT_MOF_EXT.1 Forreasons
FMT_SMF_EXT.1 Forreasons
FTA_TAB.1 Forreasons
FTP_TRP.1 Forreasons
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#bibCCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SFRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ASLR
-
FCS_STO_EXT.1,FCS_RBG_EXT.1,FCS_COP.1/ENCRYPT,FDP_ACF_EXT.1 Rationaleforabigchunk
FCS_RBG_EXT.1,FCS_CKM.1,FCS_CKM.2,FCS_CKM_EXT.4,FCS_COP.1/ENCRYPT,FCS_COP.1/HASH,FCS_COP.1/SIGN,FCS_COP.1/HMAC,FDP_IFC_EXT.1,FIA_X509_EXT.1,FIA_X509_EXT.2,FTP_ITC_EXT.1
Rationaleforabigchunk
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_HMAC
-
9ConsistencyRationale
-
AppendixA-OptionalSFRs
A.1StrictlyOptionalRequirementsThisPP-ModuledoesnotdefineanyOptionalSFRs.
A.2ObjectiveRequirementsThisPP-ModuledoesnotdefineanyObjectiveSFRs.
A.3ObjectiveRequirementsThisPP-ModuledoesnotdefineanyObjectiveSFRs.
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Module
-
AppendixB-Selection-basedSFRsThisPP-Moduledoesnotdefineanyselection-basedSFRs.
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Module
-
AppendixC-ExtendedComponentDefinitionsThisappendixcontainsthedefinitionsfortheextendedrequirementsthatareusedinthePP-ModuleincludingthoseusedinAppendicesAthroughC.
C.1BackgroundandScopeThisappendixprovidesadefinitionforalloftheextendedcomponentsintroducedinthisPP-Module.Thesecomponentsareidentifiedinthefollowingtable:
FunctionalClass FunctionalComponents
C.2ExtendedComponentDefinitions
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Module
-
AppendixD-InherentlySatisfiedRequirementsThisappendixlistsrequirementsthatshouldbeconsideredsatisfiedbyproductssuccessfullyevaluatedagainstthisProtectionProfile.However,theserequirementsarenotfeaturedexplicitlyasSFRsandshouldnotbeincludedintheST.TheyarenotincludedasstandaloneSFRsbecauseitwouldincreasethetime,cost,andcomplexityofevaluation.Thisapproachispermittedby[CC]Part1,8.2Dependenciesbetweencomponents.Thisinformationbenefitssystemsengineeringactivitieswhichcallforinclusionofparticularsecuritycontrols.EvaluationagainsttheProtectionProfileprovidesevidencethatthesecontrolsarepresentandhavebeenevaluated.
Requirement RationaleforSatisfaction
FIA_UAU.1-Timingofauthentication
FIA_AFL.1implicitlyrequiresthattheOSperformallnecessaryactions,includingthoseonbehalfoftheuserwhohasnotbeenauthenticated,inordertoauthenticate;thereforeitisduplicativetoincludetheseactionsasaseparateassignmentandtest.
FIA_UID.1-Timingofidentification
FIA_AFL.1implicitlyrequiresthattheOSperformallnecessaryactions,includingthoseonbehalfoftheuserwhohasnotbeenidentified,inordertoauthenticate;thereforeitisduplicativetoincludetheseactionsasaseparateassignmentandtest.
FMT_SMR.1-Securityroles
FMT_MOF_EXT.1specifiesrole-basedmanagementfunctionsthatimplicitlydefinesuserandprivilegedaccounts;therefore,itisduplicativetoincludeseparaterolerequirements.
FPT_STM.1-Reliabletimestamps
FAU_GEN.1.2explicitlyrequiresthattheOSassociatetimestampswithauditrecords;thereforeitisduplicativetoincludeaseparatetimestamprequirement.
FTA_SSL.1-TSF-initiatedsessionlocking
FMT_MOF_EXT.1definesrequirementsformanagingsessionlocking;therefore,itisduplicativetoincludeaseparatesessionlockingrequirement.
FTA_SSL.2-User-initiatedlocking
FMT_MOF_EXT.1definesrequirementsforuser-initiatedsessionlocking;therefore,itisduplicativetoincludeaseparatesessionlockingrequirement.
FAU_STG.1-Protectedaudittrailstorage
FPT_ACF_EXT.1definesarequirementtoprotectauditlogs;therefore,itisduplicativetoincludeaseparateprotectionofaudittrailrequirements.
FAU_GEN.2-Useridentityassociation
FAU_GEN.1.2explicitlyrequiresthattheOSrecordanyuseraccountassociatedwitheachevent;therefore,itisduplicativetoincludeaseparaterequirementtoassociateauseraccountwitheachevent.
FAU_SAR.1-Auditreview
FPT_ACF_EXT.1.2requiresthatauditlogs(andotherobjects)areprotectedfromreadingbyunprivilegedusers;therefore,itisduplicativetoincludeaseparaterequirementtoprotectonlytheauditinformation.
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_STfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#bibCCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OS
-
AppendixE-References
-
AppendixF-Bibliography
Identifier Title
[CC] CommonCriteriaforInformationTechnologySecurityEvaluation-Part1:IntroductionandGeneralModel,CCMB-2017-04-001,Version3.1,Revision5,April2017.Part2:SecurityFunctionalComponents,CCMB-2017-04-002,Version3.1,Revision5,April2017.Part3:SecurityAssuranceComponents,CCMB-2017-04-003,Version3.1,Revision5,April2017.
[CEM] CommonEvaluationMethodologyforInformationTechnologySecurity-EvaluationMethodology,CCMB-2012-09-004,Version3.1,Revision4,September2012.
[CESG] CESG-EndUserDevicesSecurityandConfigurationGuidance
[CSA] ComputerSecurityActof1987,H.R.145,June11,1987.
[OMB] ReportingIncidentsInvolvingPersonallyIdentifiableInformationandIncorporatingtheCostforSecurityinAgencyInformationTechnologyInvestments,OMBM-06-19,July12,2006.
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CChttp://www.commoncriteriaportal.org/files/ccfiles/CCPART1V3.1R5.pdfhttp://www.commoncriteriaportal.org/files/ccfiles/CCPART2V3.1R5.pdfhttp://www.commoncriteriaportal.org/files/ccfiles/CCPART3V3.1R5.pdffile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CEMhttp://www.commoncriteriaportal.org/files/ccfiles/CEMV3.1R4.pdffile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CESGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CESGhttps://www.gov.uk/government/collections/end-user-devices-security-guidancefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSAhttp://csrc.nist.gov/groups/SMA/ispab/documents/csa_87.txtfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OMBhttp://www.whitehouse.gov/sites/default/files/omb/memoranda/fy2006/m06-19.pdffile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OMB
-
AppendixG-Acronyms
Acronym Meaning
AES AdvancedEncryptionStandard
API ApplicationProgrammingInterface
API ApplicationProgrammingInterface
ASLR AddressSpaceLayoutRandomization
Base-PP BaseProtectionProfile
CC CommonCriteria
CEM CommonEvaluationMethodology
CESG Communications-ElectronicsSecurityGroup
CMC CertificateManagementoverCMS
CMS CryptographicMessageSyntax
CN CommonNames
CRL CertificateRevocationList
CSA ComputerSecurityAct
CSP CriticalSecurityParameters
DAR DataAtRest
DEP DataExecutionPrevention
DES DataEncryptionStandard
DHE Diffie-HellmanEphemeral
DNS DomainNameSystem
DRBG DeterministicRandomBitGenerator
DSS DigitalSignatureStandard
DSS DigitalSignatureStandard
DT Date/TimeVector
DTLS DatagramTransportLayerSecurity
EAP ExtensibleAuthenticationProtocol
ECDHE EllipticCurveDiffie-HellmanEphemeral
ECDSA EllipticCurveDigitalSignatureAlgorithm
EST EnrollmentoverSecureTransport
FIPS FederalInformationProcessingStandards
HMAC Hash-basedMessageAuthenticationCode
HTTP HypertextTransferProtocol
HTTPS HypertextTransferProtocolSecure
IETF InternetEngineeringTaskForce
IP InternetProtocol
ISO InternationalOrganizationforStandardization
IT InformationTechnology
ITSEF InformationTechnologySecurityEvaluationFacility
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_AESfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_APIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_APIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ASLRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_Base-PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CEMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CESGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CMCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CMSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CMSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CNfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CRLfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSAfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DARfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DEPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DESfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DHEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DNSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DRBGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DSSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DSSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DTLSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_EAPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ECDHEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ECDSAfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ESTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_FIPSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_HMACfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_HTTPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_HTTPSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_IETFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_IPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ISOfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ITfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ITSEF
-
NIAP NationalInformationAssurancePartnership
NIST NationalInstituteofStandardsandTechnology
OCSP OnlineCertificateStatusProtocol
OE OperationalEnvironment
OID ObjectIdentifier
OMB OfficeofManagementandBudget
OS OperatingSystem
PII PersonallyIdentifiableInformation
PKI PublicKeyInfrastructure
PP ProtectionProfile
PP ProtectionProfile
PP-Configuration ProtectionProfileConfiguration
PP-Module ProtectionProfileModule
RBG RandomBitGenerator
RFC RequestforComment
RNG RandomNumberGenerator
RNGVS RandomNumberGeneratorValidationSystem
S/MIME Secure/Multi-purposeInternetMailExtensions
SAN SubjectAlternativeName
SAR SecurityAssuranceRequirement
SFR SecurityFunctionalRequirement
SHA SecureHashAlgorithm
SIP SessionInitiationProtocol
ST SecurityTarget
SWID SoftwareIdentification
TLS TransportLayerSecurity
TOE TargetofEvaluation
TSF TOESecurityFunctionality
TSFI TSFInterface
TSS TOESummarySpecification
URI UniformResourceIdentifier
URL UniformResourceLocator
USB UniversalSerialBus
VM VirtualMachine
XCCDF eXtensibleConfigurationChecklistDescriptionFormat
XOR ExclusiveOr
app Application
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_NIAPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_NISTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OCSPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OIDfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OMBfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PIIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PKIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Configurationfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_RBGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_RFCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_RNGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_RNGVSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_S/MIMEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SANfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SARfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SFRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SHAfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SIPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_STfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SWIDfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TLSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSFIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_URIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_URLfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_USBfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_VMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_XCCDFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_XORfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_app
-
AppendixH-Bibliography
Identifier Title
[CC] CommonCriteriaforInformationTechnologySecurityEvaluation-Part1:IntroductionandGeneralModel,CCMB-2017-04-001,Version3.1,Revision5,April2017.Part2:SecurityFunctionalComponents,CCMB-2017-04-002,Version3.1,Revision5,April2017.Part3:SecurityAssuranceComponents,CCMB-2017-04-003,Version3.1,Revision5,April2017.
[CEM] CommonEvaluationMethodologyforInformationTechnologySecurity-EvaluationMethodology,CCMB-2012-09-004,Version3.1,Revision4,September2012.
[CESG] CESG-EndUserDevicesSecurityandConfigurationGuidance
[CSA] ComputerSecurityActof1987,H.R.145,June11,1987.
[OMB] ReportingIncidentsInvolvingPersonallyIdentifiableInformationandIncorporatingtheCostforSecurityinAgencyInformationTechnologyInvestments,OMBM-06-19,July12,2006.
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CChttp://www.commoncriteriaportal.org/files/ccfiles/CCPART1V3.1R5.pdfhttp://www.commoncriteriaportal.org/files/ccfiles/CCPART2V3.1R5.pdfhttp://www.commoncriteriaportal.org/files/ccfiles/CCPART3V3.1R5.pdffile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CEMhttp://www.commoncriteriaportal.org/files/ccfiles/CEMV3.1R4.pdffile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CESGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CESGhttps://www.gov.uk/government/collections/end-user-devices-security-guidancefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSAhttp://csrc.nist.gov/groups/SMA/ispab/documents/csa_87.txtfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OMBhttp://www.whitehouse.gov/sites/default/files/omb/memoranda/fy2006/m06-19.pdffile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OMB
-
AppendixI-Acronyms
Acronym Meaning
AES AdvancedEncryptionStandard
API ApplicationProgrammingInterface
API ApplicationProgrammingInterface
ASLR AddressSpaceLayoutRandomization
Base-PP BaseProtectionProfile
CC CommonCriteria
CEM CommonEvaluationMethodology
CESG Communications-ElectronicsSecurityGroup
CMC CertificateManagementoverCMS
CMS CryptographicMessageSyntax
CN CommonNames
CRL CertificateRevocationList
CSA ComputerSecurityAct
CSP CriticalSecurityParameters
DAR DataAtRest
DEP DataExecutionPrevention
DES DataEncryptionStandard
DHE Diffie-HellmanEphemeral
DNS DomainNameSystem
DRBG DeterministicRandomBitGenerator
DSS DigitalSignatureStandard
DSS DigitalSignatureStandard
DT Date/TimeVector
DTLS DatagramTransportLayerSecurity
EAP ExtensibleAuthenticationProtocol
ECDHE EllipticCurveDiffie-HellmanEphemeral
ECDSA EllipticCurveDigitalSignatureAlgorithm
EST EnrollmentoverSecureTransport
FIPS FederalInformationProcessingStandards
HMAC Hash-basedMessageAuthenticationCode
HTTP HypertextTransferProtocol
HTTPS HypertextTransferProtocolSecure
IETF InternetEngineeringTaskForce
IP InternetProtocol
ISO InternationalOrganizationforStandardization
IT InformationTechnology
ITSEF InformationTechnologySecurityEvaluationFacility
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_AESfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_APIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_APIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ASLRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_Base-PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CEMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CESGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CMCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CMSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CMSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CNfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CRLfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSAfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_CSPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DARfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DEPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DESfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DHEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DNSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DRBGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DSSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DSSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_DTLSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_EAPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ECDHEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ECDSAfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ESTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_FIPSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_HMACfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_HTTPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_HTTPSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_IETFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_IPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ISOfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ITfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_ITSEF
-
NIAP NationalInformationAssurancePartnership
NIST NationalInstituteofStandardsandTechnology
OCSP OnlineCertificateStatusProtocol
OE OperationalEnvironment
OID ObjectIdentifier
OMB OfficeofManagementandBudget
OS OperatingSystem
PII PersonallyIdentifiableInformation
PKI PublicKeyInfrastructure
PP ProtectionProfile
PP ProtectionProfile
PP-Configuration ProtectionProfileConfiguration
PP-Module ProtectionProfileModule
RBG RandomBitGenerator
RFC RequestforComment
RNG RandomNumberGenerator
RNGVS RandomNumberGeneratorValidationSystem
S/MIME Secure/Multi-purposeInternetMailExtensions
SAN SubjectAlternativeName
SAR SecurityAssuranceRequirement
SFR SecurityFunctionalRequirement
SHA SecureHashAlgorithm
SIP SessionInitiationProtocol
ST SecurityTarget
SWID SoftwareIdentification
TLS TransportLayerSecurity
TOE TargetofEvaluation
TSF TOESecurityFunctionality
TSFI TSFInterface
TSS TOESummarySpecification
URI UniformResourceIdentifier
URL UniformResourceLocator
USB UniversalSerialBus
VM VirtualMachine
XCCDF eXtensibleConfigurationChecklistDescriptionFormat
XOR ExclusiveOr
app Application
file:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_NIAPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_NISTfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OCSPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OIDfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OMBfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_OSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PIIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PKIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Configurationfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_PP-Modulefile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_RBGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_RFCfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_RNGfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_RNGVSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_S/MIMEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SANfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SARfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SFRfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SHAfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SIPfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_STfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_SWIDfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TLSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSFIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TSSfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_TOEfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_URIfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_URLfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_USBfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_VMfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_XCCDFfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_XORfile:///home/runner/work/vvoip/vvoip/commoncriteria.github.io/pp/vvoip/vvoip.html?expand=on#abbr_app