U.S. Government Approved Protection Profile - PP-Module for SSL/TLS Inspection Proxy Version 1.1
Short Name: mod_stip_v1.1 Technology Type: Traffic Monitoring CC Version: 3.1 Date: 2022.11.17 Transition End Date: 2023.05.15 Preceded By: mod_stip_v1.0 Conformance Claim: None Protection ProfileProtection Profile Supporting Docs Supporting Docs PP Configuration for ND-STIP_V1.1 Control Mapping PP Configuration Document for NDcPP-STIP_v2.0
PP OVERVIEWThis PP-Module is intended to specify the functionality of a network device that includes limited Certification Authority (CA) functionality to issue certificates for the purpose of providing network security services on the underlying plaintext. The device accomplishes this by terminating an intended TLS session between a monitored client and specified external servers. The device instead establishes a TLS session thread consisting of a TLS session between the device and the external server and a second TLS session between the device, acting as the external server, and the client. By replacing the end-to-end TLS session with two TLS sessions terminated at the TOE, the device is able to provide additional security services based on the decrypted plaintext.
Assigned to the following Validated ProductsActive Related Technical Decisions
Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT). Please forward any general questions to our Q&A tool. |