NIAP: Archived U.S. Government Approved Protection Profile - Controlled Access Protection Profile, Version 1.d

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Archived PPs  »»  Details  
Archived U.S. Government Approved Protection Profile - Controlled Access Protection Profile, Version 1.d

Short Name: pp_os_ca_v1.d

Technology Type: Operating System

CC Version: 2.x

Date: 1999.10.08

Sunset Date: 2009.12.09 [Sunset Icon]

Conformance Claim: EAL3

Protection Profile [PDF]



Herewith a brief summary, sufficiently detailed to enable a potential user to determine whether the PP is of interest.

The Common Criteria (CC) Controlled Access Protection Profile, hereafter called CAPP, specifies a set of security functional and assurance requirements for Information Technology (IT) products. CAPP conformant products support access controls that are capable of enforcing access limitations on individual users and data objects. CAPP-conformant products also provide an audit capability, which records the security-relevant events, which occur within the system. The CAPP provides for a level of protection, which is appropriate for an assumed non-hostile and well-managed user community requiring protection against threats of inadvertent or casual attempts to breach the system security. The profile is not intended to be applicable to circumstances in which protection is required against determined attempts by hostile and well-funded attackers to breach system security. The CAPP does not fully address the threats posed by malicious system development or administrative personnel. CAPP-conformant products are suitable for use in both commercial and government environments.

The CAPP was derived from the requirements of the C2 class of the U.S. Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC), dated December 1985, and the material upon which those requirements are based. This protection profile provides security functions and assurances, which are equivalent to those provided by the TCSEC and replaces the requirements used for C2 trusted product evaluations.

The CAPP is generally applicable to distributed systems but does not address the security requirements, which arise specifically out of the need to distribute the resources within a network.


The CAPP is for a generalized environment with a moderate level of risk to the assets. The assurance requirements and the minimum strength of function were chosen to be consistent with that level of risk. The assurance level is EAL 3 and the minimum strength of function is SOF-medium.


Because a PP is written to be implementation-independent, there may be some ambiguities that do not arise until a specific implementation is being evaluated against it. When this happens, a resolution is established through the Observation Decision (OD) process in the form of a Precedent Decision (PD), which is to be used consistently in subsequent evaluations involving the PP in question. The Precedent Decisions specifically associated with this PP are listed below:

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home