NIAP: Archived U.S. Government Approved Protection Profile - U.S. Government Protection Profile Web Server for Basic Robustness Env...

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Archived PPs  »»  Details  
Archived U.S. Government Approved Protection Profile - U.S. Government Protection Profile Web Server for Basic Robustness Environments, Version 1.1

Short Name: pp_websvr_br_v1.1

Technology Type: Web Server

CC Version: 3.1

Date: 2007.07.25

Preceded By: pp_websvr_br_v1.0

Sunset Date: 2011.09.01 [Sunset Icon]

Conformance Claim: EAL2 Augmented

Protection Profile [PDF]

Addendum [PDF]



The “U.S. Government Protection Profile for Web Server in Basic Robustness Environments” specifies security requirements for a commercial-off-the-shelf (COTS) Web Server. A product compliant with this Protection Profile includes, but is not limited to, a Web Server and may be evaluated as a software only application layered on an underlying system (i.e., operating system, hardware, network services and/or custom software) and is usually embedded as a component of a larger system within an operational environment. This profile establishes the requirements necessary to achieve the security objectives of the Target of Evaluation (TOE) and its environment. Any ST claiming compliance to this PP must do so in a demonstratable manner.

A conformant product, in conjunction with an IT environment that satisfies all the requirements in this protection profile, provides necessary security services, mechanisms, and assurances to process administrative, private, and sensitive information. The intended environment for conformant products has a relatively low threat for the sensitivity of the data processed. Authorized users, including authorized administrators, of the TOE generally are trusted not to attempt to circumvent access controls implemented by the TOE to gain access to data for which they are not authorized.


July 25, 2007 - Assurance maintenance has been performed on this protection profile to update it to the common criteria version 3.1. This update caused a change in version number (from 1.0 to 1.1) that indicates an update has occurred. The updates included revisions based on the assurance requirements of the CC 3.1, removal of FPT_SEP and FPT_RVM since it is now covered by ADV_ARC and replacement of Explicitly stated requirements with Extended requirements (only the nomenclature changed and not the requirements.)

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home