Archived U.S. Government Approved Protection Profile - General-Purpose Operating System Protection Profile
Short Name: pp_gpos_v3.9
Technology Type: Operating System
CC Version: 3.1
Preceded By: pp_gpospp_v1.0
Sunset Date: 2015.07.01
Conformance Claim: NoneProtection Profile
The General-Purpose Operating System Protection Profile is a joint effort between both BSI and NIAP.
This document defines the security functionality expected to be provided by a general-purpose operating system capable of operating in a networked environment. It also provides a set of assurance components that define the minimum set to be used in an evaluation of an operating system for compliance with this Protection Profile. Part 2 of this PP defines the general approach and assurance activities required to be performed during the evaluation, thereby refining the stated assurance components.
The OSPP covers general-purpose operating systems that provide a multi-user and multi-tasking environment.
The main purpose of a general-purpose operating system (from a security point of view) is to provide defined objects, resources and services to entities using the functions provided by the operating system at its external interfaces, and to enforce a defined policy on access to objects, use of resources, and use of services. At a minimum, the operating systems addressed by this Protection Profile export interfaces to programs executing "on top of” the operating systems and interfaces to external entities, including network interfaces, as well as interfaces to devices that are used to "transport" data or actions of external entities to the operating system (for example, a keyboard and a mouse). In addition, the operating system uses functions of the underlying hardware and software to provide its functions, including using devices that are not connected to an external entity such that this entity could affect the behavior of the device directly (for example, hard disks or displays).
An operating system conformant to this Protection Profile can be operated as a server system within a data center, but also as a client system used directly by one or more human users. While it is mandatory that an operating system conformant to this Protection Profile must be capable of providing and using some basic network services, such a system may also be started in an environment where it is not connected to any network and with the network services inactive. It is mandatory that an operating system conformant to this Protection Profile must provide basic security functionality for user identification and authentication, access control, management and audit security functionality for user identification and authentication, access control, management and audit.
This U.S. Government Approved Protection Profile is not assigned to any Validated Products
This U.S. Government Approved Protection Profile does not have any related Technical Decisions
Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).
Please forward any general questions to our Q&A tool.