NIAP: Archived U.S. Government Approved Protection Profile - Protection Profile for Web Browsers Version 1.0

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Archived PPs  »»  Details  
Archived U.S. Government Approved Protection Profile - Protection Profile for Web Browsers Version 1.0

Short Name: pp_webbrowser_v1.0

Technology Type: Web Browser

CC Version: 3.1

Date: 2014.03.31

Succeeded By: pp_app_webbrowser_ep_v2.0

Sunset Date: 2015.12.16 [Sunset Icon]

Conformance Claim: None

Protection Profile [PDF]

DoD Annex [PDF]



Web browsers are client applications that retrieve and render content provided by web servers, primarily using the hypertext transfer protocol (HTTP) or HTTP Secure (HTTPS). Browsers have grown in complexity over the years, starting as tools used to display simple, unchanging web pages and becoming sophisticated execution environments for web content. The use of browsers to administer accounts, servers or embedded systems remotely requires them to handle sensitive information securely. Innovations such as tabs, extensions and HTML5 have not only increased browser functionality, but also introduced new security concerns. Being the principal method for accessing the Internet, and due to their complexity and the information that they process, browsers are a natural target for attackers. As a result, it is paramount that the security of web browsers be improved to reduce the risk to client machines and enterprise networks.

This document provides a baseline set of Security Functional Requirements (SFRs) for a web browser client. It is intended to improve the security of browsers by encouraging the use of operating system security services and requiring the use of sandboxing technologies and environmental mitigations provided by the underlying platform. Additionally, these requirements define security functionality that browsers must provide.

The requirements in this document apply to all web browsers that run on any operating system, regardless of the composition of the underlying platform.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

Active Related Technical Decision

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home