U.S. Government Approved Protection Profile - Extended Package for Email Clients v2.0
Short Name: pp_app_emailclient_ep_v2.0
Technology Type: Email Client
CC Version: 3.1
Preceded By: pp_emailclient_v1.0
Conformance Claim: NoneProtection Profile
Email clients are user applications that provide functionality to send, receive, access and manage email. The complexity of email content and email clients has grown over time. Modern email clients can render HTML as well as plaintext, and may include functionality to display common attachment formats, such as Adobe PDF and Microsoft Word documents. Some email clients allow their functionality to be modified by users through the addition of addons.Protocols have also been defined for communicating between email clients and servers. Some clients support multiple protocols for doing the same task, allowing them to be configured according to email server specifications.
The complexity and rich feature set of modern email clients make them a target for attackers, introducing security concerns. This document is intended to facilitate the improvement of email client security by requiring use of operating system security services, cryptographic standards, and environmental mitigations. Additionally, the requirements in this document define acceptable behavior for email clients regardless of the security features provided by the operating system.
This Extended Package along with the Protection Profile for Application Software provide a baseline set of Security Functional Requirements for email clients running on any operating system regardless of the composition of the underlying platform.
Assigned to the following Validated Products
Active Related Technical Decisions
Archived Related Technical Decisions
Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).
Please forward any general questions to our Q&A tool.