NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: pp_app_v1.2

Technology Type: Application Software

CC Version: 3.1

Date: 2016.04.25

Transition End Date: 2016.10.25

Preceded By: pp_app_v1.1

Succeeded By: pp_app_v1.3

Sunset Date: 2019.08.31

Conformance Claim: None

Protection Profile 

DoD Annex 

Control Mapping 

Usage Guidance 

PP OVERVIEW

The scope of this Protection Profile (PP) is to describe the security functionality of application software in terms of [CC] and to define functional and assurance requirements for such software. In recent years, software attacks have shifted from targeting operating systems to targeting applications. This has been the natural response to improvements in operating system security and development processes. As a result, it is paramount that the security of applications be improved to reduce the risk of compromise.

Assigned to the following Validated Products

• VID10840 – VMware Workspace ONE Boxer Email Client 5.4
• VID10874 – Hypori Client (Android) v4.1
• VID10875 – Hypori Client (iOS) v4.1
• VID10886 – Nubo Software Thin Client v2.0
• VID10904 – Enveil ZeroReveal™ Compute Fabric v1.1.1
• VID10915 – Apple iOS 11 Contacts
• VID10916 – Apple iOS 11 Safari
• VID10929 – CellCrypt Classified 2.0 (also known as Cellcrypt Federal)
• VID10957 – FireEye X-Agent 28
• VID10959 – Axway Validation Authority Suite 5.0
• VID10960 – Apple iOS 12 Safari
• VID10961 – Apple iOS 12 Contacts
• VID10970 – Cisco AnyConnect Secure Mobility Client v4.7 for Windows 10
• VID10976 – Cisco AnyConnect Secure Mobility Client v4.7 for Android
• VID11004 – Privileged Access Security-Digital Vault Server (EPV) version 10.4
• VID11005 – Privileged Access Security - Windows Components including PSM v10.4, CPM v10.4 and PVWA v10.4
• VID11006 – Privileged Access Security - Linux Components Including PSMP v10.4 and OPMv10.4
• VID11007 – Cisco Jabber 12.6 for Android 8 and iOS 12
• VID11011 – Cisco Jabber 12.6 for Windows 10
• VID11016 – Splunk Enterprise Version 7.3

Active Related Technical Decisions

• 0435 – Alternative to SELinux for FPT_AEX_EXT.1.3
• 0434 – Windows Desktop Applications Test
• 0427 – Reliable Time Source
• 0385 – FTP_DIT_EXT.1 Assurance Activity Clarification
• 0305 – Handling of TLS connections with and without mutual authentication
• 0304 – Update to FCS_TLSC_EXT.1.2
• 0244 – FCS_TLSC_EXT - TLS Client Curves Allowed
• 0174 – Optional Ciphersuites for TLS

Archived Related Technical Decisions

• 0392 – FCS_TLSC_EXT.1.2 Wildcard Checking
• 0390 – Cryptographically Secure RNG
• 0389 – Handling of SSH EP claim for platform
• 0382 – Configuration Storage Options for Apps
• 0380 – Linux Keyring Requirement in FCS_STO_EXT.1
• 0364 – Android mmap testing for FPT_AEX_EXT.1.1
• 0359 – Buffer Protection
• 0358 – Cipher Suites for TLS in SWApp v1.2
• 0327 – Default file permissions for FMT_CFG_EXT.1.2
• 0326 – RSA-based key establishment schemes
• 0300 – Sensitive Data in FDP_DAR_EXT.1
• 0296 – Update to FCS_HTTPS_EXT.1.3
• 0295 – Update to FPT_AEX_EXT.1.3 Assurance Activities
• 0293 – Update to FCS_CKM.1(1)
• 0283 – Cipher Suites for TLS in SWApp v1.2
• 0269 – Update to FPT_AEX_EXT.1.3 Assurance Activity
• 0268 – FMT_MEC_EXT.1 Clarification
• 0267 – TLSS testing - Empty Certificate Authorities list
• 0241 – Removal of Test 4.1 in FCS_TLSS_EXT.1.1
• 0238 – User-modifiable files FPT_AEX_EXT.1.4
• 0221 – FMT_SMF.1.1 - Assignments moved to Selections
• 0218 – Update to FPT_AEX_EXT.1.3 Assurance Activity
• 0217 – Compliance to RFC5759 and RFC5280 for using CRLs
• 0215 – Update to FCS_HTTPS_EXT.1.2
• 0192 – Update to FCS_STO_EXT.1 Application Note
• 0178 – Integrity for installation tests in AppSW PP
• 0177 – FCS_TLSS_EXT.1 Application Note Update
• 0172 – Additional APIs added to FCS_RBG_EXT.1.1
• 0163 – Update to FCS_TLSC_EXT.1.1 Test 5.4 and FCS_TLSS_EXT.1.1 Test
• 0131 – Update to FCS_TLSS_EXT.1.1 Test 4.5
• 0122 – FMT_SMF.1.1 Assignments moved to Selections
• 0121 – FMT_MEC_EXT.1.1 Configuration Options
• 0119 – FCS_STO_EXT.1.1 in PP_APP_v1.2
• 0107 – FCS_CKM - ANSI X9.31-1998, Section 4.1.for Cryptographic Key Generation