NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
|
|
|
Archived U.S. Government Approved Protection Profile - Protection Profile for Application Software Version 1.3
Short Name:
pp_app_v1.3
Technology Type:
Application Software
CC Version:
3.1
Date:
2019.03.01
Preceded By:
pp_app_v1.2
Succeeded By:
pp_app_v1.4
Sunset Date:
2022.04.18
Conformance Claim:
None
Protection Profile
Protection Profile
Extended Component Definitions
Control Mapping
Mobile App Vetting
Usage Guidance
PP OVERVIEW
The scope of this Protection Profile (PP) is to describe the security functionality of application software in terms of [CC] and to define functional and assurance requirements for such software. In recent years, software attacks have shifted from targeting operating systems to targeting applications. This has been the natural response to improvements in operating system security and development processes. As a result, it is paramount that the security of applications be improved to reduce the risk of compromise.
SECURITY EVALUATION SUMMARY
The requirements in this document apply to application software which runs on any type of platform. Some application types are covered by more specific PPs, which may be expressed as PP-Modules of this PP. Such applications are subject to the requirements of both this PP and the PP-Module that addresses their special functionality. PPs for some particularly specialized applications may not be expressed as PP-Modules at this time, though the requirements in this document should be seen as objectives for those highly specialized applications.
Assigned to the following Validated Products
Active Related Technical Decisions
-
0720 – Format changes for PP_APP_V1.3
References: FCS_COP.1(1), FCS_COP.1(2), FCS_COP.1(3), FCS_COP.1(4)
-
0719 – ECD for PP APP V1.3 and 1.4
-
0668 – X.509 SFR Applicability in App PP
References: FIA_X509_EXT.1, FIA_X509_EXT.2, FTP_DIT_EXT.1, FCS_HTTPS_EXT.1
-
0601 – X.509 SFR Applicability in App PP
References: FIA_X509_EXT.1, FIA_X509_EXT.2, FTP_DIT_EXT.1, FCS_HTTPS_EXT.1
-
0600 – Conformance claim sections updated to allow for MOD_VPNC_V2.3
-
0598 – Expanded AES Modes in FCS_COP for App PP
-
0582 – PP-Configuration for Application Software and Virtual Private Network (VPN) Clients now allowed
References: Section 2, FDP_DAR_EXT.1
-
0561 – Signature verification update
References: FPT_TUD_EXT.1.4, FPT_TUD_EXT.2
-
0554 – iOS/iPadOS/Android AppSW Virus Scan
-
0548 – Integrity for installation tests in AppSW PP 1.3
References: FPT_TUD_EXT.1.3
-
0544 – Alternative testing methods for FPT_AEX_EXT.1.1
References: FPT_AEX_EXT.1
-
0543 – FMT_MEC_EXT.1 evaluation activity update
References: FMT_MEC_EXT.1
-
0519 – Linux symbolic links and FMT_CFG_EXT.1
References: FMT_CFG_EXT.1.2
-
0515 – Use Android APK manifest in test
References: FDP_DEC_EXT.1
-
0510 – Obtaining random bytes for iOS/macOS
References: FCS_RBG_EXT.1
-
0498 – Application Software PP Security Objectives and Requirements Rationale
References: Section 4.3 and Section 5.2
-
0495 – FIA_X509_EXT.1.2 Test Clarification
References: FIA_X509_EXT.1.2
-
0465 – Configuration Storage for .NET Apps
References: FMT_MEC_EXT.1
-
0445 – User Modifiable File Definition
References: FPT_AEX_EXT.1.4
-
0437 – Supported Configuration Mechanism
References: FMT_MEC_EXT.1.1
-
0435 – Alternative to SELinux for FPT_AEX_EXT.1.3
References: FPT_AEX_EXT.1.3
-
0434 – Windows Desktop Applications Test
References: FDP_DEC_EXT.1.1
-
0427 – Reliable Time Source
-
0416 – Correction to FCS_RBG_EXT.1 Test Activity
References: FCS_RBG_EXT.1.1
Archived Related Technical Decisions
|