NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: pp_app_v1.3

Technology Type: Application Software

CC Version: 3.1

Date: 2019.03.01

Preceded By: pp_app_v1.2

Succeeded By: pp_app_v1.4

Sunset Date: 2022.04.18

Conformance Claim: None

Protection Profile 

Extended Component Definitions 

Control Mapping 

Usage Guidance 

PP OVERVIEW

The scope of this Protection Profile (PP) is to describe the security functionality of application software in terms of [CC] and to define functional and assurance requirements for such software. In recent years, software attacks have shifted from targeting operating systems to targeting applications. This has been the natural response to improvements in operating system security and development processes. As a result, it is paramount that the security of applications be improved to reduce the risk of compromise.

SECURITY EVALUATION SUMMARY

The requirements in this document apply to application software which runs on any type of platform. Some application types are covered by more specific PPs, which may be expressed as PP-Modules of this PP. Such applications are subject to the requirements of both this PP and the PP-Module that addresses their special functionality. PPs for some particularly specialized applications may not be expressed as PP-Modules at this time, though the requirements in this document should be seen as objectives for those highly specialized applications.

Assigned to the following Validated Products

• VID11113 – IBM MaaS360 2.106.500.016 Cloud Extender
• VID11136 – Enveil ZeroReveal™ Compute Fabric Client v2.5.4
• VID11151 – Enveil ZeroReveal™ Compute Fabric Server v2.5.4
• VID11155 – VMware Carbon Black Endpoint Detection and Response (EDR) Windows Sensor 7.2
• VID11156 – VMware Carbon Black Endpoint Detection and Response (EDR) Server 7.5
• VID11157 – VMware Workspace ONE Boxer Email Client Version 21.05
• VID11159 – Hypori Virtual Mobile Infrastructure Platform 4.2.0 Client (Windows)
• VID11161 – Samsung Knox File Encryption 1.3
• VID11170 – Perspecta Labs SecureIO v2.0.4
• VID11191 – Apple iOS 14 and iPadOS 14: Contacts
• VID11192 – Apple iOS 14 and iPadOS 14: Safari
• VID11201 – Axonius Cybersecurity Asset Management Platform v4.0-f
• VID11205 – Cisco AnyConnect Secure Mobility Client v4.9 for iOS 13
• VID11226 – Cisco AnyConnect Secure Mobility Client v4.10 for Windows 10
• VID11227 – Cisco AnyConnect Secure Mobility Client v4.10 for Android 11
• VID11243 – Apple macOS 11 Big Sur: Contacts
• VID11251 – Cisco Jabber 14.0 for Windows 10
• VID11263 – Samsung Knox File Encryption 1.4
• VID11278 – Cellcrypt Android Mobile Client version 4.40
• VID11289 – Cisco AnyConnect Secure Mobility Client v4.10 for Red Hat Enterprise Linux 8.1
• VID11303 – Aruba Virtual Intranet Access (VIA) Client v4.3

Active Related Technical Decisions

• 0720 – Format changes for PP_APP_V1.3
  • References:  FCS_COP.1(1), FCS_COP.1(2), FCS_COP.1(3), FCS_COP.1(4)
• 0719 – ECD for PP APP V1.3 and 1.4
• 0668 – X.509 SFR Applicability in App PP
  • References:  FIA_X509_EXT.1, FIA_X509_EXT.2, FTP_DIT_EXT.1, FCS_HTTPS_EXT.1
• 0601 – X.509 SFR Applicability in App PP
  • References:  FIA_X509_EXT.1, FIA_X509_EXT.2, FTP_DIT_EXT.1, FCS_HTTPS_EXT.1
• 0600 – Conformance claim sections updated to allow for MOD_VPNC_V2.3
  • References:  Section 2
• 0598 – Expanded AES Modes in FCS_COP for App PP
  • References:  FCS_COP.1(1)
• 0582 – PP-Configuration for Application Software and Virtual Private Network (VPN) Clients now allowed
  • References:  Section 2, FDP_DAR_EXT.1
• 0561 – Signature verification update
  • References:  FPT_TUD_EXT.1.4, FPT_TUD_EXT.2
• 0554 – iOS/iPadOS/Android AppSW Virus Scan
  • References:  AVA_VAN.1
• 0548 – Integrity for installation tests in AppSW PP 1.3
  • References:  FPT_TUD_EXT.1.3
• 0544 – Alternative testing methods for FPT_AEX_EXT.1.1
  • References:  FPT_AEX_EXT.1
• 0543 – FMT_MEC_EXT.1 evaluation activity update
  • References:  FMT_MEC_EXT.1
• 0519 – Linux symbolic links and FMT_CFG_EXT.1
  • References:  FMT_CFG_EXT.1.2
• 0515 – Use Android APK manifest in test
  • References:  FDP_DEC_EXT.1
• 0510 – Obtaining random bytes for iOS/macOS
  • References:  FCS_RBG_EXT.1
• 0498 – Application Software PP Security Objectives and Requirements Rationale
  • References:  Section 4.3 and Section 5.2
• 0495 – FIA_X509_EXT.1.2 Test Clarification
  • References:  FIA_X509_EXT.1.2
• 0465 – Configuration Storage for .NET Apps
  • References:  FMT_MEC_EXT.1
• 0445 – User Modifiable File Definition
  • References:  FPT_AEX_EXT.1.4
• 0437 – Supported Configuration Mechanism
  • References:  FMT_MEC_EXT.1.1
• 0435 – Alternative to SELinux for FPT_AEX_EXT.1.3
  • References:  FPT_AEX_EXT.1.3
• 0434 – Windows Desktop Applications Test
  • References:  FDP_DEC_EXT.1.1
• 0427 – Reliable Time Source
  • References:  A.Platform
• 0416 – Correction to FCS_RBG_EXT.1 Test Activity
  • References:  FCS_RBG_EXT.1.1

Archived Related Technical Decisions

• 0587 – X.509 SFR Applicability in App PP
• 0540 – Expanded AES Modes in FCS_COP
• 0521 – Updates to Certificate Revocation (FIA_X509_EXT.1)
• 0505 – Clarification of revocation testing under RFC6066
• 0486 – Removal of PP-Module for VPN Clients from allowed with list
• 0473 – Support for Client or Server TOEs in FCS_HTTPS_EXT
• 0471 – Changes to App PP v1.3 related to PP-Modules
• 0444 – IPsec selections