NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: pp_app_v1.3

Technology Type: Application Software

CC Version: 3.1

Date: 2019.03.01

Preceded By: pp_app_v1.2

Succeeded By: pp_app_v1.4

Sunset Date: 2022.04.18

Conformance Claim: None

Protection Profile 

Extended Component Definitions 

Control Mapping 

Usage Guidance 

PP OVERVIEW

The scope of this Protection Profile (PP) is to describe the security functionality of application software in terms of [CC] and to define functional and assurance requirements for such software. In recent years, software attacks have shifted from targeting operating systems to targeting applications. This has been the natural response to improvements in operating system security and development processes. As a result, it is paramount that the security of applications be improved to reduce the risk of compromise.

SECURITY EVALUATION SUMMARY

The requirements in this document apply to application software which runs on any type of platform. Some application types are covered by more specific PPs, which may be expressed as PP-Modules of this PP. Such applications are subject to the requirements of both this PP and the PP-Module that addresses their special functionality. PPs for some particularly specialized applications may not be expressed as PP-Modules at this time, though the requirements in this document should be seen as objectives for those highly specialized applications.

Assigned to the following Validated Products

• VID11113 – IBM MaaS360 2.106.500.016 Cloud Extender
• VID11157 – VMware Workspace ONE Boxer Email Client Version 21.05
• VID11201 – Axonius Cybersecurity Asset Management Platform v4.0-f
• VID11216 – Fortra’s GoAnywhere Managed File Transfer v6.8
• VID11226 – Cisco AnyConnect Secure Mobility Client v4.10 for Windows 10
• VID11227 – Cisco AnyConnect Secure Mobility Client v4.10 for Android 11
• VID11243 – Apple macOS 11 Big Sur: Contacts
• VID11251 – Cisco Jabber 14.0 for Windows 10
• VID11263 – Samsung Knox File Encryption 1.4
• VID11278 – Cellcrypt Android Mobile Client version 4.40
• VID11289 – Cisco AnyConnect Secure Mobility Client v4.10 for Red Hat Enterprise Linux 8.1
• VID11303 – Aruba Virtual Intranet Access (VIA) Client v4.3

Active Related Technical Decisions

• 0719 – ECD for PP APP V1.3 and 1.4
• 0600 – Conformance claim sections updated to allow for MOD_VPNC_V2.3
  • References:  Section 2

Archived Related Technical Decisions

• 0720 – Format changes for PP_APP_V1.3
• 0668 – X.509 SFR Applicability in App PP
• 0601 – X.509 SFR Applicability in App PP
• 0598 – Expanded AES Modes in FCS_COP for App PP
• 0587 – X.509 SFR Applicability in App PP
• 0582 – PP-Configuration for Application Software and Virtual Private Network (VPN) Clients now allowed
• 0561 – Signature verification update
• 0554 – iOS/iPadOS/Android AppSW Virus Scan
• 0548 – Integrity for installation tests in AppSW PP 1.3
• 0544 – Alternative testing methods for FPT_AEX_EXT.1.1
• 0543 – FMT_MEC_EXT.1 evaluation activity update
• 0540 – Expanded AES Modes in FCS_COP
• 0521 – Updates to Certificate Revocation (FIA_X509_EXT.1)
• 0519 – Linux symbolic links and FMT_CFG_EXT.1
• 0515 – Use Android APK manifest in test
• 0510 – Obtaining random bytes for iOS/macOS
• 0505 – Clarification of revocation testing under RFC6066
• 0498 – Application Software PP Security Objectives and Requirements Rationale
• 0495 – FIA_X509_EXT.1.2 Test Clarification
• 0486 – Removal of PP-Module for VPN Clients from allowed with list
• 0473 – Support for Client or Server TOEs in FCS_HTTPS_EXT
• 0471 – Changes to App PP v1.3 related to PP-Modules
• 0465 – Configuration Storage for .NET Apps
• 0445 – User Modifiable File Definition
• 0444 – IPsec selections
• 0437 – Supported Configuration Mechanism
• 0435 – Alternative to SELinux for FPT_AEX_EXT.1.3
• 0434 – Windows Desktop Applications Test
• 0427 – Reliable Time Source
• 0416 – Correction to FCS_RBG_EXT.1 Test Activity