U.S. Government Approved Protection Profile - Extended Package for Web Browsers v2.0
Short Name: pp_app_webbrowser_ep_v2.0 Technology Type: Web Browser CC Version: 3.1 Date: 2015.06.16 Preceded By: pp_webbrowser_v1.0 Conformance Claim: None Protection ProfileProtection Profile ![[PDF]](/assets/images/icon_pdf.gif){kind=icon}
DoD Annex
Control Mapping
PP OVERVIEWWeb browsers are client applications that retrieve and render content provided by web servers, primarily using the hypertext transfer protocol (HTTP) or HTTP Secure (HTTPS). Browsers have grown in complexity over the years, starting as tools used to display simple, unchanging web pages and becoming sophisticated execution environments for web content. The use of browsers to administer accounts, servers or embedded systems remotely requires them to handle sensitive information securely. Innovations such as tabs, extensions and HTML5 have not only increased browser functionality, but also introduced new security concerns. Being the principal method for accessing the Internet, and due to their complexity and the information that they process, browsers are a natural target for attackers. As a result, it is paramount that the security of web browsers be improved to reduce the risk to client machines and enterprise networks. This Extended Package along with the Protection Profile for Application Software provide a baseline set of Security Functional Requirements for web browsers running on any operating system regardless of the composition of the underlying platform. The requirements are intended to improve the security of browsers by encouraging the use of operating system security services and requiring the use of sandboxing technologies and environmental mitigations provided by the underlying platform. Additionally, these requirements define security functionality that browsers must provide. This U.S. Government Approved Protection Profile is not assigned to any Validated ProductsActive Related Technical Decisions
Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT). Please forward any general questions to our Q&A tool. |
