Archived U.S. Government Approved Protection Profile - Protection Profile for Web Browsers Version 1.0
Short Name: pp_webbrowser_v1.0
Technology Type: Web Browser
CC Version: 3.1
Date: 31 March 2014
Succeeded By: pp_app_webbrowser_ep_v2.0
Sunset Date: 16 December 2015
Conformance Claim: None
Web browsers are client applications that retrieve and render content provided by web servers, primarily using the hypertext transfer protocol (HTTP) or HTTP Secure (HTTPS). Browsers have grown in complexity over the years, starting as tools used to display simple, unchanging web pages and becoming sophisticated execution environments for web content. The use of browsers to administer accounts, servers or embedded systems remotely requires them to handle sensitive information securely. Innovations such as tabs, extensions and HTML5 have not only increased browser functionality, but also introduced new security concerns. Being the principal method for accessing the Internet, and due to their complexity and the information that they process, browsers are a natural target for attackers. As a result, it is paramount that the security of web browsers be improved to reduce the risk to client machines and enterprise networks.
This document provides a baseline set of Security Functional Requirements (SFRs) for a web browser client. It is intended to improve the security of browsers by encouraging the use of operating system security services and requiring the use of sandboxing technologies and environmental mitigations provided by the underlying platform. Additionally, these requirements define security functionality that browsers must provide.
The requirements in this document apply to all web browsers that run on any operating system, regardless of the composition of the underlying platform.
This U.S. Government Approved Protection Profile is not assigned to any Validated Products
Related Technical Decision
- 0042 – Removal of Low-level Crypto Failure Audit from PPs
Please forward any questions or comments to firstname.lastname@example.org