NIAP: U.S. Government Approved Protection Profile - Extended Package for Email Clients v2.0

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Approved PPs  »»  Details  
U.S. Government Approved Protection Profile - Extended Package for Email Clients v2.0

Short Name: pp_app_emailclient_ep_v2.0

Technology Type: Email Client

CC Version: 3.1

Date: 2015.06.18

Preceded By: pp_emailclient_v1.0

Conformance Claim: None

Protection Profile

Protection Profile [PDF]

Control Mapping [PDF]



Email clients are user applications that provide functionality to send, receive, access and manage email. The complexity of email content and email clients has grown over time. Modern email clients can render HTML as well as plaintext, and may include functionality to display common attachment formats, such as Adobe PDF and Microsoft Word documents. Some email clients allow their functionality to be modified by users through the addition of addons.Protocols have also been defined for communicating between email clients and servers. Some clients support multiple protocols for doing the same task, allowing them to be configured according to email server specifications.

The complexity and rich feature set of modern email clients make them a target for attackers, introducing security concerns. This document is intended to facilitate the improvement of email client security by requiring use of operating system security services, cryptographic standards, and environmental mitigations. Additionally, the requirements in this document define acceptable behavior for email clients regardless of the security features provided by the operating system.

This Extended Package along with the Protection Profile for Application Software provide a baseline set of Security Functional Requirements for email clients running on any operating system regardless of the composition of the underlying platform.

Assigned to the following Validated Products

Active Related Technical Decisions

Archived Related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home