NIAP: U.S. Government Approved Protection Profile - Extended Package for Web Browsers v2.0

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Approved PPs  »»  Details  
U.S. Government Approved Protection Profile - Extended Package for Web Browsers v2.0

Short Name: pp_app_webbrowser_ep_v2.0

Technology Type: Web Browser

CC Version: 3.1

Date: 2015.06.16

Preceded By: pp_webbrowser_v1.0

Conformance Claim: None

Protection Profile

Protection Profile [PDF]

DoD Annex [PDF]

Control Mapping [PDF]



Web browsers are client applications that retrieve and render content provided by web servers, primarily using the hypertext transfer protocol (HTTP) or HTTP Secure (HTTPS). Browsers have grown in complexity over the years, starting as tools used to display simple, unchanging web pages and becoming sophisticated execution environments for web content. The use of browsers to administer accounts, servers or embedded systems remotely requires them to handle sensitive information securely. Innovations such as tabs, extensions and HTML5 have not only increased browser functionality, but also introduced new security concerns. Being the principal method for accessing the Internet, and due to their complexity and the information that they process, browsers are a natural target for attackers. As a result, it is paramount that the security of web browsers be improved to reduce the risk to client machines and enterprise networks.

This Extended Package along with the Protection Profile for Application Software provide a baseline set of Security Functional Requirements for web browsers running on any operating system regardless of the composition of the underlying platform. The requirements are intended to improve the security of browsers by encouraging the use of operating system security services and requiring the use of sandboxing technologies and environmental mitigations provided by the underlying platform. Additionally, these requirements define security functionality that browsers must provide.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

Active Related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home