NIAP: Archived U.S. Government Approved Protection Profile - Protection Profile for General Purpose Operating Systems Version 4.2.1

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Archived PPs  »»  Details  
Archived U.S. Government Approved Protection Profile - Protection Profile for General Purpose Operating Systems Version 4.2.1

Short Name: pp_os_v4.2.1

Technology Type: Operating System

CC Version: 3.1

Date: 2019.04.22

Preceded By: pp_os_v4.2

Succeeded By: pp_os_v4.3

Sunset Date: 2023.03.27 [Sunset Icon]

Conformance Claim: None

Protection Profile

Protection Profile [PDF]

Configuration Annex

Control Mapping [PDF]

Configuration Annex [PDF]



This minor version, GPOS PP, Version 4.2.1, has been published solely to address issues identified as a result of the evaluation of the GPOS PP, Version 4.2 . The only changes made were typographical errors related to the CC conventions for indicating assignments, selections, and refinements and updates for incomplete SFR mappings to objectives and their rationale. No additional changes were made and all Technical Decisions published for GPOS PP V4.2 have been updated to apply to this V4.2.1. The Configuration Annex also remains unchanged.

The scope of this Protection Profile (PP) is to describe the security functionality of operating systems in terms of [CC] and to define functional and assurance requirements for such products. An operating system is software that manages computer hardware and software resources, and provides common services for application programs. The hardware it manages may be physical or virtual.

The TOE boundary encompasses the OS kernel and its drivers, shared software libraries, and some application software included with the OS. The applications considered within the TOE are those that provide essential security services, many of which run with elevated privileges. Applications which are covered by more-specific Protection Profiles cannot claim evaluation as part of the OS evaluation, even when it is necessary to evaluate some of their functionality as it relates to their role as part of the OS.

The TOE platform, which consists of the physical or virtual hardware on which the TOE executes, is outside the scope of evaluation. At the same time, the security of the TOE relies upon it. Other hardware components which independently run their own software and are relevant to overall system security are also outside the scope of evaluation.

Assigned to the following Validated Products

Active Related Technical Decisions

Archived Related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home