Application Software

CCDB iTC Liaison:  US

Introduction and Status

The CCDB has established a Work Group to assist in creating an iTC (and hence cPPs) for Application Software (the Work Group name is abbreviated to "App SW WG"). The Work Group comprises participants from 6 nations, at present: Australia, Canada, Sweden, Turkey, the UK, and the US.

The invitation notice for joining the candidate iTC, with contact details, can be found here: iTC invitation letter.

To join the iTC, please message: iTC-AppSW@niap-ccevs.org.

The Application Software iTC has released their draft documents for public review

The Application Software iTC is happy to announce the public comment period for the Application Software cPP and associated documents. The review documents are available on github: https://github.com/appswcpp/repository

Below are the documents available for review:

  1. collaborative Protection Profile for Application Software
  2. Supporting Document for cPP
  3. Server Module
  4. Supporting Document for Server Module
  5. PP configuration for Server Module
  6. Agent Module
  7. Supporting Document for Agent Module
  8. PP configuration for Agent and Server Module
  9. Allowed with list

The comment period will be open for six weeks ending on July 16, 2021.

All comments are to be raised via github as issues. There are various categories of issues pertaining to each document listed above. Please see screenshot below:

Github Issues

Please use appropriate issue template and provide as much detail as possible.

Security Problem Definition (SPD)

The AppSW iTC released the second draft Security Problem Definition (SPD) document for public review. The public review will close on August 9th, 2017. All feedback should be submitted by this date using this review template. Completed review form should be e-mailed to iTC-AppSW-Tech-Editors@niap-ccevs.org

The AppSW iTC has released the draft Security Problem Definition (SPD) document for public review. The public review will close on Friday, May 5th, 2017.  All feedback should be submitted by this date using this review template.  Completed review forms should be e-mailed to iTC-AppSW-Tech-Editors@niap-ccevs.org

Initial Essential Security Requirements (ESR) and Position Statements

Essential Security Requirements

The working group has produced an Essential Security Requirements document for Application Software. The ESR represents the common needs of the WG members in the technology area. The document can be found here: Essential Security Requirements.

Information about Application Software cPP Position Statements can be found here:  Position Statements.