Introduction

From the CCDB-established Working Group, the iTC for Application Software (AppSW-iTC for short) was formed. The AppSW-iTC consists of members of Certification Bodies, labs and vendors working together to create requirements for application security testing.

AppSW-iTC Github Repository

To join the AppSW-iTC, please send a message to: cm-itc-mailing-list@gmail.com

Current Status

The AppSW-iTC has published the version 1.0e Public Release of the collaborative Protection Profile (cPP) and Supporting Document (SD) as of February 15th, 2024.

Public Review Timeline

The Current Documents for Review section provides links to the documents under review.

Current Documents for Review

Version 2.0 Draft Review

Review Package Date

May 13, 2026

Status

iTC Draft Review

The following Version 2.0 draft review documents are available for iTC review. This draft reflects the rebaseline of the Application Software cPP from the NIAP Protection Profile for Application Software, Version 2.0, and includes the draft distributed TOE, microservices, module, and PP-Configuration updates.

Reviewers are encouraged to provide comments on the Version 2.0 draft review by opening issues in the AppSW-iTC repository issue tracker.

Table 1. Version 2.0 Draft Review Documents
Title Version Links

Collaborative Protection Profile for Application Software

2.0 Draft

Crystal Clear mimetype pdf

Supporting Document Mandatory Technical Document: Evaluation Activities for Collaborative Protection Profile for Application Software

2.0 Draft

Crystal Clear mimetype pdf

PP-Module for Application Software Server

2.0 Draft

Crystal Clear mimetype pdf

PP-Module for Application Software Agent

2.0 Draft

Crystal Clear mimetype pdf

PP-Configuration for Enterprise Server Applications

2.0 Draft

Crystal Clear mimetype pdf

PP-Configuration for Enterprise Server Applications and Agent/Application Component(s)

2.0 Draft

Crystal Clear mimetype pdf

Current Published Documents

Version 1.0e

Publication Date

February 15, 2024

Sunset Date

Active

Retired Date

Active

The following are the documents are included in Version 1.0e:

Table 2. Public Release v1.0e Documents
Title Version Links Latest TD Version Links

collaborative Protection Profile for Application Software - [cPP_APP_SW]

1.0e

Crystal Clear mimetype pdf iconfinder HTML Logo 65687

Supporting Document Mandatory Technical Document: Evaluation Activities for collaborative Protection Profile for Application Software - [SD_APP_SW]

1.0e

Crystal Clear mimetype pdf iconfinder HTML Logo 65687

collaborative Protection Profile for Application Software - Allowed With List

1.0e

Crystal Clear mimetype pdf

collaborative PP-Module for Server Applications [MOD_Server]

1.0e

Crystal Clear mimetype pdf iconfinder HTML Logo 65687

Supporting Document Mandatory Technical Document: Evaluation Activities for collaborative Protection Profile Module for Server Applications [SD_MOD_Server]

1.0e

Crystal Clear mimetype pdf iconfinder HTML Logo 65687

PP-Configuration for Enterprise Server Applications [cPP + MOD_Server]

1.0e

Crystal Clear mimetype pdf iconfinder HTML Logo 65687

collaborative PP-Module for Agent Applications [MOD_Agent]

1.0e

Crystal Clear mimetype pdf iconfinder HTML Logo 65687

Supporting Document Mandatory Technical Document: Evaluation Activities for collaborative Protection Profile Module for Agent Applications [SD_MOD_Agent]

1.0e

Crystal Clear mimetype pdf iconfinder HTML Logo 65687

PP-Configuration for Enterprise Server Applications and Client Agent(s) [cPP + MOD_Server + MOD_Agent]

1.0e

Crystal Clear mimetype pdf iconfinder HTML Logo 65687
Table 3. GitHub Public Release Packages
Title Link

cPP + Modules V1.0e Release package

GitHub Mark 64px

Version 1.0

Publication Date

April 6, 2022

Sunset Date

Active

Retired Date

Active

The following are the documents are included in Version 1.0:

Table 4. Public Release v1.0 Documents
Title Version Links Latest TD Version Links

collaborative Protection Profile for Application Software - [cPP_APP_SW]

1.0

Crystal Clear mimetype pdf iconfinder HTML Logo 65687

Supporting Document Mandatory Technical Document: Evaluation Activities for collaborative Protection Profile for Application Software - [SD_APP_SW]

1.0

Crystal Clear mimetype pdf iconfinder HTML Logo 65687

collaborative Protection Profile for Application Software - Allowed With List

1.0

Crystal Clear mimetype pdf

collaborative PP-Module for Server Applications [MOD_Server]

1.0

Crystal Clear mimetype pdf iconfinder HTML Logo 65687

Supporting Document Mandatory Technical Document: Evaluation Activities for collaborative Protection Profile Module for Server Applications [SD_MOD_Server]

1.0

Crystal Clear mimetype pdf iconfinder HTML Logo 65687

PP-Configuration for Enterprise Server Applications [cPP + MOD_Server]

1.0

Crystal Clear mimetype pdf iconfinder HTML Logo 65687

collaborative PP-Module for Agent Applications [MOD_Agent]

1.0

Crystal Clear mimetype pdf iconfinder HTML Logo 65687

Supporting Document Mandatory Technical Document: Evaluation Activities for collaborative Protection Profile Module for Agent Applications [SD_MOD_Agent]

1.0

Crystal Clear mimetype pdf iconfinder HTML Logo 65687

PP-Configuration for Enterprise Server Applications and Client Agent(s) [cPP + MOD_Server + MOD_Agent]

1.0

Crystal Clear mimetype pdf iconfinder HTML Logo 65687
Table 5. GitHub Public Release Packages
Title Link

cPP + Modules V1.0 Release package

GitHub Mark 64px

Technical Decisions

Technical Decisions produced by the AppSW-iTC be found at the AppSW-iTC Technical Decisions page.