Protection Profile

A Protection Profile (PP) is a document typically created by a user or user community which is an implementation independent specification of information assurance security requirements. A PP is a complete combination of security objectives, security related functional requirements, information assurance requirements, assumptions, and rationale.

A PP is part of the evaluation process for the Common Criteria (CC) standard and CC certification is sometimes required for IT procurement.

The National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) have agreed to cooperate on the development of validated U.S. government PPs.

A PP states a security problem rigorously for a given collection of system or products, known as the Target of Evaluation (TOE) and to specify security requirements to address that problem without dictating how these requirements will be implemented.

Product vendors can choose to implement products that comply with one or more PPs, and have their products evaluated against those PPs. In such a case, a PP may serve as a template for the product's Security Target (ST). Product vendors may respond to the security concerns defined by a PP by producing a ST, which is similar to a PP except that it contains implementation-specific information that demonstrate how their product addresses those security concerns.

• Anti-Virus
• Key Recovery
• PKI/KMI
• Biometrics
• Certificate Management
• Tokens
• DBMS
• Firewalls
• Operating System
• IDS/IPS
• Peripheral Switch

• Switches and Routers
• Biometrics
• Remote Access
• Mobile Code
• Secure Messaging
• Multiple Domain Solutions
• VPN
• Wireless LAN
• Guards
• Single-Level Web Server

• Smart Cards

• NIAP Protection Profiles
• Computer Security Act of 1987