Protection Profiles
A Protection Profile (PP) is an implementation-independent specification
of information assurance security requirements. Protection profiles
are a complete combination of security objectives, security related
functional requirements, information assurance requirements, assumptions,
and rationale.
The purpose of a PP is to state a security problem rigorously
for a given collection of system or products - known as the Target
of Evaluation (TOE) - and to specify security requirements to address
that problem without dictating how these requirements will be implemented.
Product vendors may respond to the security concerns defined by
a PP by producing a Security Target (ST), which is similar to a
PP except that it contains implementation-specific information
that demonstrate how their product addresses those security concerns.
In accordance with their respective responsibilities under Public
Law 100-235 (Computer Security Act of 1987), the National Institute
of Standards and Technology (NIST) and the National Security Agency
(NSA) have agreed to cooperate on the development of security requirements
for key technology areas necessary for the protection of Federal
information systems and networks, including those comprising the
critical infrastructure within the United States. NIST and NSA
are undertaking this effort:
- To ensure the U.S. Government has a consistent comprehensive set
of recommended protection profiles for key technology areas;
- To forge partnerships with public and private sector constituencies
to develop and gain consensus on PPs important for critical
infrastructure protection; and
- To facilitate national and international convergence of protection
profiles in key technology areas.
The following links focus on US Government Protection Profiles
and will direct you to either the development
process for US Government PPs, Consistency
Instruction Manuals for different degrees of
robustness, a list of US
Government PPs in development, and, finally,
a current list of NIAP
Validated US Government PPs.
|