<
 
 
 
 
×
>
hide
You are viewing a Web site, archived on 22:35:53 Oct 14, 2004. It is now a Federal record managed by the National Archives and Records Administration.
External links, forms, and search boxes may not function within this collection.
NIAP NIST nsalogo
Home CCEVS Events Contacts Feedback
  Search NIAP site:
Products & Services
Common Criteria Evaluation
    Validated Scheme (CCEVS)

Configuration Guides
Validated Products
Products In Evaluation
Protection Profiles
   Development Process
   Consistency Instruction
     Manuals

   In Development
   NIAP Validated
Briefings
What's New

Events
Current Events
Past Events

Links & Organizations
NIST Home
NSA Home
NIST Computer Security
   Resource Center

Protection Profiles


A Protection Profile (PP) is an implementation-independent specification of information assurance security requirements. Protection profiles are a complete combination of security objectives, security related functional requirements, information assurance requirements, assumptions, and rationale.

The purpose of a PP is to state a security problem rigorously for a given collection of system or products - known as the Target of Evaluation (TOE) - and to specify security requirements to address that problem without dictating how these requirements will be implemented.

Product vendors may respond to the security concerns defined by a PP by producing a Security Target (ST), which is similar to a PP except that it contains implementation-specific information that demonstrate how their product addresses those security concerns.

In accordance with their respective responsibilities under Public Law 100-235 (Computer Security Act of 1987), the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) have agreed to cooperate on the development of security requirements for key technology areas necessary for the protection of Federal information systems and networks, including those comprising the critical infrastructure within the United States. NIST and NSA are undertaking this effort:

  • To ensure the U.S. Government has a consistent comprehensive set of recommended protection profiles for key technology areas;
  • To forge partnerships with public and private sector constituencies to develop and gain consensus on PPs important for critical infrastructure protection; and
  • To facilitate national and international convergence of protection profiles in key technology areas.

The following links focus on US Government Protection Profiles and will direct you to either the development process for US Government PPs, Consistency Instruction Manuals for different degrees of robustness, a list of US Government PPs in development, and, finally, a current list of NIAP Validated US Government PPs.

 


NIST Disclaimer Notice

Please read the NIST Privacy Statement / Security Notice.
Please send comments or suggestions to niap-info@nist.gov.
NIAP is in the Information Technology Laboratory at the National Institute of Standards and Technology.
NIST is an agency of the U.S. Commerce Department's Technology Administration.
NSA is an agency of the U.S. Department of Defense.

Page last updated: June 16, 2004 10:18 AM