Protection Profile
Protection Profile: A minimal, baseline set of requirements targeted at mitigating well defined and described threats.
Definition
A minimal, baseline set of requirements targeted at mitigating well defined and described threats. The term Protection Profile refers to NSA/NIAP requirements for a technology and does not imply or require the use of Common Criteria as the proce ss for evaluating a product. Protection Profiles may be created by Technical Communities and will incl ude: - a set of technology-specific threats derived from operational knowled ge and technical expertise; - a set of core functional requirements necessary to mitigate those threats and establish a basic level of security for a particular technology; and, - a collection of assurance activities tailored to the technology and functional requirements that are transparent, and produce achievable, repeatable, and testable resu lts scoped such that they can be completed within a reasonable timeframe.
Alternative Definitions
- Definition 2
Common Criteria specification that represents an implementation independent set of security requirements for a category of Target of Evaluations (TOE) that meets specific consumer needs. (CNSSI-4009) (NISTIR)