Protection ProfilesA Protection Profile (PP) is an implementation-independent specification of information assurance security requirements. Protection profiles are a complete combination of security objectives, security related functional requirements, information assurance requirements, assumptions, and rationale. The purpose of a PP is to state a security problem rigorously for a given collection of system or products - known as the Target of Evaluation (TOE) - and to specify security requirements to address that problem without dictating how these requirements will be implemented. Product vendors may respond to the security concerns defined by a PP by producing a Security Target (ST), which is similar to a PP except that it contains implementation-specific information that demonstrate how their product addresses those security concerns. In accordance with their respective responsibilities under PublicLaw 100-235 (Computer Security Act of 1987), the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) have agreed to cooperate on the development of security requirements for key technology areas necessary for the protection of Federal information systems and networks, including those comprising the critical infrastructure within the United States. NIST and NSA are undertaking this effort:
The following links focus on US Government Protection Profiles and will direct you to either the development process for US Government PPs, Consistency Instruction Manuals for different degrees of robustness, a list of US Government PPs in development, and, finally, a current list of NIAP Validated US Government PPs. |
![[X]](/assets/images/button_close.gif){kind=small}