NIAP: Archived U.S. Government Approved Protection Profile - Protection Profile for Certification Authorities Version 1.0

Short Name: pp_ca_v1.0

Technology Type: Certificate Authority

CC Version: 3.1

Date: 16 May 2014

Succeeded By: pp_ca_v2.0

Sunset Date: 28 April 2017 [Sunset Icon]

Conformance Claim: None



Certification Authorities (CAs), and the infrastructure they support, form the basis for one of the primary mechanisms for providing strong assurance of identity in online transactions. The widely placed trust in CAs is at the heart of security mechanisms used to protect business and financial transactions online. Notably, protocols using Transport Layer Security (TLS) rely on certificates issued by CAs to identify and authenticate servers and clients in web transactions. Governments around the world rely on CAs to identify parties involved in transactions with them.

This Protection Profile (PP) describing security requirements for a Certification Authority is intended to provide a minimal, baseline set of requirements that are targeted at mitigating well defined and described threats. These requirements support CA operations performed in accordance with the National Institute of Standards and Technologies (NIST) Interagency or Internal Report (IR) 7924 (Draft), Reference Certificate Policy, referred to as the “NIST IR.”   This PP represents an evolution of “traditional” Protection Profiles and the associated evaluation of the requirements contained within the document. 

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

Related Technical Decisions

  • 0079 – RBG Cryptographic Transitions per NIST SP 800-131A Revision 1
  • 0046 – Asymmetric KEK Modification
  • 0045 – Removal of FDP_OCSP_EXT.1.2 in CAPP
  • 0043 – CAPP FCS_CKM_EXT.1.5 Correction
  • 0042 – Removal of Low-level Crypto Failure Audit from PPs

Please forward any questions or comments to

Site Map              Contact Us              Home