Protection Profile

Protection Profile definition in Computer Security terms:

Acronym(s): PP

Definition(s): An implementation-independent set of security requirements for a category of Targets of Evaluation (TOEs) that meet specific consumer needs.
Source(s): FIPS 140-2

A minimal, baseline set of requirements targeted at mitigating well defined and described threats. The term Protection Profile refers to NSA/NIAP requirements for a technology and does not imply or require the use of Common Criteria as the process for evaluating a product. Protection Profiles may be created by Technical Communities and will include:
– a set of technology-specific threats derived from operational knowledge and technical expertise;
– a set of core functional requirements necessary to mitigate those threats and establish a basic level of security for a particular technology; and,
– a collection of assurance activities tailored to the technology and functional requirements that are transparent, and produce achievable, repeatable, and testable results scoped such that they can be completed within a reasonable timeframe.
Source(s): CNSSI 4009-2015 (CNSSP No. 11)

Synonym(s): None


reference: CSRC Glossary