A profile of protection (in English, protection profiles , or PP ) is a document in the field of the Information system security. This document defines a whole of objective and safety requirements, independent of the implementation, for a category of products which meets needs for safety common to several users. The profiles of protection are reusable and normally public.

A profile of protection is part of the process of evaluation of the standard of the Common Criteria (DC).

Objective

A profile of protection states rigorously a problem of Sécurité for a given whole of systems or products, identified under the name of “Objet to certify” ( Target off Evaluation, or TOE ) and to specify the Besoin S for Sécurité in order to solve this problem without imposing how these needs will be implemented.

The suppliers of products can choose to implement products which conform to one or more profiles of protection, and make evaluate their products according to those. In such a case, a profile of protection can be used as model for the “Cible of safety” ( Security Target , or ST ) of the product. The suppliers of product can answer the concerns of safety defined by a profile of protection by producing a Cible of safety, which is similar to a profile of protection, except for the fact that it contains specific information for the implementation which shows how their product answers the Besoin S for Sécurité.

In the United States

The Certification DC is sometimes required for investments in Technology the information.

For the the United States, the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) were appropriate to cooperate for the development of profiles of protection validated by the Federal government.

In particular, the company MITER, which is supplier of the Department of Defense, developed in 1998 a methodology of Information system security, with a profile of protection adapted to the Infrastructure S Aérospatiale S: NIMS protection profiles. NIMS means NAS (National Airspace System) Insfrastructure Management System.

There exists as well of other profiles of protection in other fields, in particular the electronic Signature.

In Europe

(to be supplemented)

See too

External bonds

  • DCSSI : List products certified in France

  • NIAP Protection Profile off
  • Computer Security Act 1987

Random links:Serge Blisko | Juvigny-on-Loison | Joakim Thåström | Halibut of Greenland | Episode 1 (Antarès)

© 2007-2008 speedlook.com; article text available under the terms of GFDL, from fr.wikipedia.org