EPL links
- EPL
- About the EPL
- Protection Profiles
- AISEP
- About the AISEP
- Certification guidance
- Cryptographic evaluations
- Interpretations
- Recommendation for DSD evaluation
- International partners
- Service providers
- Supporting documentation
- FAQs
Related links
Protection Profiles
A Protection Profile identifies the security requirements for a particular ICT product category without specifying how the requirements are to be implemented. This is achieved by defining an implementation-independent set of security requirements and objectives for a class of products that meets specific consumer needs. It contains a statement of the security problem that a compliant product is intended to solve. A typical Protection Profile also includes an Evaluation Assurance Level (EAL) in its stated requirements.
An Australian government agency may use a Protection Profile to specify security functionality required (as defined in the Information Security Manual) for a class of security products.
A product that successfully completes evaluation against the requirements defined within the Protection Profile will be certified as complying with the Protection Profile.
Australia and New Zealand, as signatories to the Common Criteria Recognition Arrangement (CCRA), mutually recognise Protection Profiles certified by other certificate producing CCRA participants.
DSD and the international Common Criteria community are developing technology-specific Protection Profiles to enhance Common Criteria evaluations. Rather than relying soley on EALs, DSD is raising the benchmark for security evaluations to meet Australian government information security needs. New protection profiles are listed on the Evaluated Products List as they are approved.
Protection Profiles news archive
Protection Profile Extended Package for Stateful Traffic Filter Firewalls, May 2012
This Extended Package for the Network Devices Protection Profile (PDF) addresses a range of security threats related to infiltration into a protected network and exfiltration from a protected network.
DSD Approved Protection Profiles, March 2012
DSD approves the following three documents:
- Protection Profile for Full Disk Encryption (PDF)
This Protection Profile addresses the threat that an adversary will obtain a lost or stolen hard disk (eg, a disk contained in a laptop or a portable external hard disk drive) containing sensitive data. - Protection Profile for Wireless Local Area Network (WLAN) Access Systems (PDF) and
- Protection Profile for Wireless Local Area Network (WLAN) Clients (PDF)
These Protection Profiles address the threats against Wireless Local Area Network (WLAN) access systems and clients.
DSD Approved Protection Profiles, February 2012
DSD approves the Protection Profile for USB Flash Drives (PDF). This Protection Profile addresses the primary threats that an adversary could obtain a misplaced or stolen USB flash drive and extract sensitive data or could attempt to place malicious system files on the device that could be used to compromise host environments. For any questions, please email DSD, attention AISEP.
DSD Approved Protection Profiles, June 2011
DSD approves the Security Requirements for Network Devices (PDF) using Protection Profiles for Common Criteria evaluation in the AISEP. From 1 December 2011, this is required for network infrastructure connected products operating at Layer 3. For any questions, please email DSD, attention AISEP.
DSD Policy for Adopting Protection Profiles in the Common Criteria (PDF), April 2011
DSD and the international Common Criteria community are developing technology-specific Protection Profiles to enhance Common Criteria evaluations. Rather than relying solely on Evaluation Assurance Levels (EAL), DSD is raising the benchmark for security evaluations to meet Australian government information security needs.