Defence Signals Directorate Reveal their secrets....Protect our own

Protection Profiles

A protection profile (PP) identifies the security requirements for a particular information and communications technology (ICT) product category, without specifying how those requirements are to be implemented.

A PP achieves this by defining an implementation-independent set of security requirements and objectives for a class of ICT products that meets specific consumer needs. It contains a statement of the security problem that a compliant product is intended to solve. A typical PP will also include an Evaluation Assurance Level (EAL) in its stated requirements.

Australian PPs may be used to ensure that security functionality required by Australian Government ICT security policy (as defined in ACSI 33) is included in the formal evaluation process. A product that successfully completes evaluation against the requirements defined within a PP will be certified as complying with the PP.

A certified PP is one that a recognised certification body asserts as having been evaluated by a laboratory competent in Common Criteria IT security evaluations. Under the Common Criteria Recognition Arrangement (CCRA), PPs certified overseas can be mutually recognised in Australia. However, Australian policy states that agencies should use products certified against DSD Approved PPs in preference to those that do not meet a DSD Approved PP.

DSD Approved Protection Profiles

A DSD Approved PP is a PP that has been reviewed and approved by DSD as appropriate for Australian Government use.

DSD has not as yet approved any PPs for Australian Government use.

A pilot project to implement the use of PPs within Australia is currently underway; please contact us if you would like further information.

Additional Links

Some links to further information about PPs are: