A minimal, baseline set of requirements targeted at mitigating well defined and described threats. The term Protection Profile refers to NSA/NIAP requirements for a technology and does not imply or require the use of Common Criteria as the process for evaluating a product. Protection Profiles may be created by Technical Communities and will include:
- a set of technology-specific threats derived from operational knowledge and technical expertise;
- a set of core functional requirements necessary to mitigate those threats and establish a basic level of security for a particular technology; and,
- a collection of assurance activities tailored to the technology and functional requirements that are transparent, and produce achievable, repeatable, and testable results scoped such that they can be completed within a reasonable timeframe.
CNSSI 4009-2015 from CNSSP 11