- ASD evaluations
- About the EPL
- Protection Profiles
- About the AISEP
- Recommendation for ASD evaluation
- Certification guidance
- International partners
- Service providers
- Supporting documentation
A Protection Profile is a document that stipulates the security functionality that must be included in a Common Criteria evaluation. Agencies can have confidence that the scope of an evaluation against a ASD-approved Protection Profile covers the necessary security functionality expected of the evaluated product and known security threats will have been addressed. The effectiveness and integrity of cryptographic functions are also within the scope of product evaluations performed in line with Protection Profiles.
In the past a Common Criteria evaluation has been conducted at a specified Evaluation Assurance Level (EAL). However, Protection Profiles do not incorporate this scale as the Protection Profile describes the complete set of a product’s security functionality, against which it is evaluated. Products evaluated against a Protection Profile will still appear on ASD’s Evaluated Products List (EPL) but with the relevant Protection Profile rather than an EAL.
Protection Profiles provide better assurance in the security of evaluated products EALs. During the transition to Protection Profiles, a cap of EAL 2 now applies for all traditional EAL-based evaluations overseen by ASD.
ASD-Approved Protection Profiles
|Network-related devices||Protection Profile for IPsec Virtual Private Network (VPN) Clients (PDF)||January 2013|
|Network-related devices||Network Device Protection Profile (NDPP) Extended Package VPN Gateway (PDF)||January 2013|
|Network-related devices||Network Device Protection Profile (PDF)||June 2012|
|Network-related devices||Protection Profile Extended Package for Stateful Traffic Filter Firewalls (PDF)||May 2012|
|Data protection||Protection Profile for Full Disk Encryption (PDF)||March 2012|
|Network-related devices||Protection Profile for Wireless Local Area Network (WLAN) Access Systems (PDF)||March 2012|
|Network-related devices||Protection Profile for Wireless Local Area Network (WLAN) Clients (PDF)||March 2012|
|Data protection||Protection Profile for USB Flash Drives (PDF)||February 2012|
Protection Profiles news archive
Protection Profile Extended Package for Stateful Traffic Filter Firewalls, May 2012
This Extended Package for the Network Devices Protection Profile (PDF) addresses a range of security threats related to infiltration into a protected network and exfiltration from a protected network.
ASD Approved Protection Profiles, March 2012
ASD approves the following three documents:
- Protection Profile for Full Disk Encryption (PDF)
This Protection Profile addresses the threat that an adversary will obtain a lost or stolen hard disk (eg, a disk contained in a laptop or a portable external hard disk drive) containing sensitive data.
- Protection Profile for Wireless Local Area Network (WLAN) Access Systems (PDF) and
- Protection Profile for Wireless Local Area Network (WLAN) Clients (PDF)
These Protection Profiles address the threats against Wireless Local Area Network (WLAN) access systems and clients.
ASD Approved Protection Profiles, February 2012
ASD approves the Protection Profile for USB Flash Drives (PDF). This Protection Profile addresses the primary threats that an adversary could obtain a misplaced or stolen USB flash drive and extract sensitive data or could attempt to place malicious system files on the device that could be used to compromise host environments. For any questions, please email ASD, attention AISEP.
ASD Approved Protection Profiles, June 2011
ASD approves the Security Requirements for Network Devices (PDF) using Protection Profiles for Common Criteria evaluation in the AISEP. From 1 December 2011, this is required for network infrastructure connected products operating at Layer 3. For any questions, please email ASD, attention AISEP.
ASD and the international Common Criteria community are developing technology-specific Protection Profiles to enhance Common Criteria evaluations. Rather than relying solely on Evaluation Assurance Levels (EAL), ASD is raising the benchmark for security evaluations to meet Australian government information security needs.