Protection Profiles

A Protection Profile is a document that stipulates the security functionality that must be included in a Common Criteria evaluation. Agencies can have confidence that the scope of an evaluation against an ASD-approved Protection Profile covers the necessary security functionality expected of the evaluated product and known security threats will have been addressed. The effectiveness and integrity of cryptographic functions are also within the scope of product evaluations performed in line with Protection Profiles.

In the past a Common Criteria evaluation has been conducted at a specified Evaluation Assurance Level (EAL). However, Protection Profiles do not incorporate this scale as the Protection Profile describes the complete set of a product’s security functionality, against which it is evaluated. Products evaluated against a Protection Profile will still appear on DSD’s Evaluated Products List (EPL) but with the relevant Protection Profile rather than an EAL.

Protection Profiles provide better assurance in the security of evaluated products EALs. During the transition to Protection Profiles, a cap of EAL 2 now applies for all traditional EAL-based evaluations overseen by ASD.

ASD-Approved Protection Profiles

Technology Protection Profile Approved
Mobile products Protection Profile for Mobile Device Fundamentals (PDF)
ASD Mandatory Requirements Addendum (PDF)
April 2014
Network-related devices Protection Profile for IPsec Virtual Private Network (VPN) Clients (PDF) January 2013
Network-related devices Network Device Protection Profile (NDPP) Extended Package VPN Gateway (PDF) January 2013
Network-related devices Network Device Protection Profile (PDF) June 2012
Network-related devices Protection Profile Extended Package for Stateful Traffic Filter Firewalls (PDF) May 2012 
Data protection Protection Profile for Full Disk Encryption (PDF) March 2012 
Network-related devices Protection Profile for Wireless Local Area Network (WLAN) Access Systems (PDF) March 2012 
Network-related devices Protection Profile for Wireless Local Area Network (WLAN) Clients (PDF) March 2012 
Data protection Protection Profile for USB Flash Drives (PDF) February 2012

Protection Profiles news archive

USB Position Statement, March 2014

The ACA has made available, via the Common Criteria Portal, a position statement on the development of a collaborative Protection Profile (cPP) for USB storage devices.

Protection Profile Extended Package for Stateful Traffic Filter Firewalls, May 2012

This Extended Package for the Network Devices Protection Profile (PDF) addresses a range of security threats related to infiltration into a protected network and exfiltration from a protected network.

DSD Approved Protection Profiles, March 2012

DSD approves the following three documents:

DSD Approved Protection Profiles, February 2012

DSD approves the Protection Profile for USB Flash Drives (PDF). This Protection Profile addresses the primary threats that an adversary could obtain a misplaced or stolen USB flash drive and extract sensitive data or could attempt to place malicious system files on the device that could be used to compromise host environments. For any questions, please email DSD, attention AISEP.

DSD Approved Protection Profiles, June 2011

DSD approves the Security Requirements for Network Devices (PDF) using Protection Profiles for Common Criteria evaluation in the AISEP. From 1 December 2011, this is required for network infrastructure connected products operating at Layer 3. For any questions, please email DSD, attention AISEP.

DSD Policy for Adopting Protection Profiles in the Common Criteria (PDF), April 2011

DSD and the international Common Criteria community are developing technology-specific Protection Profiles to enhance Common Criteria evaluations. Rather than relying solely on Evaluation Assurance Levels (EAL), DSD is raising the benchmark for security evaluations to meet Australian government information security needs.