Unlike most other Protection Profiles, the Firewall Protection Profile (FPP) is structured into a “base” part and a set of (optional) “extended packages”. This structure was chosen to maximize adaptability for different operational environments and different operational requirements, since firewalls may provide a wide range of different functionality.
The Protection Profile for Mobile Device Fundamentals, Version 3.1 specifies information security requirements for Mobile Devices for use in an enterprise. A Mobile Device in the context of this assurance standard is a device, which is composed of a hardware platform and its system software. The device typically provides wireless connectivity and may include software for functions like secure messaging, email, web, VPN connection, and VoIP (Voice over IP), for access to the protected enterprise network, enterprise data and applications, and for communicating to other Mobile Devices.
The collaborative Protection Profile for Network Devices Target of Evaluation (TOE) is a Network Device (ND). It provides a minimal set of security requirements expected by all Network Devices that target the mitigation of a set of defined threats. This baseline set of requirements will be built upon by future cPPs to provide an overall set of security solutions for networks up to carrier and enterprise scale.
The scope of the Protection Profile for Application Software is to describe the security functionality of application software in terms of [CC] and to define functional and assurance requirements for such software. In recent years, software attacks have shifted from targeting operating systems to targeting applications. This has been the natural response to improvements in operating system security and development processes. As a result, it is paramount that the security of applications be improved to reduce the risk of compromise.
A trustworthy system supporting server signing (TW4S) is a system that offers remote digital signatures as a service. It ensures that signer’s signing key or keys are only used under the sole control of the signer for the intended purpose, defined by the Protection Profile for QSCD for Server Signing
The Cryptographic Module for Trust Services Protection Profile defines the security requirements for cryptographic modules used by trust service providers supporting electronic signing and sealing operations and authentication services. It includes optional support for protected backup of keys.
The scope of the PP-Module for File Encryption Version 1.0 is to describe the security functionality of a file encryption product in terms of [CC] and to define functional and assurance requirements for such products. This PP-Module is intended for use with the Base-PP Application Software Protection Profile, Version 1.3.