Protection Profile

In the context of IT security policies (eg Common Criteria or ITSEC ) is defined as an implementation- independent set of security requirements to a group or category of under investigation IT systems ( Target of Evaluation, short ECG) a protection profile. The concept of protection profiles is used to describe the security situation of an evaluation object based on security objectives, potential risks and assumptions about the operating environment of IT, in order to then define generic sample solutions at an abstract level possible.