Generic requirements for a product category are specified in protection profiles. They are initially implementation-independent, but can be tailored to a specific Target of Evaluation (TOE) by the security target that can be derived from them. Requirements for functionality as well as trustworthiness are summarised in protection profiles and fully cover a given set of security objectives. By writing protection profiles, the BSI can thus set minimum standards for specific product groups.

Applications for which protection profiles have been developed are, for example, the In a protection profile, the general IT security properties as well as the conditions for the secure use of the product are specified. This IT security concept not only describes the value of the data and its processing, but also covers the assumptions made for a typical application environment.

Legal requirements to be met or prescribed security standards are reflected in the security concept of the protection profile, as are all threats to the values to be protected that are to be averted by the IT. The certification of a protection profile provides proof that the protection profile is complete, consistent and technically coherent.

Further certified protection profiles can be found on the websites: www.commoncriteriaportal.org and www.sogis.eu.