Controlled Access Protection Profile
   HOME

TheInfoList



Click Here for Items Related To - Controlled Access Protection Profile
OR:
Controlled Access Protection Profile on:   [Wikipedia]   [Google]   [Amazon]

The Controlled Access Protection Profile, also known as CAPP, is a
Common Criteria The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. It is currently in version 3.1 revision 5. Common Criteria ...
security Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...
profile that specifies a set of functional and assurance requirements for information technology products. Software and systems that conform to CAPP standards provide
access controls In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of ''accessing'' may mean consuming ...
that are capable of enforcing access limitations on individual users and data objects. CAPP-conformant products also provide an audit capability which records the security-relevant events which occur within the system. CAPP is intended for the protection of software and systems where users are assumed to be non-hostile and well-managed, requiring protection primarily against threats of inadvertent or casual attempts to breach the security protections. It is not intended to be applicable to circumstances in which protection is required against determined attempts by hostile and well-funded attackers. It does not fully address the threats posed by malicious system development or administrative personnel, who generally have a higher level of access. The CAPP was derived from the requirements of the C2 class of the
U.S. Department of Defense The United States Department of Defense (DoD, USDOD or DOD) is an executive branch department of the federal government charged with coordinating and supervising all agencies and functions of the government directly related to national secur ...
''Trusted Computer System Evaluation Criteria'' and the material upon which those requirements are based.


External links


NSA Controlled Access Protection Profile
Computer security models {{computer-security-stub