Controlled Access Protection Profile

This article does not cite any sources . Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Controlled Access Protection Profile" – news · newspapers · books · scholar · JSTOR (February 2025) (Learn how and when to remove this message)

The Controlled Access Protection Profile, also known as CAPP, is a Common Criteria security profile that specifies a set of functional and assurance requirements for information technology products. Software and systems that conform to CAPP standards provide access controls that are capable of enforcing access limitations on individual users and data objects. CAPP-conformant products also provide an audit capability which records the security-relevant events which occur within the system.

CAPP is intended for the protection of software and systems where users are assumed to be non-hostile and well-managed, requiring protection primarily against threats of inadvertent or casual attempts to breach the security protections. It is not intended to be applicable to circumstances in which protection is required against determined attempts by hostile and well-funded attackers. It does not fully address the threats posed by malicious system development or administrative personnel, who generally have a higher level of access. The CAPP was derived from the requirements of the C2 class of the U.S. Department of Defense Trusted Computer System Evaluation Criteria and the material upon which those requirements are based.

Stub icon

This computer security article is a stub. You can help Wikipedia by expanding it.

v
t
e

Retrieved from "https://en.wikipedia.org/w/index.php?title=Controlled_Access_Protection_Profile&oldid=1275239126"