This document gives guidelines for the preparation and evaluation of security requirements specifications, referred
to as Protection Profiles (PP) in ISO/IEC 15408 Evaluation criteria for IT security and ISO/IEC PDTR 15446 Guide
for the production of protection profiles and security target. By a Protection Profile (PP) is meant a set of security
requirements for a category of products or systems which meet specific needs. A typical example would be a PP
for OBEs to be used in an EFC system and in this case the PP would be an implementation-independent set of
security requirements for the OBEs meeting the operators and users needs for security.
The document uses an OBE with an integrated circuit(s) card (ICC) as an example describing both the structure of
the PP as well as the proposed content.
Figure 1 shows how this document fits in the overall picture of EFC security architecture. The shaded boxes are the
aspects mostly related to the preparation of PPs for EFC systems.