Defines the basis for evaluation of security properties of IT products and systems in two forms; the protection profile construct which allows creation of generalized reusable sets of these security requirements, and the security target which expresses t