by 5 min read

The Most-Used Protection Profiles in Common Criteria, by Product Count

common-criteriaprotection-profilesprocurementguide

There are 267 distinct Protection Profiles referenced by certificates in our catalogue. The distribution is heavily concentrated: a handful of PPs account for the bulk of certified products, and a long tail covers everything else. This post walks through the top of that distribution, what each PP is for, and what procurement teams can take from it.

The top 15 by product count

RankProductsProtection Profile
1289SECURITY_IC_AUGP_V1.0
2156PP_HCD_V1.0
356CPP_ND_V2.2E
455MRTD_ICAO_BA_V1.10
535EPASS_PACE_V1.0,MRTD_ICAO_EAC_V1.3
631TPM 2021 02
730PP_HCD_EAL2_V1.0
826BSI-PP-0099-V2
924SGP.25 Embedded UICC for Consumer Devices Protection Profile v1.0
1022PP_SSCD_PART2..PART5 (composite)
1121SGP.25 Embedded UICC for Consumer Devices Protection Profile v2.1
1219SMARTMETERGATEWAYPP_V1.3
1319CPP_HCD_V1.0E
1419JAVA_OC
1519MRTD_ICAO_EAC_V1.3

Smart card ICs dominate (and it is not close)

The single most-used PP in the catalogue is SECURITY_IC_AUGP_V1.0, BSI’s smart card IC Protection Profile, with 289 conforming products. Add in BSI-PP-0099-V2 (26), the successor PP for the same product class, and the Java-on-card profile JAVA_OC (19), and the smart card silicon family alone accounts for over 330 products.

Why is this PP so dominant? Two reasons:

  1. The PP fits a real product category exactly. Every secure element, eID chip, payment IC, and eSIM controller fits the same threat model: physical attacker with side-channel and fault-injection capabilities, evaluating against AVA_VAN.5. The PP encodes that threat model, and the chip vendors all certify against it.
  2. The chip vendors certify a lot. STMicro, NXP, Infineon, Samsung, and Nuvoton between them produce dozens of certified chip variants per year. Each one consumes a fresh certification, but they all conform to the same PP.

If you are evaluating a payment card, a passport, or an eSIM, you will end up reading SECURITY_IC_AUGP and its successors many times.

Printers and multi-function devices: the HCD family

Hardcopy Device (HCD) Protection Profiles cover printers, scanners, and multi-function devices. We see three variants in the top 15:

  • PP_HCD_V1.0 (156 products): the IEEE-developed Hardcopy Device PP
  • PP_HCD_EAL2_V1.0 (30 products): an EAL2 variant
  • CPP_HCD_V1.0E (19 products): a Collaborative Protection Profile variant for HCDs

Combined, the HCD family covers more than 200 certified products. This is mostly Kyocera, Ricoh, HP, and other major printer vendors certifying enterprise printer/copier lines for government and regulated procurement.

Network devices: NDcPP

CPP_ND_V2.2E (56 products) is the Network Device collaborative Protection Profile (NDcPP), the standard PP that NIAP and other NIAP-aligned schemes require for firewalls, VPN gateways, routers, and switches. Cisco, Juniper, HPE, and others certify their network gear against NDcPP variants. If you are buying enterprise networking equipment with a CC certification, this is overwhelmingly the PP you will encounter.

Travel documents and eIDs: the MRTD family

The ICAO Machine-Readable Travel Document family appears multiple times:

  • MRTD_ICAO_BA_V1.10 (55 products): Basic Access Control variant
  • EPASS_PACE_V1.0,MRTD_ICAO_EAC_V1.3 (35 products): Composite of PACE and Extended Access Control
  • MRTD_ICAO_EAC_V1.3 (19 products): EAC standalone

Together over 100 products. This is the worldwide passport, eID, and electronic travel document chip ecosystem, certified primarily under the BSI scheme.

TPMs

TPM 2021 02 (31 products) is the TCG’s TPM 2.0 Protection Profile from February 2021. It covers Trusted Platform Modules used in PCs, servers, and embedded systems. Nuvoton, Infineon, STMicro, and ST33-family chips dominate the certifications here.

Embedded UICCs (eSIMs)

The two SGP.25 Embedded UICC entries (v1.0: 24 products; v2.1: 21 products) cover eSIM platforms for consumer devices: phones, watches, and similar. The PP family is governed by GSMA. The split between v1.0 and v2.1 in the data reflects a generational transition that is still in progress.

Smart meters

SMARTMETERGATEWAYPP_V1.3 (19 products) is BSI’s Smart Meter Gateway PP, used for German smart-meter infrastructure. A vertical PP for a regulated national procurement context, with a tightly defined product class.

Signature creation devices

PP_SSCD_PART2..PART5 (22 products) is the composite Secure Signature Creation Device PP set, used by qualified signature creation devices under EU eIDAS regulations.

What this distribution means for procurement

Three practical takeaways:

  1. A small number of PPs cover the products you actually buy. If you procure smart cards, printers, network devices, travel documents, TPMs, eSIMs, smart meters, or signature creation devices, you can specify the relevant PP by name. There is no need to write your own security requirements: the PPs are vendor-independent and well-tested.
  2. PP conformance is a tighter spec than EAL alone. “EAL4+ certified” can mean many things. “Conformant to NDcPP v2.2E at EAL4+” specifies what was actually evaluated. For procurement language, prefer the latter.
  3. Outside the top 15, PPs are very specific. The long tail (over 250 PPs with fewer than 19 products each) is mostly very narrow product categories: specific national PPs, niche industry PPs, or older PPs being phased out. If you need a PP for a less common category, the long tail is where you look.

Where to find them

NenkinTracker maintains a Protection Profile directory listing every PP referenced by an indexed certificate, with the conforming product count and per-PP product lists. This makes it easy to start from “I need a network device certified to NDcPP” and arrive at a list of vendors who actually have one.

See also

Continue reading