Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
CAN/CSA-ISO/IEC TR 15446-10 (2015): Guide for the Production of Protection Profiles and Security Targets
Canadian Adoption of International Guidance for Security Specification Development in the Common Criteria Framework
Scope and Purpose
CAN/CSA-ISO/IEC TR 15446-10 (2015) is the Canadian adoption of the international technical report ISO/IEC TR 15446:2009, providing authoritative guidance on the development of Protection Profiles (PP) and Security Targets (ST) for the Common Criteria for Information Technology Security Evaluation (ISO/IEC 15408). As a Technical Report (TR), it offers best-practice recommendations rather than normative requirements, assisting authors, evaluators, and certification bodies in producing consistent and unambiguous security specification documents.
The standard bridges the gap between the high-level security functional and assurance requirements defined in ISO/IEC 15408 and the practical need to express concrete security objectives for IT products and systems. It addresses both the structure and content of PP and ST documents, covering security problem definition, security objectives, and the selection of security requirements.
Note: CAN/CSA-ISO/IEC TR 15446-10 is not a standalone certification criterion. It must be used in conjunction with the Common Criteria (ISO/IEC 15408) and Common Evaluation Methodology (ISO/IEC 18045).
Technical Requirements and Guideline Structure
The document is organized to mirror the typical PP/ST development lifecycle. It provides detailed mapping between the security problem and the security objectives, traceability matrices, and rationale sections required by ISO/IEC 15408.
Key Components of a Protection Profile
| Component | Description | Guidance in TR 15446-10 |
|---|---|---|
| Security Problem Definition | Definition of assets, threats, organizational security policies, and assumptions | Chapters on threat modelling and policy interpretation |
| Security Objectives | Countermeasures to address the security problem | Mapping techniques between objectives and threats/policies |
| Extended Components Definition | New SFRs/SARs if existing families are insufficient | Template for extending the common criteria library |
| Security Requirements | Selection of SFRs (functional) and SARs (assurance) from ISO/IEC 15408 | Checklists and selection guidance |
| Rationale | Evidence of completeness and consistency | Traceability matrix templates |
Security Target Specific Considerations
An ST is product-specific and may reference a PP. The TR addresses both configurations: STs that claim conformance to a PP and standalone STs. It emphasizes the need for a clear security problem definition, which forms the basis for all subsequent sections.
Common Pitfall: Incomplete security problem definition is the leading cause of PP/ST rejections during evaluation. Ensure that every threat, policy, and assumption is addressed by at least one security objective.
Implementation Highlights
Implementing the guidance of CAN/CSA-ISO/IEC TR 15446-10 involves several key activities:
- Adopting a structured writing process: Use the iterative approach recommended in the TR, where the security problem definition is refined in parallel with the objectives and requirements.
- Leveraging template frameworks: The TR provides sample structures and examples that can be adapted. Many Canadian certification bodies expect the terminology and format to align with this TR.
- Integrating with ISO/IEC 15408-2 and -3: The TR references specific families from the Common Criteria. Implementers should have a working knowledge of the SFR and SAR catalogues.
Traceability and Rationale
A core requirement for any PP or ST is a clear mapping from threats/policies to objectives, and from objectives to requirements. The TR provides several examples of traceability tables and narrative rationales. These are critical for evaluators to assess coverage and consistency.
Best Practice: Use the traceability matrices provided in Annex B of the TR as starting templates. They accelerate evaluation and reduce iteration cycles.
Compliance and Certification Considerations
While the TR itself is not a conformance document, its use is strongly recommended by the Canadian Common Criteria Scheme and other national schemes. Following the guidance typically results in higher quality PP/ST submissions and fewer evaluation findings.
Canadian Context
CAN/CSA-ISO/IEC TR 15446-10 includes a Canadian foreword and may contain national deviations or additional guidance relevant to the Canadian market. Users involved in evaluations under the Communications Security Establishment (CSE) or other Canadian certification bodies should reference this version directly.
Important: Do not substitute earlier versions of ISO/IEC TR 15446 (e.g., 2004 edition) for this 2015 Canadian adoption. Terminology and requirement assignments have been updated to align with current Common Criteria version 3.1 revisions.
Frequently Asked Questions
Q: Is CAN/CSA-ISO/IEC TR 15446-10 mandatory for Common Criteria evaluations in Canada?
A: It is not mandatory, but it is highly recommended. Most certification bodies and evaluators expect PP/ST documents to follow the structure and content guidance of this TR. Using it reduces evaluation time and cost.
A: It is not mandatory, but it is highly recommended. Most certification bodies and evaluators expect PP/ST documents to follow the structure and content guidance of this TR. Using it reduces evaluation time and cost.
Q: What is the difference between this Canadian adoption and the original ISO/IEC TR 15446:2009?
A: The Canadian adoption includes a national foreword, possibly minor editorial changes, and references to Canadian standards infrastructure. The technical content is harmonized with the international version to maintain global recognition of Canadian evaluations.
A: The Canadian adoption includes a national foreword, possibly minor editorial changes, and references to Canadian standards infrastructure. The technical content is harmonized with the international version to maintain global recognition of Canadian evaluations.
Q: Does this TR apply to both Protection Profiles and Security Targets?
A: Yes. The document provides comprehensive guidance for both PP and ST development. Separate sections address the specific considerations for each document type, as well as the case where an ST claims conformance to a PP.
A: Yes. The document provides comprehensive guidance for both PP and ST development. Separate sections address the specific considerations for each document type, as well as the case where an ST claims conformance to a PP.
Q: Can this TR be used for non-Common Criteria security specifications?
A: While the TR is primarily intended for CC evaluations, the structured methodology for defining security problems, objectives, and requirements is applicable to any security specification effort. Many organizations use it as a reference for secure system design.
A: While the TR is primarily intended for CC evaluations, the structured methodology for defining security problems, objectives, and requirements is applicable to any security specification effort. Many organizations use it as a reference for secure system design.
In summary, CAN/CSA-ISO/IEC TR 15446-10 (2015) is an essential tool for any organization involved in Common Criteria evaluations in Canada. It codifies best practices for documenting security specifications and aligns with the internationally recognized Common Criteria framework. Adherence to this guidance not only facilitates smoother certification but also enhances the overall quality of security documentation.
© 2026 — This article is for informational purposes and does not constitute official CSA Group or ISO guidance. Refer to the latest version of the standard for authoritative requirements.