The Controlled Access Protection Profile, also known as CAPP, is a Common Criteria security profile that specifies a set of functional and assurance requirements for information technology products.
Software and systems that conform to CAPP standards provide access controls that are capable of enforcing access limitations on individual users and data objects.
CAPP-conformant products also provide an audit capability which records the security-relevant events which occur within the system.
It is not intended to be applicable to circumstances in which protection is required against determined attempts by hostile and well-funded attackers.
It does not fully address the threats posed by malicious system development or administrative personnel, who generally have a higher level of access.