Jump to content

Security Target

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by PipepBot (talk | contribs) at 01:28, 9 April 2008 (robot Adding: de:Sicherheitsvorgaben). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

In an IT product certification process according to the Common Criteria (CC), a Security Target (ST) is the central document, typically provided by the developer the product, that specifies security evaluation criteria to substantiate the vendor's claims for the product's security properties.

An ST defines information assurance security requirements for the given information system product, which is called the Target of Evaluation (TOE). An ST is a complete and rigorous description of a security problem in terms of TOE description, threats, assumptions, security objectives, security functional requirements (SFRs), security assurance requirements (SARs), and rationales. The SARs are typically given as a number 1 through 7 called Evaluation Assurance Level (EAL), indicating the depth and rigor of the security evaluation, usually in the form of supporting documentation and testing, that the product meets the SFRs.

An ST contains some (but not very detailed) implementation-specific information that demonstrates how the product addresses the security requirements. It may refer to one or more Protection Profiles (PPs). In such a case, the ST must fulfill the generic security requirements given in each of these PPs, and may define further requirements.

Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Security_Target&oldid=204354762"