Common Criteria Security Target

Common Criteria Security Target

Common Criteria Security Target (ST) is the documentation for a system or product that is to be tested. The common criteria is an internal standard that uses a hierarchy of current state-of-the-art requirements to test the security of IT products.

Common Criteria for Information Technology Security Evaluation, version 3.1 Part 1 defines the Security Target (ST) as an “implementation-specific statement of security needs for a specific identified Target of Evaluation (TOE)”. In other words, the ST defines boundary and specifies the details of the TOE. In a product evaluation process according to the CC the ST document is provided by the vendor of the product.

Breaks down to Four Terms,

Target of Evaluation (ToE) - The system or product that is to be tested.
Security Target (ST) - The documentation that describes the ToE and any security requirements.
Protection profile (PP) - A set of security requirements and objects for the type of product to be tested.
Evaluation Assurance Level (EAL) - A rating level that is assigned to the product after the product has been tested.
EAL1 - functionally tested
EAL2 - structurally tested
EAL3 - methodically tested and checked
EAL4 - methodically designed, tested, and reviewed
EAL5 - semi-formally designed and tested
EAL6 - semi-formally verified design and tested
EAL7 - formally verified design and tested
For further reference,

https://www.commoncriteriaportal.org/files/ccfiles/ccpart3v3.1r4.pdf

https://en.wikipedia.org/wiki/Evaluation_Assurance_Level

Leave a comment