Back to Blog
Free download beyond eye care target7/7/2023 ![]() ![]() In such a case, a PP may serve as a template for the product's ST (Security Target, as defined below), or the authors of the ST will at least ensure that all requirements in relevant PPs also appear in the target's ST document. Product vendors can choose to implement products that comply with one or more PPs, and have their products evaluated against those PPs. Protection Profile (PP) – a document, typically created by a user or user community, which identifies security requirements for a class of security devices (for example, smart cards used to provide digital signatures, or network firewalls) relevant to that user for a particular purpose.To be of practical use, the evaluation must verify the target's security features. The evaluation serves to validate claims made about the target. Target of Evaluation (TOE) – the product or system that is the subject of the evaluation.Key concepts Ĭommon Criteria evaluations are performed on computer security products and systems. Common Criteria maintains a list of certified products, including operating systems, access control systems, databases, and key management systems. ![]() In other words, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard and repeatable manner at a level that is commensurate with the target environment for use. Vendors can then implement or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. Ĭommon Criteria is a framework in which computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) in a Security Target (ST), and may be taken from Protection Profiles (PPs). It is currently in version 3.1 revision 5. The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard ( ISO/ IEC 15408) for computer security certification. International standard for computer security certification ![]()
0 Comments
Read More
Leave a Reply. |