What is Common Criteria protection profile?
Common Criteria is a framework in which computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) in a Security Target (ST), and may be taken from Protection Profiles (PPs).
What is security target in power system?
An ST is a complete and rigorous description of a security problem in terms of TOE description, threats, assumptions, security objectives, security functional requirements (SFRs), security assurance requirements (SARs), and rationales. …
What is Common Criteria used for?
The Common Criteria enable an objective evaluation to validate that a particular product or system satisfies a defined set of security requirements. Although the focus of the Common Criteria is evaluation, it presents a standard that should be of interest to those who develop security requirements.
What is toe document?
Overview of the TOE The target of evaluation (TOE) is the configuration of MarkLogic Server that is certified by the Common Criteria evaluation process as the proper setup of the environment in which an evaluated configuration of MarkLogic Server can run. Common Criteria Evaluation Process.
What is Common Criteria mode?
Definition: Common Criteria (CC mode) mode puts the IBM WebSphere DataPower appliance in a mode that enforces a set of policies required to pass the Common Criteria security testing criteria (EAL4). It also affects audit log policies and includes a group of default rules and actions.
What are security functional requirements?
Functional Security Requirements, these are security services that needs to be achieved by the system under inspection. Examples could be authentication, authorization, backup, server-clustering, etc. This requirement artifact can be derived from best practices, policies, and regulations.
What do you mean by security target?
This Security Target (ST) defines a set of assumptions about the aspects of the environment, a list of threats that the product intends to counter, a set of security objectives, a set of security requirements and the IT security functions provided by the TOE which meet the set of requirements.
What is CC certified?
The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard for computer security certification.
What are security requirements example?
A security requirement is a goal set out for an application at its inception. Every application fits a need or a requirement. For example, an application might need to allow customers to perform actions without calling customer service.
What is a security target in cc 3.1?
Common Criteria for Information Technology Security Evaluation, version 3.1 Part 1 (called CC 3.1 or CC) defines the Security Target ( ST) as an “implementation-dependent statement of security needs for a specific identified Target of Evaluation ( TOE )”.
When to use the Common Criteria in security?
Applies to the development of security targets of evaluation for application in extremely high-risk situations, as well as when the high value of the assets justifies the higher costs. One way in which the Common Criteria can be used is in conjunction with system acquisition [ Abrams 00 ].
What is the definition of a security target?
Security Target. Common Criteria for Information Technology Security Evaluation, version 3.1 Part 1 (called CC 3.1 or CC) defines the Security Target (ST) as an “implementation-dependent statement of security needs for a specific identified Target of Evaluation (TOE)”.
What are the criteria for information technology security evaluation?
Common Criteria for Information Technology Security Evaluation, version 3.1 Part 1 (called CC 3.1 or CC) defines the Security Target (ST) as an “implementation-dependent statement of security needs for a specific identified Target of Evaluation (TOE)”.
