CC Flashcards
package
named set of either security functional or security assurance requirements
Protection Profile (PP)
implementation-independent statement of security needs for a TOE type
Security Target (ST)
implementation-dependent statement of security needs for a specific identified TOE
ST
ST always describes a specific TOE (e.g. Palo Alto Firewall)
PP
intended to describe a TOE type (e.g. Firewalls).
ST
Describes requirements for a TOE.
PP
Describes the general requirements for a TOE type.
Protection Profile is not written for a specific product
PP
Written by User Community, Developer of a TOE, Government or Large Corporation.
ST
Written by the developer of that TOE
PP/ST
PP determines the allowed type of conformance of the ST to the PP.
- if the PP states that strict conformance is required, the ST shall conform to the PP in a strict manner;
- if the PP states that demonstrable conformance is required, the ST shall conform to the PP in a strict or demonstrable manner.
EAL1
Functionally Tested
- LOW confidence (LOW).
- Provides assurance through unique identification of the TOE.
- Provides a meaningful increase in assurance over unevaluated IT
- Requires limited security target (ST)
- Threats to security are not viewed as serious.
- Due care has been exercised with respect to the protection of personal Information.
- Could be successfully conducted without assistance from the developer.
- Analysis is supported by a search for potential vulnerabilities in the public domain and independent testing
EAL2
Structurally Tested
LOW to MODERATE level of independently assured security
EAL3
methodically tested and checked
MODERATE level of independently assured security
EAL4
methodically designed, tested, and reviewed
MODERATE to HIGH level of independently assured security
EAL4
HIGHEST LEVEL at which it is likely to be economically feasible to retrofit to an existing product line.
