Security Target - Security Target Outline

Security Target Outline

1. Introduction – an overview of what the TOE does, including key features and purpose.

• ST Reference
• TOE Reference
• TOE Overview
• TOE Description

2. Conformance Claims – identifies conformance claims for the TOE evaluation.

• CC version conformance claims
• CC Part 2 conformance claims
• CC Part 3 conformance claims
• PP conformance claims – strict conformance or demonstrable conformance

3. Security Problem Definition - describes the threats and assumptions about the operational environment. Objective is to demonstrate the security problem intended to be addressed by the TOE and its operational environment.

• Threats – an adverse action performed by a threat agent on an asset. Threat agents are described by aspects such as expertise, resources, opportunity, and motivation.
• Organizational Security Policies (OSP) – OSP is a set of security rules, procedures, or guidelines imposed by an organization in TOEs operational environment.
• Assumptions – made only about the operational environment and not TOE behavior.

4. Security Objectives – a concise and abstract statement of the intended solution to the problem specified by the security problem definition. Each security objective must trace back to at least one threat or OSP.

• Security Objectives for the TOE
• Security Objectives for the Operational Environment
• Security Objectives Rationale – a set of justifications that shows that all threats and assumptions are effectively addressed by the security objectives.

5. Extended Components Definition – the extended components must consist of measurable and objective elements where conformance can be demonstrated.
6. Security Requirements - defines and describes the SFRs from CC Part 2 and SARs from CC Part 3.

• Security Functional Requirements - the SFRs form a clear, unambiguous and well-defined description of the expected security behavior of the TOE.
• Security Assurance Requirements - the SARs form a clear, unambiguous and established description of the expected activities that will be undertaken to gain assurance in the TOE.
• Security Requirements Rationale – the justification for a security objective for the TOE demonstrates that the SFRs are sufficient and necessary.

7.TOE Summary Specifications - enables evaluators and potential consumers to gain a general understanding of how the TOE is implemented.

• Security Functions - TOE summary specification must describe how the TOE meets each SFR.
• TOE Security Specifications - a high-level view of how the developer intends to satisfy each SFR.