CISSP · Question #1345
In the common criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements?
The correct answer is C. Protection Profile (PP). In Common Criteria, a Protection Profile (PP) is an implementation-independent document that defines a standardized set of security requirements for a category of products or systems.
Question
In the common criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements?
Options
- AOrganizational Security Policy
- BSecurity Target (ST)
- CProtection Profile (PP)
- DTarget of Evaluation (TOE)
How the community answered
(37 responses)- A8% (3)
- B3% (1)
- C86% (32)
- D3% (1)
Why each option
In Common Criteria, a Protection Profile (PP) is an implementation-independent document that defines a standardized set of security requirements for a category of products or systems.
An Organizational Security Policy is a set of rules and practices defined by an organization to govern its security posture, not a formal Common Criteria document expressing implementation-independent requirements.
A Security Target (ST) is an implementation-dependent document that describes the security properties of a specific product or system (the TOE), making it the opposite of implementation-independent.
A Protection Profile (PP) is a formal, implementation-independent document used in Common Criteria that specifies security requirements for a class of products without referencing a specific product. It allows consumers to define what security properties they need and vendors to build products that meet those needs. Because it is not tied to any specific implementation, multiple vendors can create products that satisfy the same PP.
A Target of Evaluation (TOE) refers to the actual product or system being evaluated under Common Criteria, not a formal document expressing security requirements.
Concept tested: Common Criteria Protection Profile implementation-independent security requirements
Source: https://www.commoncriteriaportal.org/cc/
Topics
Community Discussion
No community discussion yet for this question.