nerdexam
(ISC)2

CISSP · Question #954

Which of the following MOST accurately describes the Security Target (ST) in the Common Criteria framework?

The correct answer is D. A document that includes a product specific set of security criteria. The Security Target (ST) within the Common Criteria framework is a document that specifies the security properties of a particular product under evaluation.

Submitted by helene.fr· Mar 5, 2026Security Assessment and Testing

Question

Which of the following MOST accurately describes the Security Target (ST) in the Common Criteria framework?

Options

  • AThe set of rules that define how resources or assets are managed and protected
  • BA product independent set of security criteria for a class of products
  • CThe product and documentation to be evaluated
  • DA document that includes a product specific set of security criteria

How the community answered

(35 responses)
  • B
    3% (1)
  • C
    6% (2)
  • D
    91% (32)

Why each option

The Security Target (ST) within the Common Criteria framework is a document that specifies the security properties of a particular product under evaluation.

AThe set of rules that define how resources or assets are managed and protected

This describes a general security policy or security controls, not the specific Security Target document within Common Criteria.

BA product independent set of security criteria for a class of products
CThe product and documentation to be evaluated
DA document that includes a product specific set of security criteriaCorrect

The Security Target (ST) is a document created by the vendor for a specific product, detailing the security functionality of that product and the security assurance requirements it aims to meet during the Common Criteria evaluation process. It outlines the specific security claims and criteria relevant to that unique product.

Concept tested: Common Criteria Security Target definition

Source: https://www.commoncriteria.org/ccl/current_docs.php

Topics

#Common Criteria#Security Target (ST)#security evaluation#certification

Community Discussion

No community discussion yet for this question.

Full CISSP Practice