To install click the Add extension button. That's it.

The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time.

How to transfigure the Wikipedia

Would you like Wikipedia to always look as professional and up-to-date? We have created a browser extension. It will enhance any encyclopedic page you visit with the magic of the WIKI 2 technology.

Try it — you can delete it anytime.

Install in 5 seconds
4,5
Kelly Slayton
Congratulations on this excellent venture… what a great idea!
Alexander Grigorievskiy
I use WIKI 2 every day and almost forgot how the original Wikipedia looks like.
Live Statistics
English Articles
Improved in 24 Hours
Added in 24 Hours
Languages
Recent
Show all languages
What we do. Every page goes through several hundred of perfecting techniques; in live mode. Quite the same Wikipedia. Just better.
Great Wikipedia has got greater.
.
Leo
Newton
Brights
Milds

Security Target

From Wikipedia, the free encyclopedia

Common Criteria for Information Technology Security Evaluation, version 3.1 Part 1 (called CC 3.1 or CC)[1] defines the Security Target (ST) as an "implementation-dependent statement of security needs for a specific identified Target of Evaluation (TOE)". In other words, the ST defines boundary and specifies the details of the TOE. In a product evaluation process according to the CC the ST document is provided by the vendor of the product.

An ST defines information assurance security and functional requirements for the given information system product, which is called the Target of Evaluation (TOE). An ST is a complete and rigorous description of a security problem in terms of TOE description, threats, assumptions, security objectives, security functional requirements (SFRs), security assurance requirements (SARs), and rationales. The SARs are typically given as a number 1 through 7 called Evaluation Assurance Level (EAL), indicating the depth and rigor of the security evaluation, usually in the form of supporting documentation and testing, that the product meets the SFRs.[citation needed]

An ST contains some (but not very detailed) implementation-specific information that demonstrates how the product addresses the security requirements. It may refer to one or more Protection Profiles (PPs). In such a case, the ST must fulfill the generic security requirements given in each of these PPs, and may define further requirements.

YouTube Encyclopedic

  • 1/1
    Views:
    3 173
  • Colorado State Police, Homeland Security target Christians

Transcription

Security Target outline

  1. Introduction – an overview of what the TOE does, including key features and purpose.
    • ST Reference
    • TOE Reference
    • TOE Overview
    • TOE Description
  2. Conformance Claims – identifies conformance claims for the TOE evaluation.
    • CC version conformance claims
    • CC Part 2 conformance claims
    • CC Part 3 conformance claims
    • PP conformance claims – strict conformance or demonstrable conformance
  3. Security Problem Definition – describes the threats and assumptions about the operational environment. Objective is to demonstrate the security problem intended to be addressed by the TOE and its operational environment.
    • Threats – an adverse action performed by a threat agent on an asset. Threat agents are described by aspects such as expertise, resources, opportunity, and motivation.
    • Organizational Security Policies (OSP) – OSP is a set of security rules, procedures, or guidelines imposed by an organization in TOEs operational environment.
    • Assumptions – made only about the operational environment of the TOE behavior.
  4. Security Objectives – a concise and abstract statement of the intended solution to the problem specified by the security problem definition. Each security objective must trace back to at least one threat or OSP.
    1. aspect of security which to achieve is the purpose and objective of using certain mitigation measures, such as confidentiality, integrity, availability, user authenticity, access authorisation, accountability.
    2. confidentiality, integrity or availability required to support the applicable foundational requirements.-[1]
    • Security Objectives for the TOE
    • Security Objectives for the Operational Environment
    • Security Objectives Rationale – a set of justifications that shows that all threats and assumptions are effectively addressed by the security objectives.
  5. Extended Components Definition – the extended components must consist of measurable and objective elements where conformance can be demonstrated.
  6. Security Requirements – defines and describes the SFRs from CC Part 2 and SARs from CC Part 3.
    • Security Functional Requirements – the SFRs form a clear, unambiguous and well-defined description of the expected security behavior of the TOE.
    • Security Assurance Requirements – the SARs form a clear, unambiguous and established description of the expected activities that will be undertaken to gain assurance in the TOE.
    • Security Requirements Rationale – the justification for a security objective for the TOE demonstrates that the SFRs are sufficient and necessary.
  7. TOE Summary Specifications – enables evaluators and potential consumers to gain a general understanding of how the TOE is implemented.
    • Security Functions – function of a zone or conduit to prevent unauthorised electronic intervention that can impact or influence the normal functioning of devices and systems within the zone or conduit. TOE summary specification must describe how the TOE meets each SFR.
    • TOE Security Specifications – a high-level view of how the developer intends to satisfy each SFR.

See also

References

  1. ^ Common Criteria Portal – http://www.commoncriteriaportal.org/cc/
This page was last edited on 1 March 2024, at 08:18
Basis of this page is in Wikipedia. Text is available under the CC BY-SA 3.0 Unported License. Non-text media are available under their specified licenses. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. WIKI 2 is an independent company and has no affiliation with Wikimedia Foundation.
Contact WIKI 2
Introduction
Terms of Service
Privacy Policy