Which of the following BEST describes a Protection Profile (PP)?

Which of the following BEST describes a Protection Profile (PP)?

Which of the following BEST describes a Protection Profile (PP)?

A.
A document that expresses an implementation independent set of security requirements for an IT
product that meets specific consumer needs.

B.
A document that is used to develop an IT security product from its security requirements
definition.

C.
A document that expresses an implementation dependent set of security requirements which
contains only the security functional requirements.

D.
A document that represents evaluated products where there is a one-to-one correspondence
between a PP and a Security Target (ST).

Show Hint

Leave a Reply 1

Your email address will not be published. Required fields are marked *

15 − nine =

herman Rensink

herman Rensink

A PP specifies generic security evaluation criteria to substantiate vendors’ claims of a given family of information system products.

The Common Criteria process is based on two key elements:
protection profiles and security targets. Protection profiles (PPs) specify for a product that is to be evaluated (the TOE) the security requirements and protections, which are considered the security desires or the “I want” from a customer.

Security targets (STs) specify the claims of security from the vendor that are built into a TOE. STs are considered the implemented security measures or the “I will provide” from the vendor.

Reference: CISSP Official Study Guide 7th ed. 2015

Reply