In the Common Criteria, an implementation-independent statement of
security needs for a set of IT security products that could be built is called a:
A.
Package.
B.
Security Target (ST).
C.
Target of Evaluation (TOE).
D.
Protection Profile (PP).
Explanation:
The correct answer is “Protection Profile (PP)”. Answer a, ST, is a statement of security
claims for a particular IT product or system.
* A Package is defined in the CC as an intermediate combination of security requirement
components.
* ATOE is an IT product or system to be evaluated.