In the Common Criteria, an implementation-independent statement of security needs for a set of IT
security products that could be built is called a:
A.
Package.
B.
Security Target (ST).
C.
Target of Evaluation (TOE).
D.
Protection Profile (PP).
Explanation:
The correct answer is “Protection Profile (PP)”. Answer a, ST, is a statement of security claims for a
particular IT product or system. * A Package is defined in the CC as an intermediate combination of
security requirement components. * ATOE is an IT product or system to be evaluated.