Which of the following BEST describes a Protection Profile (PP)?
A.
A document that expresses an implementation independent set of security requirements for an IT
product that meets specific consumer needs.
B.
A document that is used to develop an IT security product from its security requirements
definition.
C.
A document that expresses an implementation dependent set of security requirements which
contains only the security functional requirements.
D.
A document that represents evaluated products where there is a one-to-one correspondence
between a PP and a Security Target (ST).
A PP specifies generic security evaluation criteria to substantiate vendors’ claims of a given family of information system products.
The Common Criteria process is based on two key elements:
protection profiles and security targets. Protection profiles (PPs) specify for a product that is to be evaluated (the TOE) the security requirements and protections, which are considered the security desires or the “I want” from a customer.
Security targets (STs) specify the claims of security from the vendor that are built into a TOE. STs are considered the implemented security measures or the “I will provide” from the vendor.
Reference: CISSP Official Study Guide 7th ed. 2015
0
0