PrepAway - Latest Free Exam Questions & Answers

The Common Criteria construct which allows prospective consumers or developers to create standardized sets of

The Common Criteria construct which allows prospective consumers or developers to create
standardized sets of security requirements to meet there needs is

PrepAway - Latest Free Exam Questions & Answers

A.
a Protection Profile (PP).

B.
a Security Target (ST).

C.
an evaluation Assurance Level (EAL).

D.
a Security Functionality Component Catalog (SFCC).

Explanation:
Protection Profiles: The Common Criteria uses protection profiles to evaluate products. The
protection profile contains the set of security requirements, their meaning and reasoning, and the
corresponding EAL rating. The profile describes the environmental assumptions, the objectives, and
functional and assurance level expectations. Each relevant threat is listed along with how it is to be
controlled by specific objectives. It also justifies the assurance level and requirements for the
strength of each protection mechanism. The protection profile provides a means for the consumer,
or others, to identify specific security needs;p this is the security problem to be conquered.
EAL: An evaluation is carried out on a product and is assigned an evaluation assurance level (EAL)
The thoroughness and stringent testing increases in detailed-oriented tasks as the levels increase.
The Common Criteria has seven aassurance levels. The ranges go from EAL1, where the functionality
testing takes place, to EAL7,where thorough testing is performed and the system is verified.
All-In-One CISSP Certification Exam Guide by Shon Harris pg. 262
Note:”The Common Criteria defines a Protection Profile (PP), which is an implementation
independent specification of the security requirements and protections of a product that could be
built. The Common Criteria terminology for the degree of examination of the product to be tested is
the Evaluation Assurance Level (EAL). EALs range from EA1 (functional testing) to EA7 (detailed
testing and formal design verification). The Common Criteria TOE [target of evaluation] refers to the
product to be tested. A Security Target (ST) is a listing of the security claims for a particular IT
security product.” -Ronald Krutz The CISSP PREP Guide (gold edition) pg 266-267


Leave a Reply