Which one of the following is NOT a component of a CC Protection
Profile?
A.
Product-specific security requirements
B.
Threats against the product that must be addressed
C.
Security objectives
D.
Target of Evaluation (TOE) description
Explanation:
The correct answer is “Product-specific security requirements”. Product-specific security
requirements for the product or system are contained in the Security Target (ST). Additional items
in the PP are:
TOE security environment description
Assumptions about the security aspects of the product’s expected use
Organizational security policies or rules
Application notes
Rationale