What is Security Target Document?

Security Target a manufacturer-supplied document for each product to be evaluated under the rule of ISO 15408 Common Criteria.

The Security Target basically includes the following headings for the relevant product:

  • Definition,
  • Working environment and environmental components,
  • Possible assets to target protection,
  • User roles,
  • Assumptions and policies regarding working conditions,
  • Information security threats they may encounter,
  • The anticipated safety characteristics of the product and its surroundings to meet threats, assumptions and policies,
  • Analysis of threats, assumptions and policies that are met by the product or the environment,
  • Detailed description of product safety functions in the jargon of Common Criteria standard

When is the Security Target Prepared?

In order for a product to apply to the ISO 15408 Common Criteria Assessment, it is first necessary to deliver the Security Target to the laboratory that will conduct the evaluation. Therefore, the document should be prepared at the beginning of the Common Criteria Evaluation period.

It is necessary to prepare for each product that will be subject to the Common Criteria certificate of the Security Target. So this document can be considered one of the most basic documents.

What is the Detail Level of Security Target?

Since the Security Target is a document specific to the product, it must clearly define all the features for that product. For example, the Security Target Document can not only say that the product will authenticate. Instead of it; password, token, and so on should be defined. However, it is not expected that the Security Target Document will contain details about the design or source code.

Is Security Target confidential?

Once the product is certified under the rule of ISO 15408 Common Criteria, this document will be published on the Common Criteria Portal, commonCriteriaPortal.org, so that customers worldwide can examine the product and check the certification scope. Therefore, it should be noted that this document does not contain confidential information.