Certified Information Systems Security Professional (CISSP) — Question 196

Which of the following MOST accurately describes the Security Target (ST) in the Common Criteria framework?

Answer options

• A. The set of rules that define how resources or assets are managed and protected
• B. A product independent set of security criteria for a class of products
• C. The product and documentation to be evaluated
• D. A document that includes a product specific set of security criteria

Correct answer: D

Explanation

The correct answer, D, is accurate because the Security Target is specifically a document that outlines the security requirements for a particular product. Option A describes general rules for asset management, B refers to broader criteria for categories rather than individual products, and C focuses on the product and documentation but does not capture the essence of the security criteria defined in the ST.