Certified Information Systems Security Professional (CISSP) — Question 284
In the common criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements?
Answer options
- A. Organizational Security Policy
- B. Security Target (ST)
- C. Protection Profile (PP)
- D. Target of Evaluation (TOE)
Correct answer: C
Explanation
The correct answer is C, Protection Profile (PP), as it defines a standardized set of security requirements for a category of products. The other options serve different purposes; for instance, the Organizational Security Policy outlines an organization's security framework, the Security Target (ST) details specific security requirements for a particular product, and the Target of Evaluation (TOE) refers to the specific system being evaluated.