CC

Question 1

package

Answer 1

named set of either security functional or security assurance requirements

Question 2

Protection Profile (PP)

Answer 2

implementation-independent statement of security needs for a TOE type

Question 3

Security Target (ST)

Answer 3

implementation-dependent statement of security needs for a specific identified TOE

Question 4

ST

Answer 4

ST always describes a specific TOE (e.g. Palo Alto Firewall)

Question 5

PP

Answer 5

intended to describe a TOE type (e.g. Firewalls).

Question 6

ST

Answer 6

Describes requirements for a TOE.

Question 7

PP

Answer 7

Describes the general requirements for a TOE type.

Protection Profile is not written for a specific product

Question 8

PP

Answer 8

Written by User Community, Developer of a TOE, Government or Large Corporation.

Question 9

ST

Answer 9

Written by the developer of that TOE

Question 10

PP/ST

Answer 10

PP determines the allowed type of conformance of the ST to the PP.

1. if the PP states that strict conformance is required, the ST shall conform to the PP in a strict manner;
2. if the PP states that demonstrable conformance is required, the ST shall conform to the PP in a strict or demonstrable manner.

Question 11

EAL1

Functionally Tested

Answer 11

1. LOW confidence (LOW).
2. Provides assurance through unique identification of the TOE.
3. Provides a meaningful increase in assurance over unevaluated IT
4. Requires limited security target (ST)
5. Threats to security are not viewed as serious.
6. Due care has been exercised with respect to the protection of personal Information.
7. Could be successfully conducted without assistance from the developer.
8. Analysis is supported by a search for potential vulnerabilities in the public domain and independent testing

Question 12

EAL2

Structurally Tested

Answer 12

LOW to MODERATE level of independently assured security

Question 13

EAL3

methodically tested and checked

Answer 13

MODERATE level of independently assured security

Question 14

EAL4

methodically designed, tested, and reviewed

Answer 14

MODERATE to HIGH level of independently assured security

Question 15

EAL4

Answer 15

HIGHEST LEVEL at which it is likely to be economically feasible to retrofit to an existing product line.

Question 16

EAL5

semiformally designed and tested

Answer 16

HIGH level of independently assured security

Question 17

EAL6

semiformally verified design and tested

Answer 17

high risk situations.

high attack potential

Question 18

EAL7

semiformally verified design and tested

Answer 18

extremely high risk situations and/or where the high value of the assets justifies the higher costs