Table 1.
Common Criteria related terms and acronyms [1]/Part1.
| Acronym | Meaning |
|---|---|
| assets | Entities that the owner of the TOE presumably places value upon. |
| assurance | Grounds for confidence that a TOE meets the SFRs. |
| attack potential | A measure of the effort to be expended in attacking a TOE, expressed in terms of an attacker's expertise, resources and motivation. |
| class | A grouping of CC families that share a common focus. |
| component | The smallest selectable set of elements on which requirements may be based. |
| connectivity | The property of the TOE which allows interaction with IT entities external to the TOE. This includes exchange of data by wire or by wireless means, over any distance in any environment or configuration. |
| development environment | The environment in which the TOE is developed. |
| element | An indivisible statement of security need. |
| evaluation | Assessment of a PP, an ST or a TOE, against defined criteria. |
| evaluation assurance level (EAL) | An assurance package, consisting of assurance requirements drawn from CC Part 3, representing a point on the CC predefined assurance scale. |
| family | A grouping of components that share a similar goal but may differ in emphasis or rigor. |
| formal | Expressed in a restricted syntax language with defined semantics based on well-established mathematical concepts. |
| identity | A representation (e.g., a string) uniquely identifying an authorized user, which can either be the full or abbreviated name of that user or a pseudonym. |
| informal | Expressed in natural language. |
| iteration | The use of the same component to express two or more distinct requirements. |
| life-cycle | The sequence of stages of existence of an object (for example a product or a system) in time. |
| life-cycle model | Description of the stages and their relations to each other that are used in the management of the life-cycle of a certain object, how the sequence of stages looks like and which high level characteristics the stages have. |
| object | A passive entity in the TOE, that contains or receives information, and upon which subjects perform operations. |
| operation (on a component of the CC) | Modifying or repeating that component. Allowed operations on components are assignment, iteration, refinement and selection. |
| operation (on an object) | A specific type of action performed by a subject on an object. |
| operational environment | The environment in which the TOE is operated. |
| organizational security policy (OSP) | A set of security rules, procedures, or guidelines imposed (or presumed to be imposed) now and/or in the future by an actual or hypothetical organization in the operational environment. |
| package | A named set of either functional or assurance requirements (e.g., EAL 3). |
| protection profile (PP) | An implementation-independent statement of security needs for a TOE type. |
| refinement | The addition of details to a component. |
| SAR | Security assurance requirement. |
| SFR | Security functional requirement. |
| security objective | A statement of intent to counter identified threats and/or satisfy identified organization security policies and/or assumptions. |
| security target (ST) | An implementation-dependent statement of security needs for a specific identified TOE. |
| semiformal | Expressed in a restricted syntax language with defined semantics. |
| subject | An active entity in the TOE that performs operations on objects. |
| target of evaluation (TOE) | A set of software, firmware and/or hardware possibly accompanied by guidance. |
| TOE security functionality (TSF) | A set consisting of all hardware, software, and firmware of the TOE that must be relied upon for the correct enforcement of the SFRs. |
| trusted channel | A means by which a TSF and a remote trusted IT product can communicate with necessary confidence. |
| trusted IT product | An IT product other than the TOE which has its security functional requirements administratively coordinated with the TOE and which is assumed to enforce its security functional requirements correctly (e.g., by being separately evaluated). |
| trusted path | A means by which a user and a TSF can communicate with necessary confidence. |