The TOE Description section is a simple and easily understood section in a Protection Profile. A
TOE is the product or subsystem that would be tested for compliance with the Protection Profile.
The process goes as follows:
1. A customer or industry group develops a Protection Profile with security functional and
assurance requirements. The functional requirements define the what security is required
in the TOE. The assurance requirements define how the vendor will need to prove the
TOE meets the functional requirements. Protection Profiles are implementation
independent, so two vendors could have different security approaches to meeting the
functional requirements.
2. A vendor writes a Security Target document that responds to the Protection Profile with
the implementation specific requirements for a TOE, a product.
3. The TOE is the product that is tested by a Common Criteria Testing Lab to prove it meets
the requirements in a Security Target.
The TOE Description section in a Protection Profile describes the general functionality of
products that could be a TOE and the boundaries of a TOE. In the SCADA Field Device
Protection Profile this is very straightforward. A field device is typically a PLC, PAC, RTU, or
IED. This is not a restrictive list of possible TOE’s, merely examples that contain the general
functionality. Another class of field device, such as a smart instrument, could also use this
Protection Profile.
The TOE boundary is the physical enclosure. All software, hardware and firmware in the
physical box are within the TOE boundary. The communication links to the field device and the
person or device that communicates with the field device are outside the boundary. This does
not mean there will be no security requirements on data as it enters the TOE boundary; there will
be.
No comments:
Post a Comment