TOE Security Policy (TSP)

What Is TOE Security Policy (TSP)?

Definition:

Set of rules that regulate how assets are managed, protected, and distributed within the TOE.
SOURCE: CNSSI-4009

Overview of the TOE

The target of evaluation (TOE) is the configuration of MarkLogic Server that is certified by the Common Criteria (CC) evaluation process.  It is the proper setup of the environment in which an evaluated configuration of MarkLogic Server can run. Understanding the Common Criteria (CC) evaluation process is difficult. It requires reviewing multiple documents and cross referencing massive volumes of concepts & definitions. The first challenge is understanding acronyms, which are summarized below:

• TOE: Target of Evaluation — An IT product or system and its associated administrator and user guidance documentation that is the subject of an evaluation.
• TSP: TOE Security Policy — A set of rules that regulate how assets are managed, protected and distributed within a TOE.
• TSF: TOE Security Functions — A set consisting of all hardware, software, and firmware of the TOE that must be relied upon for the correct enforcement of the TSP.
• PP: Protection Profile — An implementation-independent set of security requirements for a category of TOEs that meet specific consumer needs.
• ST: Security Target — The set of security requirements & specifications used as the basis for evaluation of an identified TOE.
• EAL: Evaluation Assurance Level — A package consisting of assurance components from Part 3 that represents a point on the CC predefined assurance scale.