-
Notifications
You must be signed in to change notification settings - Fork 2
PP Overview
19 December 2023
The PP Overview is a required part of the Introduction to a Protection Profile.
The intended audience of the PP Overview are potential customers for vendors of evaluated products and the developers of those products.
To this end, the PP overview briefly describes the usage of the TOE and its major security features, identifies the TOE type, and identifies any major non-TOE hardware/software/firmware available to the TOE.
CC:2022 states that the PP Overview should include at least the following information:
The description of the usage and major security features of the TOE type is intended to give a very general idea of what the TOE is capable of, and what it can be used for. This section is written for PP authors, TOE developers, or potential TOE consumers, describing TOE type usage and major security features in terms of business operations, using language that TOE consumers can understand.
The TOE overview identifies the general type of a TOE addressed by the PP, such as: firewall, VPN-firewall, smart card, crypto-modem, intranet, web server, database, web server, mobile device, and database, etc. The TOE type definition often includes a characterization of the TOE software and hardware boundaries.
While some TOEs do not rely upon other IT, many TOEs, notably software TOEs, rely on additional, non-TOE, hardware, software and/or firmware. In the latter case, the PP overview is required to identify the non-TOE hardware/software/firmware. As a PP is not written for a specific product, in many cases only a general idea can be given of the available hardware/software/firmware. In some other cases, more specific information can be provided.
For more information and examples, see CC:2022 Part 1, Rev. 1, section B.3.2.3 (p. 128).
The PP Author may include other information in the PP Overview or elsewhere in the Introduction. Other information commonly found in PP Introductions are sections regarding Compliant Targets of Evaluation and the TOE Boundary.