The AAP contains documents prepared by the developer and AISEF, containing the Security Target (ST) and Protection Profile (PP) (if relevant) and proposed timelines for evaluation. The ST is a major component of the AAP and specifies the security requirements of the Target of Evaluation (TOE) to be evaluated against the CC security and assurance requirements. A Protection Profile (PP) is an implementation-independent document of security requirements for a category of TOEs that meet specific consumer needs. Developers should consult with their AISEF to negotiate the time frame for producing an ST or PP and discuss expectations and the scope of the TOE.
July 1st, 2018