Security Assurance Requirement


Security Assurance Requirement (SAR) used by the Common Criteria for Information Technology Security Evaluation provides descriptions of the measures taken during development and evaluation of the product to assure compliance with the claimed Security Functional Requirements.

For example, an evaluation may require that all source code is kept in a change management system, or that full functional testing is performed. The Common Criteria provides a catalogue of these, and the requirements may vary from one evaluation to the next. The requirements for particular targets or types of products are documented in the ST and PP, respectively.

More Information#

There might be more information for this subject on one of the following: