Security Objectives for the Operational Environment - commoncriteria/pp-template GitHub Wiki

24 June 2025

CC:2022: "The operational environment of the TOE implements technical and procedural measures to assist the TOE in correctly providing its security functionality (which is defined by the security objectives for the TOE). This pair-wise solution is called the security objectives for the operational environment and consists of a set of statements describing the goals that the operational environment shall achieve."

The Security Objectives for the Operational Environment Section can be declared in one of two ways:

   <section title="Security Objectives for the Operational Environment" id="sec-uniqueId">

   <sec:Security_Objectives_for_the_Operational_Environment">

In XML, the OE Security Objectives section consists of an <SOEs> element that contains one or more <SOE> elements.

Each <SOE> element has a name attribute and an optional id. The id is only needed if there is a reason to refer to the <SOE> by other than its name elsewhere in the document. Which is very unlikely.

The SOE name should be of the form OE.OBJECTIVE_NAME where the name is unique in the document. Ideally, OE Objective names should be common across all PPs so that they can be maintained in a library. So you should try to use Objectives that you've seen before.

Each <SOE> element includes a only description of the Objective and an optional <consistency-rationale> tag, which may be empty.

If the <consistency-rationale> is populated, the text may appear in the Consistency of OE section of a PP-Module for all base PPs. For modules, it is recommended that you use the <con-mod> construct to specify consistency rationales specific to a base PP.

	<SOE name="OE.PHYSICAL_PROTECTION">
		<description>Platforms that operate within data centers or in other access-controlled environments are 
			expected to receive a considerable degree of protection from these environments. In addition to physical 
			protection, these environments often provide malware-detection and behavior-monitoring services
			for networked computing assets.</description>
	</SOE>
	<SOE name="OE.SUPPLY_CHAIN">
		<description>The manufacturer is expected to implement processes to ensure that TOE hardware and
			firmware is not compromised between time of TOE manufacture and delivery to its operational site. 
		</description>
	</SOE>
	<SOE name="OE.TRUSTED_ADMIN">
		<description> The administrator of the GPCP is not careless, willfully negligent or hostile, 
                        and administers the platform within compliance of enterprise security policy. </description>
	</SOE>
⚠️ **GitHub.com Fallback** ⚠️