Security Problem Definition - commoncriteria/pp-template GitHub Wiki
Updated 19 March 2024
CC:2022 requires that all PP and PP-Modules include a Security Problem Definition (SPD) that includes Threats, Organizational Security Policies, and Assumptions. An SPD section is optional for Functional Packages.
For many years, this section was mis-named in NIAP PPs as "Security Problem Description."
In XML, this section can be defined using any of the following three elements:
<section title="Security Problem Definition" id="sec-uniqueId">
<sec:Security_Problem_Definition>
<sec:spd title="Security Problem Definition">
The Security Problem Definition Section should be structured as follows:
- Section tag
-
- Arbitrary introductory text