Security Problem Definition - commoncriteria/pp-template GitHub Wiki

Updated 19 March 2024

CC:2022 requires that all PP and PP-Modules include a Security Problem Definition (SPD) that includes Threats, Organizational Security Policies, and Assumptions. An SPD section is optional for Functional Packages.

For many years, this section was mis-named in NIAP PPs as "Security Problem Description."

In XML, this section can be defined using any of the following three elements:

  <section title="Security Problem Definition" id="sec-uniqueId">

  <sec:Security_Problem_Definition>

  <sec:spd title="Security Problem Definition">

The Security Problem Definition Section should be structured as follows:

• Section tag
• • Arbitrary introductory text
• • Threats Section
• • Assumptions Section
• • Organizational Security Policies Section (optional)