6. Security Requirements
This section defines the IT security requirements that shall be satisfied by the
TOE or its environment:
The CC divides TOE security requirements into two categories:
1. Security functional requirements (SFRs) (such as, identification and
authentication, security management, and user data protection) that
the TOE and the supporting evidence need to satisfy to meet the
security objectives of the TOE.
2. Security assurance requirements (SARs) that provide grounds for
confidence that the TOE and its supporting IT environment meet its
security objectives (e.g., configuration management, testing, and
All operations performed on the SFRs or the SARs need to be identified. For
this purpose the following conventions shall be used.
Assignments will be written in [normal text with brackets]
Selections will be written in underlined and italic text.
Refinements will be written bold
Iterations will be performed on components and functional elements.
The component ID defined by the Common Criteria (e.g. FDP_IFC.1)
will be extended by an ID for the iteration (e.g. "(FILTER)"). The
resulting component ID would be "FDP_IFC.1 (FILTER)".
Where an iteration is identified in rationale discussion as "all", the
statement applies to all iterations of the requirement (e.g. "FMT_MTD.1
Xerox Multi-Function Device Security Target
2013 Xerox Corporation. All rights reserved.