1. TOE security development
In the process of security development, and on the basis of different security analyses, the Security Target (ST) document is prepared. This document is a set of: security functional requirements (see: www.tools.commoncriteria.pl/ccHelp/#SFR), which describe how security measures should work, and security assurance requirements (see: www.tools.commoncriteria.pl/ccHelp/#SAR), which tell how much assurance these measures can offer.
2. TOE product development
The process concerns the development of an IT product, including its documentation. The set of security functions, determined in ST, is implemented in the TOE according to the adopted technology and on the assumed EAL.
3. IT security evaluation
The security evaluation process is conducted on the basis of an evaluation scheme developed in a given country. The basic tool for this process is the security evaluation methodology CEM (see: www.tools.commoncriteria.pl/ccHelp/#CEM)