What is Target of Evaluation TOE?

Understanding Target of Evaluation TOE

In security assessment terminology the system hardware product software or module being evaluated for security certification. Target of Evaluation is a formal term from security evaluation frameworks particularly Common Criteria that defines the specific system product or component undergoing security assessment against established criteria. The TOE includes all hardware software documentation and procedures within the defined evaluation boundary. The TOE concept is central to Common Criteria ISO/IEC 15408 and other security evaluation standards. Organizations pursuing formal security evaluations define the TOE through security targets evaluation documentation formal testing and validation procedures. For example a cryptographic hardware module vendor seeking FIPS 140-2 validation would precisely define their TOE boundary including the exact hardware components firmware versions cryptographic algorithms interfaces security functions and exclusions ensuring all security claims and testing are applied consistently to this defined scope. Related terms Common Criteria Security evaluation Security target Protection profile Evaluation Assurance Level EAL FIPS 140-2 Security certification Security validation.