Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Target of Evaluation (TOE)

Training Camp • Cybersecurity Glossary

What is Target of Evaluation (TOE)?

In security assessment terminology, the system, hardware, product, software, or module being evaluated for security certification.

Glossary > Governance, Risk & Compliance > Target of Evaluation (TOE)

Understanding Target of Evaluation (TOE)

In security assessment terminology, the system, hardware, product, software, or module being evaluated for security certification. Target of Evaluation is a formal term from security evaluation frameworks, particularly Common Criteria, that defines the specific system, product, or component undergoing security assessment against established criteria. The TOE includes all hardware, software, documentation, and procedures within the defined evaluation boundary. The TOE concept is central to Common Criteria (ISO/IEC 15408) and other security evaluation standards. Organizations pursuing formal security evaluations define the TOE through security targets, evaluation documentation, formal testing, and validation procedures. For example, a cryptographic hardware module vendor seeking FIPS 140-2 validation would precisely define their TOE boundary, including the exact hardware components, firmware versions, cryptographic algorithms, interfaces, security functions, and exclusions, ensuring all security claims and testing are applied consistently to this defined scope. Related terms: Common Criteria, Security evaluation, Security target, Protection profile, Evaluation Assurance Level (EAL), FIPS 140-2, Security certification, Security validation.

Learn More About Target of Evaluation (TOE):

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →