Neil Jones wrote:
> Thank you for replying.
>
> The system is a EAL4 system (using Common Criteria). Do I need to look
> for the protection profiles on the system? Are there any config files
> that define these protection profiles (PP)?
>
> N J

The Security Target should be available and this would be a good
starting point as this should tell you how the system meets the
Protection Profile to which it conforms. As a little aside I wouldn't
hold that much faith in an CC evaluation to 'prove' that a system is
secure. CC is criticised for focusing to heavily on paper work and
process and little on actually uncovering vulnerabilities.