Common Criteria for Information Technology Security Evaluation, version 3.1 Part 1 (called CC 3.1 or CC)[1] defines the Security Target (ST) as an "implementation-dependent statement of security needs for a specific identified Target of Evaluation (TOE)".
In other words, the ST defines boundary and specifies the details of the TOE.
An ST defines information assurance security and functional requirements for the given information system product, which is called the Target of Evaluation (TOE).
The SARs are typically given as a number 1 through 7 called Evaluation Assurance Level (EAL), indicating the depth and rigor of the security evaluation, usually in the form of supporting documentation and testing, that the product meets the SFRs.
[citation needed] An ST contains some (but not very detailed) implementation-specific information that demonstrates how the product addresses the security requirements.