1. A statement of the extent of evaluation necessary before a particular security feature can be considered for security certification as trusted.

2. A set of security features to be provided by a system before it can be deemed to be suitable for use in a particular security processing mode, or in accordance with a generalized security policy.