Its obvious that a physical device (Bank ATM) will have different security needs compared to an email client (Outlook). Therefore, the CommonCriteria defines a method to compose these differing security targets.
A physical device might need - TamperResistant?, WipeSecurityKeyOnTamperDetection?, NetworkEncryption?.
A single player computer game needs very little security - EncryptPlayerSavegames?, InstallationKeyAuthorisation?.
The SecurityTarget is usually composed as a description of what needs to be done to protect the TargetOfEvaluation against ThreadAgents?.