Its obvious that a physical device (Bank ATM) will have different security needs compared to an email client (Outlook). Therefore, the CommonCriteria defines a method to compose these differing security targets.
A physical device might need - TamperResistant, WipeSecurityKeyOnTamperDetection, NetworkEncryption.
A single player computer game needs very little security - EncryptPlayerSavegames, InstallationKeyAuthorisation.
The SecurityTarget is usually composed as a description of what needs to be done to protect the TargetOfEvaluation against ThreadAgents.