tstodart
commented
1 month ago Can re-work these para's to update based on these inputs (mostly comment 1 since comment 2 is in agreement with the text).
Open jgb1128 opened 1 month ago
tstodart
commented
1 month ago Can re-work these para's to update based on these inputs (mostly comment 1 since comment 2 is in agreement with the text).
Page 44:Combining 2 comments.
First comment, 1st paragraph "Each CSP that is tested shall provide instructions for deployment of the TOE. I would expect the TOE developer to leverage guidance of the CSP and to provide guidance on how to configure the Platform so that it fulfills the requirements of the OE. It can't be expected from the CSP to provide guidance on a TOE developed by TOE developers only using the CSP.
2nd comment, 2nd paragraph "In some circumstances, the Cloud Provider is the only entity that may fulfill these guidance requirements to ensure that the TOE is deployed in the tested configuration." In the light of the Shared Security Model this makes sense. Existing documentation of the CSP has to be used in this case.