gcolunga
commented
9 months ago This issue is a duplicate of the following issue: https://github.com/HCD-iTC/HCD-IT/issues/16
Open ansukert opened 1 year ago
gcolunga
commented
9 months ago This issue is a duplicate of the following issue: https://github.com/HCD-iTC/HCD-IT/issues/16
The following comments were received from the CCMB against the Supporting Document Mandatory Technical Document Evaluation of the collaborative Protection Profile for Hardcopy Devices (aka the HCD SD), Version 1.0:
Section 3.4.1.2, Guidance Documentation for FTP_TRP.1/NonAdmin Trusted path (for Non-administrators). 2nd Paragraph: The whole 2nd paragraph (The evaluator shall check to ensure that the operational guidance describes the type(s) of overwrite of user document data) is not relevant to the FTP_TRP.1/NonAdmin Trusted path SFR. This text is already included in HCDcPP Section 4.1.1.2. Recommended solution is to remove the misplaced paragraph 2 of Section 3.4.1.2. Editorial Comment
Section 5.2.6.3.1, FCS_SSHC_EXT.1.2. Last Paragraph: The paragraph (Now the HCD iTC has taken the text of the,,, in the HCD SD) looks like metadata that accidentally appeared in the main text. Recommended solution is to remove the metadata paragraph. Editorial Comment
Appendix A.3, Reporting under Vulnerability Analysis, first dot point after “The public facing report contains:”: The text mentions that flaw identifiers returned from searches of public sources should be listed. These raw search results are typically low quality information that may not be helpful to reproduce and thus should not be included in public facing reports. Recommended solution is to consider removing the requirement to publish these Type 1 flaw identifiers. Technical Comment