gcolunga
commented
7 months ago This issue is addressed by the following TD:
- HCD0003
The TD above is located at the following location:
Open ansukert opened 1 year ago
gcolunga
commented
7 months ago This issue is addressed by the following TD:
The TD above is located at the following location:
As part of NIAP’s review process of the HCD cPP, we performed an evaluation of the APE work units and identified several needing correction. Please see the following comments:
APE_ECD.1-5, The evaluator shall examine the extended components definition to determine that each extended functional component uses the existing CC Part 2 components as a model for presentation. -- In general, the ECD SFRs are duplicates of their body text equivalents. However, there are cases where they should differ. a,- FCS_TLSC_EXT.1 has "selection: select supported ciphersuites from List 1" in the ECD SFR which doesn't make sense in the context of the component definition (the ECD doesn't 'know' that List 1 exists).
b. In general the ECD should not reference iterated SFRs - un-iterated versions of the SFRs should be referenced (in case the component is reused by a different PP/ST that does not use the same convention for iterations). The ECD doesn't "know" about iterated SFRs in the body of the document it lives in. This happens in:
c. FPT_KYP_EXT.1.1 has "Refinement:" In the title of the SFR but this makes no sense in the context of an ECD because the ECD is by definition what refinements get made off of.
d. FDP_UDU_EXT.1.1 is incorrectly called "FDP_UDU_EXT.1"
e. FDP_UDU_EXT.1.1 references "D.USER.DOC" which is a PP-specific term, it would be better if the ECD version of this SFR would make this an assignment and the body text version of the SFR would fill it out with the PP-specific information. Title should also not be PP-specific
e. FPT_WIPE_EXT.1.1 uses square brackets with "D.USER, D.TSF" in it in the ECD. This should be a blank assignment in the ECD version of the SFR with the body text version filling it out with the PP-specific data.
f. FIA_X509_EXT.1.1/Rev has a refinement in the ECD version of the SFR. This makes no sense as the refinement used to show changes from the baseline and the ECD is the baseline.
g. The ECD should not pre-define SFRs with an iteration as this is not consistent presentation with Part 2. FIA_X509_EXT.1/Rev should just be called FIA_X509_EXT.1.
h. FCS_PCC_EXT.1.1 defines an assignment with only one option - should be [assignment: list of of standards] or similar.
We believe an errata version may be worth considering to resolve them.