gcolunga
commented
7 months ago This issue is addressed by the following TD:
- HCD0003
The TD above is located at the following location:
Open ansukert opened 1 year ago
gcolunga
commented
7 months ago This issue is addressed by the following TD:
The TD above is located at the following location:
As part of NIAP’s review process of the HCD cPP, we performed an evaluation of the APE work units and identified several needing correction. Please see the following comments:
APE_REQ.2-8, The evaluator shall examine the statement of security requirements to determine that all refinement operations are performed correctly. --
general inconsistency as to whether an SFR with a refinement in it starts with "Refinement:" or not
FMT_MSA.3.2 replaces an assignment in the part 2 definition of the SFR with a selection. It was marked here as a refinement presumably since selections are more restrictive than assignments. However, it's not necessary to mark these as refinements. Essentially the PP author's act of creating this SFR was to replace the assignment with a selection. This can be interpreted as 'filling out' the assignment (just with a selection rather than a fixed answer) and so the 'completed assignment' formatting would then be used here.
Other specific issues: FAU_STG.4.1 - one of the selections is struck through but this convention is not defined as a refinement in section 5.1 (it should also be appropriate for the PP author to 'partially complete' a selection by removing one or more of the options without formatting any of the removed text as a refinement) FCS_CKM.1.1/AKG - same strikethrough issue FCS_CKM.1.1/SKG - not all of the bolded text is actually a refinement FCS_CKM.2.1 - same strikethrough issue FTP_ITC.1.3 - "remote audit" should be bold; it is a refinement (or as part of a completed assignment per Part 2, depending on where you interpret the SFR's completion of the assignment as starting) FCS_COP.1.1/KeyEnc - "AES as specified in ISO/IEC 18033-3," SEED as specified in ISO/IEC 18033-3:2010," and "LEA as specified in ISO/IEC 29192-2:2019" should be bold; they are refinements FCS_COP.1.1/CMAC - The words "used in" should be bold; they are refinements FTP_TRP.1.1/NonAdmin - The following words should be bold as indicated; they are refinements: "shall use...to provide a trusted communication
We believe an errata version may be worth considering to resolve them