networklayer
commented
1 year ago Observation/comment on the following NIAP comments:
FTP_ITC.1.2 'the TSF, or the authorized IT entities' is a completed selection and should be unitalics and in brackets.
According to section 5.1. “Conventions” in the HCD cPP, for FTP_ITC.1.2: a) The words “the TSF” is a completed selection and should be in [square brackets] and not bolded. b) “or the authorized IT entities” is not the same as “another trusted IT product” in CC Part 2, where the original selection is modified. Therefore, it is considered as a refinement and should remain to be bold.
FTP_TRP.1.1/NonAdmin - "remote" and "disclosure and detection of modification of the communicated data" should be in square brackets and italicized; they are completed selections by the author.
According to section 5.1. “Conventions” in the HCD cPP, for FTP_TRP.1.1/NonAdmin: a) “remote” is a completed selection and should be in [square brackets]. b) “disclosure” is a completed selection and should be in [square brackets]. c) “and detection of modification of the communicated data” is completion of assignment and should be in [Bold text within square brackets]
gcolunga
As part of NIAP’s review process of the HCD cPP, we performed an evaluation of the APE work units and identified several needing correction. Please see the following comments:
APE_REQ.2-7, The evaluator shall examine the statement of security requirements to determine that all selection operations are performed correctly. --
General inconsistency with regards to whether or not "selection:" prompt is bolded
The following are examples of incorrect conventions for selections; there are other instances throughout the document. FAU_GEN.1.1, b. - "not specified" should be in square brackets and not bold as it is a completed selection FAU_STG.1.2 - "prevent" is a completed selection and should be in square brackets rather than bolded FCS_CKM.4.1 - All bullets should be italicized as they are operations that need to be completed by the author FCS_CKM.4.1 - 'no standard' does not need a selection prompt because the PP author has filled out the selection in a way that the ST author has no choice to make FCS_CKM.1.1/SKG - close bracket is italicized FCS_COP.1.1/DataEncryption - All selection text should be italcized as they are operations that need to be completed by the author FCS_COP.1.1/SigGen - All selection text should be italicized as they are operations that need to be completed by the author FCS_COP.1.1/Hash - refined selection is not italicized FCS_RBG_EXT.1.2 - selection text not italidized in all cases FIA_PMG_EXT.1.1 - selection text not italicized in all cases FTP_ITC.1.2 'the TSF, or the authorized IT entities' is a completed seleciton and should be unitalics and in brackets FTP_TRP.1.1/NonAdmin - "remote" and "disclosure and detection of modification of the communicated data" should be in square brackets and italicized; they are completed selections by the author