What is the change request for the cPP? Please describe.
(HCD_cPP_DRAFT_v0.9_2021-08-16.pdf )
This is the same as Master Comments-Matrix(cPP Review) No.104 (Github Issue #170 ).
The Section "3. Security Problem Definition" is older than latest SPD.
1) Following five sections are missing in draft.
3.3.5. Week Cryptography
3.5.8. Root of Trust
4.1.14. Authentication Failures
4.1.15. Firmware Integrity
4.1.16. Strong Cryptography
2) Software should be replaced with firmware/software
In SPD, the term "software/firmware" is used, but "software" is used in section 3 of draft cPP.
They should be replaced with firmware/software to consistent with other parts of HCD cPP.
Describe the solution you'd like
Latest SPD (HCD_SPD_DRAFT_v0.4_2021-05-09.pdf) should be inserted into HCD cPP, and the term "software/firmware" would be replaced with "firmware/software".
See attached file how to update the section.
cPP_Partial.docx
What is the change request for the cPP? Please describe. (HCD_cPP_DRAFT_v0.9_2021-08-16.pdf ) This is the same as Master Comments-Matrix(cPP Review) No.104 (Github Issue #170 ). The Section "3. Security Problem Definition" is older than latest SPD.
1) Following five sections are missing in draft. 3.3.5. Week Cryptography 3.5.8. Root of Trust 4.1.14. Authentication Failures 4.1.15. Firmware Integrity 4.1.16. Strong Cryptography
2) Software should be replaced with firmware/software In SPD, the term "software/firmware" is used, but "software" is used in section 3 of draft cPP. They should be replaced with firmware/software to consistent with other parts of HCD cPP.
Describe the solution you'd like Latest SPD (HCD_SPD_DRAFT_v0.4_2021-05-09.pdf) should be inserted into HCD cPP, and the term "software/firmware" would be replaced with "firmware/software". See attached file how to update the section. cPP_Partial.docx
Describe alternatives you've considered none
Additional context none