What is the change request for the cPP? Please describe.
In finalizing the wording for the new FPT_WIPE_EXT.1 and FDP_UDU_EXT.1 SFRs, one final issue was that JISEC was concerned that there might be a misunderstanding that FCS_CKM.4 and FCS_CKM_EXT.4 might not apply to Cryptographic Erase. As a result, JISEC suggested some clarifying wordings be added to the OSPs for Storage Encryption is Section 3.5.4 and Purge Data in Section 3.5.7 in the HCD cPP. After discussion the HCD iTC agreed to a modified set of changes to these two sections in the HCD cPP as follows:
Section 3.5.4, Storage Encryption, pg. 18: Add the following sentence to the definition of [P.STORAGE_ENCRYPTION}: And the TOE shall provide a function that an authorized administrator to destroy encryption keys or keying material if the TOE supports a function for removing the TOE from its Operational Environment.
Note: This sentence will also have to be added to the definition of [P.STORAGE_ENCRYPTION] in the following:
Section I.8, Table 20, pg. 171
Section 3.4.7, Purge Data (Optional), pg. 19: Modify the Note at the end of Section 3.5.7 to read as follows: Note: Cryptographic erase which is covered in the mandatory requirement of FCS_CKM_EXT.4 and FCS_CKM.4 can be used as a method to remove some parts of User Data and TSF Data, but it cannot be a single method to remove User Data and TSF Data unless all the data are encrypted.
Describe the solution you'd like
Implement the two changes to the HCD cPP indicated above
What is the change request for the cPP? Please describe. In finalizing the wording for the new FPT_WIPE_EXT.1 and FDP_UDU_EXT.1 SFRs, one final issue was that JISEC was concerned that there might be a misunderstanding that FCS_CKM.4 and FCS_CKM_EXT.4 might not apply to Cryptographic Erase. As a result, JISEC suggested some clarifying wordings be added to the OSPs for Storage Encryption is Section 3.5.4 and Purge Data in Section 3.5.7 in the HCD cPP. After discussion the HCD iTC agreed to a modified set of changes to these two sections in the HCD cPP as follows:
Section 3.5.4, Storage Encryption, pg. 18: Add the following sentence to the definition of [P.STORAGE_ENCRYPTION}: And the TOE shall provide a function that an authorized administrator to destroy encryption keys or keying material if the TOE supports a function for removing the TOE from its Operational Environment. Note: This sentence will also have to be added to the definition of [P.STORAGE_ENCRYPTION] in the following:
Section 3.4.7, Purge Data (Optional), pg. 19: Modify the Note at the end of Section 3.5.7 to read as follows: Note: Cryptographic erase which is covered in the mandatory requirement of FCS_CKM_EXT.4 and FCS_CKM.4 can be used as a method to remove some parts of User Data and TSF Data, but it cannot be a single method to remove User Data and TSF Data unless all the data are encrypted.
Describe the solution you'd like Implement the two changes to the HCD cPP indicated above
Describe alternatives you've considered None
Additional context None