ITSCC comments against the Final Draft (v0.13) of the proposed HCD cPP v1.0

[ansukert]

What is the change request for the cPP? Please describe. The following comments were submitted against the Final Draft (v0.13) of the proposed HCD cPP v1.0 by ITSCC:

1. Intended Readership, pg. 9: The version of the identified SD needs to be updated from v0.4 to the recent version (or the published version). Also, we need to update the link. The target of the current link is OnlyOffice, but for someone who wants to read the document but does not have the account of OnlyOffice we need to update the link to the publicly available one.
   From: Supporting Document Draft, v0.4, August 26, 2020 To: the final version

   Changed link

2. Section 4.3 Security Objectives Rationale, p 24: In the end of the page, there is a minor typo in the sentence as follows: "Table 2. Mapping between Security Problem Defintion and Security Objectives". Table 2. Mapping between Security Problem Definition and Security Objectives
3. Section 5.3 Cryptograhic Support (FCS), p 30: In the middle of the page, there is a minor typo in the title of Section 5.3 as follows: "5.3. Cryptograhic Support (FCS)". 5.3. Cryptographic Support (FCS)
4. Section A.2.3.1 FCS_SSHC_EXT.1 SSH Client Protocol, p 87: In the middle of the page, there is a minor typo as follows in the sentence " It is also accep table to count the totally transmitted data per encryption key, the total encrypted traffic for incoming and outgoing data or the total transmitted incoming and outgoing data because the encrypted traffic per encryption key will always be lower or equal to the other options.". It is also acceptable to count the totally transmitted data per encryption key, the total encrypted traffic for incoming and outgoing data or the total transmitted incoming and outgoing data because the encrypted traffic per encryption key will always be lower or equal to the other options.
5. Multiple Sections: Multiple sections: e.g., 5.2.6 (p. 30), 5.3.2 (p.32) This document (cPP) includes lots of strikethroughs. Do we need to keep these in the final version of cPP? Remove or keep the strikethroughs
6. Section I.8 Security Objectives Tables, p 175: Missing mapping between T.UNAUTHORIZED_ACCESS and O.AUTH_FAILURES There exists the mapping between O.AUTH_FAILURES and T.UNAUTHORIZED_ACCESS in Section 4.3 (page 26). Add O.AUTH_FAILURES to the rationale cell

Describe the solution you'd like Implement the suggested corrective actions indicated above for the ITSCC comments

Describe alternatives you've considered None

Additional context None

[kwangwoo-lee]

(2022-09-27 HCD iTC Weekly meeting) HCD iTC SMEs have reviewed the ITSCC's comments as followings;

1. Accepted - AI: Kwangwoo to finalize the reference link issue with the editors
2. Accepted
3. Accepted
4. Accepted
5. Noted - The decision is to keep the strikethrough marks on the document. (AI - Brian to provide the list of strikethrough to the editors for a final review.
6. Accepted.