Closed Kirky-J closed 1 year ago
As an FYI, the topic has been discussed by the NIT in RFI 202229, https://ccusersforum.onlyoffice.com/Products/Files/DocEditor.aspx?fileid=8016042&action=view.
Recommendations...
In PP: Add to glossary, "by default" = "When configured in accordance with AGD_PRE, and AGD_OPE."
In SD: Reword AA to, "The evaluator follows the guidance (completing AGD_PRE.1 and adhering to AGD_OPE.1) to configure the TOE to perform the following tests."
Recommendations...
In PP: Add to glossary, "by default" = "When configured in accordance with AGD_PRE, and AGD_OPE."
In SD: Reword AA to, "The evaluator follows the guidance (completing AGD_PRE.1 and adhering to AGD_OPE.1) to configure the TOE to perform the following tests."
Objection. “By default” means that no extra configuration is required, it is distinct from “in the evaluated configuration” that otherwise would have been used.
If my memory serves, there was extensive discussion about "by default" related to firewall rules. I thought the conclusion was consistent with the recommendation proposed by @dundiddat
a. I recommend removing "simply" in the SD. It confuses otherwise clear "The evaluator follows guidance...".
b. I recommend removing "by default" from the SFR instead of defining it in a way that conflicts with how 'by default' is typically understood.
FCS_IPSEC_EXT.1.12 The TSF shall be able to ensure that the strength of the symmetric algorithm...
I agree with @KSinitski recommendation to remove 'simply' and 'by default'.
I agree with the proposed changes as well.
Section 4.2.4.3 para 478
FCS_IPSEC_EXT.1.12. “The evaluator simply follows the guidance to configure the TOE to perform the following tests.” Please clarify what is meant by “simply follows the guidance”.
FCS_IPSEC_EXT.1.12 Test 2. The AA suggests that the use of guidance is acceptable while the SFR element states “by default”, typically understood as not requiring configuration. Please reconcile.