[cPP ENHANCEMENT] Codify application note details into FPT_TST_EXT.1.1

[dundiddat]

Provide the location of the issue 6.7.2.1, FPT_TST_EXT.1 TSF Testing (Extended)

What is the enhancement request for the cPP? Please describe. FPT_TST_EXT.1 Application Note 25 defines minimum expected effort as: “It is expected that at least self-tests for verification of the integrity of the TOE firmware and software as well as for the correct operation of cryptographic functions necessary to fulfil the SFRs will be performed.”

Consider codifying this expectation into FPT_TST_EXT.1.1 directly.

Describe the solution you'd like Suggested update:

The TSF shall run a suite of the following self-tests: • During initial start-up (on power on) to verify the integrity of the TOE firmware and software; • During initial start-up (prior to providing any cryptographic services) to verify correct operation of cryptographic implementation necessary to fulfil the TSF; • [selection: no other tests, during initial start-up (on power on), periodically during normal operation, at the request of the authorised user, at the conditions [assignment: conditions under which self-tests should occur]] to demonstrate the correct operation of the TSF: [assignment: list of self-tests run by the TSF].

[KSinitski]

Application note should explain the requirement, not specify.

[KSinitski]

o Please introduce a requirement to document what self-tests are being claimed so there is a definitive list of self-tests in the scope of FPT_TST_EXT.1. o Please improve clarity of documentation by asking to categorically document under what condition these tests are run (e.g., periodically, during startup, etc.) o Mandate that self-tests of cryptographic implementation/module must be in the scope of FPT_TST_EXT.1.

[KSinitski]

I agree with Ken's proposed approach (per email thread) to address this issue by further modifying FPT_TST_EXT.1.1 element.

[kr15tyk]

Resolved in PR https://github.com/ND-iTC/Documents/pull/307