Provide the location of the issue
Extended Component Definitions
What is the correction request for the cPP? Please describe.
APE_ECD.1-5 states the following: “The evaluator shall examine the extended components definition to determine that each extended functional component uses the existing CC Part 2 components as a model for presentation.”
To conform to this workunit, some minor issues with the ECD require corrections. Specifically:
o SFR dependencies should not include iterated SFRs. For example, FCS_DTLSC_EXT.1 should list FCS_COP.1 by itself rather than all four iterations of FCS_COP.1. CC Part 2 SFRs cannot assume the existence of iterations or the conventions used for them so the ECD should not assume these either.
o Corollary to this is that the FPT_TUD_EXT.1 dependencies, which would normally use brackets to represent the OR relationship (but doesn’t currently, which would be a formatting error), only needs to list FCS_COP.1 so those brackets are not needed
o SFR dependency for FPT_TUD_EXT.2 (FPT_TUD_EXT.1) is missing an SFR component name.
o When no management functions or audit events are defined, it is standard in CC part 2 to say “There are no management activities/auditable events foreseen” but the ECD chooses to use the standard prompt and then just put something like “a. Minimal: No specific audit requirements are specified.” It has the same intent and meaning but is semantically not the same presentation. Contrasted with FIA_PMG_EXT.1, which simply states “No management functions.” and “No specific audit requirements.” In general the management and audit information should be presented consistently throughout, regardless of which method is chosen.
o The ECD should not explicitly reference “List 1” and “List 2” in the TLS/DTLS requirements since the intent is for these to be portable. Instead, the ECD version should say something like “[assignment: list of supported cipher suites],” and then the body text version of the SFR can replace that open-ended assignment with the actual lists.
o FPT_TST_EXT.1.1 is missing an ending bracket for the initial selection.
o FCS_IPSEC_EXT.1.5 is missing the closing bracket for the outermost selection.
o FCS_IPSEC_EXT.1.7 – on the very last two brackets, the first one should be italicized as it’s still part of the outermost selection.
o FCS_IPSEC_EXT.1.7 – the “[selection:” prompts aside from the outermost one should be italicized as they are contained within a selection.
o FCS_IPSEC_EXT.1.7 – the semicolon after “hours” is unnecessary as there is already another semicolon after the selection it’s in closes off.
o FCS_IPSEC_EXT.1.8 – the “[selection:” prompts aside from the outermost one should be italicized as they are contained within a selection.
o FCS_IPSEC_EXT.1.8 – the semicolons after “hours” are unnecessary as there is already another semicolon after the first one closes off and there is no reason for the second one.
Describe the solution you'd like
Included in list above
Describe alternatives you've considered
N/A
Additional context
NIAP requested review of PP/SD against CC:2022 and for us to provide guidance and recommendations on changes that will be needed for compatibility with the updated version of the CC.
Provide the location of the issue Extended Component Definitions
What is the correction request for the cPP? Please describe. APE_ECD.1-5 states the following: “The evaluator shall examine the extended components definition to determine that each extended functional component uses the existing CC Part 2 components as a model for presentation.” To conform to this workunit, some minor issues with the ECD require corrections. Specifically: o SFR dependencies should not include iterated SFRs. For example, FCS_DTLSC_EXT.1 should list FCS_COP.1 by itself rather than all four iterations of FCS_COP.1. CC Part 2 SFRs cannot assume the existence of iterations or the conventions used for them so the ECD should not assume these either. o Corollary to this is that the FPT_TUD_EXT.1 dependencies, which would normally use brackets to represent the OR relationship (but doesn’t currently, which would be a formatting error), only needs to list FCS_COP.1 so those brackets are not needed o SFR dependency for FPT_TUD_EXT.2 (FPT_TUD_EXT.1) is missing an SFR component name. o When no management functions or audit events are defined, it is standard in CC part 2 to say “There are no management activities/auditable events foreseen” but the ECD chooses to use the standard prompt and then just put something like “a. Minimal: No specific audit requirements are specified.” It has the same intent and meaning but is semantically not the same presentation. Contrasted with FIA_PMG_EXT.1, which simply states “No management functions.” and “No specific audit requirements.” In general the management and audit information should be presented consistently throughout, regardless of which method is chosen. o The ECD should not explicitly reference “List 1” and “List 2” in the TLS/DTLS requirements since the intent is for these to be portable. Instead, the ECD version should say something like “[assignment: list of supported cipher suites],” and then the body text version of the SFR can replace that open-ended assignment with the actual lists. o FPT_TST_EXT.1.1 is missing an ending bracket for the initial selection. o FCS_IPSEC_EXT.1.5 is missing the closing bracket for the outermost selection. o FCS_IPSEC_EXT.1.7 – on the very last two brackets, the first one should be italicized as it’s still part of the outermost selection. o FCS_IPSEC_EXT.1.7 – the “[selection:” prompts aside from the outermost one should be italicized as they are contained within a selection. o FCS_IPSEC_EXT.1.7 – the semicolon after “hours” is unnecessary as there is already another semicolon after the selection it’s in closes off. o FCS_IPSEC_EXT.1.8 – the “[selection:” prompts aside from the outermost one should be italicized as they are contained within a selection. o FCS_IPSEC_EXT.1.8 – the semicolons after “hours” are unnecessary as there is already another semicolon after the first one closes off and there is no reason for the second one.
Describe the solution you'd like Included in list above
Describe alternatives you've considered N/A
Additional context NIAP requested review of PP/SD against CC:2022 and for us to provide guidance and recommendations on changes that will be needed for compatibility with the updated version of the CC.