Provide the location of the issue
SARs, Appendix A
What is the enhancement request for the cPP? Please describe.
NIAP has noted that future NIAP PPs will define ALC_FLR.1 through .3 as optional SARs but it is unclear if this is expected to apply to cPPs as well. Consideration should be made for adding these if it is a priority for CC customers or national schemes.
Describe the solution you'd like
Determine whether NIAP considers it to be necessary to define ALC.1 through .3 as optional SARs. If they do, these would likely be added to Appendix A as optional. EAs would also need to be added even if the guidance is ultimately just "follow the CEM."
Describe alternatives you've considered
The alternatives would be to change nothing and not define it at all, or for NIAP to draft the SARs as an optional assurance package that a PP can conform to. In the latter case, the PP would be updated at a later date to reference the package similar to how the SSH package is referenced now.
Additional context
NIAP requested review of PP/SD against CC:2022 and for us to provide guidance and recommendations on changes that will be needed for compatibility with the updated version of the CC.
Provide the location of the issue SARs, Appendix A
What is the enhancement request for the cPP? Please describe. NIAP has noted that future NIAP PPs will define ALC_FLR.1 through .3 as optional SARs but it is unclear if this is expected to apply to cPPs as well. Consideration should be made for adding these if it is a priority for CC customers or national schemes.
Describe the solution you'd like Determine whether NIAP considers it to be necessary to define ALC.1 through .3 as optional SARs. If they do, these would likely be added to Appendix A as optional. EAs would also need to be added even if the guidance is ultimately just "follow the CEM."
Describe alternatives you've considered The alternatives would be to change nothing and not define it at all, or for NIAP to draft the SARs as an optional assurance package that a PP can conform to. In the latter case, the PP would be updated at a later date to reference the package similar to how the SSH package is referenced now.
Additional context NIAP requested review of PP/SD against CC:2022 and for us to provide guidance and recommendations on changes that will be needed for compatibility with the updated version of the CC.