Provide the location of the issue
E.1 and specific individual SFRs as referenced below
What is the correction request for the cPP? Please describe.
APE_REQ.2-9 requires SFR dependencies to be present or their absence or substitution to be defined. The following updates are needed.
o For Appendix E.1, note that hierarchical relationships are typically used for multiple components within the same family (e.g. FIA_UAU.2 is hierarchical to FIA_UAU.1). Ideally for FAU_GEN.1 it should say that FPT_STM_EXT.1 is “equivalent to” FPT_STM.1 for the purpose of the dependency rather than using the CC reserved term “hierarchic.’ This would be similar to how FAU_GEN.2 uses FIA_UIA_EXT.1 to satisfy the FIA_UID.1 dependency.
o Under FCS_TLSC_EXT.2 and FCS_TLSS_EXT.2, the FIA_X509_EXT SFRs all have an extra “X.509” after them in column 2 (as if they were intending to repeat the component name but got cut off). These should just be removed because the second column does not use component names.
o FPT_TUD_EXT.2 should be dependent on FIA_X509_EXT.1 because that defines how the code signing certificate would be validated. This should be added to both E.1 and the ECD.
o Arguably any extended SFR that explicitly references a management role (e.g. FTA_SSL_EXT.1 referencing a 'Security Administrator') could be dependent on FMT_SMR.1.
Note that if any changes are made for this in section E.1 the corresponding ECD dependencies updates would need to be made as well.
Describe the solution you'd like
Included in list above
Describe alternatives you've considered
N/A
Additional context
NIAP requested review of PP/SD against CC:2022 and for us to provide guidance and recommendations on changes that will be needed for compatibility with the updated version of the CC.
Provide the location of the issue E.1 and specific individual SFRs as referenced below
What is the correction request for the cPP? Please describe. APE_REQ.2-9 requires SFR dependencies to be present or their absence or substitution to be defined. The following updates are needed. o For Appendix E.1, note that hierarchical relationships are typically used for multiple components within the same family (e.g. FIA_UAU.2 is hierarchical to FIA_UAU.1). Ideally for FAU_GEN.1 it should say that FPT_STM_EXT.1 is “equivalent to” FPT_STM.1 for the purpose of the dependency rather than using the CC reserved term “hierarchic.’ This would be similar to how FAU_GEN.2 uses FIA_UIA_EXT.1 to satisfy the FIA_UID.1 dependency. o Under FCS_TLSC_EXT.2 and FCS_TLSS_EXT.2, the FIA_X509_EXT SFRs all have an extra “X.509” after them in column 2 (as if they were intending to repeat the component name but got cut off). These should just be removed because the second column does not use component names. o FPT_TUD_EXT.2 should be dependent on FIA_X509_EXT.1 because that defines how the code signing certificate would be validated. This should be added to both E.1 and the ECD. o Arguably any extended SFR that explicitly references a management role (e.g. FTA_SSL_EXT.1 referencing a 'Security Administrator') could be dependent on FMT_SMR.1.
Note that if any changes are made for this in section E.1 the corresponding ECD dependencies updates would need to be made as well.
Describe the solution you'd like Included in list above
Describe alternatives you've considered N/A
Additional context NIAP requested review of PP/SD against CC:2022 and for us to provide guidance and recommendations on changes that will be needed for compatibility with the updated version of the CC.