The followings are my comments on Status section. I will review the other sections later.
Comment on Status
Definition of CMFA should be inserted between the 1st and 2nd paragraph of Status. I suggest the following text based on https://arxiv.org/pdf/2001.08578.pdf
The CMFA is an implicit process of validating the user periodically to grant access to the legitimate user and to deny access to impostors based on captured biometric characteristics and built-in sensors of the computer device.
Comment on StatusCCRA certificates that claim conformance to the PP-Module shall be issued only for systems which also utilize biometric characteristics that the CCRA endorsed supporting document covers.
CC schemes can issue CC certificates under their authority following the CC/CEM and CCRA rules in any cases. For example, the scheme can develop its own evaluation guidance for gait authentication and issue the certificate to the CMFA that use the gait authentication if the CMFA meets the requirements in the guidance. So above shall should be replaced with should.
woodbe
commented
3 years ago
The followings are my comments on Status section. I will review the other sections later.
The CMFA is an implicit process of validating the user periodically to grant access to the legitimate user and to deny access to impostors based on captured biometric characteristics and built-in sensors of the computer device.
CC schemes can issue CC certificates under their authority following the CC/CEM and CCRA rules in any cases. For example, the scheme can develop its own evaluation guidance for gait authentication and issue the certificate to the CMFA that use the gait authentication if the CMFA meets the requirements in the guidance. So above shall should be replaced with should.