SFRs

[woodbe]

FCS

• should be reliant on platform for crypto (does this need a requirement to state that)?

FDP

• FDP_RIP.1 or FDP_RIP.2 should be included to cover clearing of CMFA data
• FDP_IFC/FDP_IFF combination related to the definition of how input is gathered. This may be where the input trust would be defined (second choice)
• FDP_ACC/FDP_ACF may be useful here to show protection of CMFA system
  • This may be better handled by actually laying out SFRs to require the SEE and enforce the isolation/no export via that system instead of simply relying on MDF and access control

FIA

• enrolment
• verification
• PAD (optional?)
• profile quality (input trust score definition first choice)

FMT

• table of functions
  • user capabilities (as allowed by the admin), including further adjustments to the config (like selecting locations where they may be)
  • admin capabilities
• default settings

QUESTION: How to enroll the device into CMFA management? Is this available as a user function? So we assume that the device is managed and the MDM needs to support CMFA?

FPT

• data processing
• protection of the profile data
• protected update capability (if assumed to not be part of OS) Should trust scores be defined here as self protection?

[woodbe]

FCS - nothing at this time, if a request for this comes up, then it could be reviewed to be added.

[woodbe]

FDP

FDP_RIP as optional while we see if needed FDP_IFC -> FTP_TRP to show trust of input signal (@ccparran) FDP_ACC/FDP_ACF required

[woodbe]

FIA

enrollment verification trust (profile and individual input)

PAD - should be optional, flexible and targeted to individual inputs, not to combined output

[woodbe]

PAD probably needs a lot of thought about how to make it work well. It is likely mandatory to have SOMETHING, but not for everything, and how it applies will need to be flexible.

[woodbe]

FMT

Do we need trust of MDM? (@woodbe thinks this should be handled by MDM Agent or similar to establish trusted management connection)

FMT_SMF/FMT_MOF listing FMT_MSA for default settings?

[woodbe]

FMT/FPT (from @n-kai)

Can the user turn CMFA off? What are the boundaries of control for the user (can they just select from options from the admin, or are they forced to use what the admin sets with no changes)? Can the user enroll biometrics optionally? For example, if the admin chooses gait as an option, does the user HAVE to enroll their gait, or can they just leave that unenrolled and just use the resulting inputs? And how does that potential change impact the scoring?

[woodbe]

FPT (@ccparran)

Should trusted update be considered?

@woodbe thinks that at this point we should look at it as part of the OS/system, and leave trusted update to that. In the future it could be considered an app, and maybe have a PP-Config for an App PP (either NIAP or iTC), and then rely on that to have the trusted update component instead of trying to write it directly into the PP here.