woodbe
commented
3 years ago If this is kept, this section needs to be rewritten:
it uses the assumptions we removed from the BIOPPM, but if it is removed, then this isn't a concern.
Closed woodbe closed 3 years ago
woodbe
commented
3 years ago If this is kept, this section needs to be rewritten:
it uses the assumptions we removed from the BIOPPM, but if it is removed, then this isn't a concern.
n-kai
commented
3 years ago @woodbe I think that this section should be kept as an evaluation activity so that evaluator can create ETR based on this description, and agree to modify text to remove assumption.
the lab should look at the beginning of the evaluation for new tests that aren't in the current toolbox I fully agree with this. In our scheme, both evaluators and validators should agree with vulnerability test plan in two weeks advance of performing the testing because it's not efficient for evaluators to conduct 2nd round of testing only for missing testing or PAIs.
and if so, work to add them before starting the eval since they won't be allowed until approved. We should allow evaluator submit the new PAIs to the iTC after evaluation is finished because evaluator may find those PAI right before the testing (or validator asks evaluator to test new PAI one or two weeks in advance of testing during review of the test plan).
woodbe
commented
3 years ago @woodbe will update the document to move the new artefact out to a separate toolbox doc. Process will include an IT-like review with a 4-6 week timeline for initial approval of the artefact update (or rejection if needed).
https://github.com/biometricITC/cPP-biometrics/blame/b9a70e87cfe401d0beb66a60ab01884e999a2676/Supporting%20Documents/BS_SD.adoc#L904
So we originally wrote this with an expectation that a lab may add a new set of tests and use them, pretty much as part of the evaluation and then they would need to submit them. Given that we wrote a process for adding new procedures to an existing toolbox, I think we should remove this section from the BIOSD and replace it with a note that the lab should look at the beginning of the evaluation for new tests that aren't in the current toolbox, and if so, work to add them before starting the eval since they won't be allowed until approved.
We could take the information in this section and put it into the toolbox update process as a more fully described set of expectations as to what is expected when creating the new tests.