Open woodbe opened 4 months ago
It is noted in the app note for FIA_CMCS_EXT.1.1 that cryptography needs to be limited to those specified in the PP or PP-Module claiming conformance to this FP. I think this is the phrasing that should be use in place of "compliant cryptography"
App notes for CMCC and CMCS updated to note that the baseline for 'compliant cryptography' here is conformance to FCS_HTTPS_EXT.1, which is inherently expected to be part of any PP or PP-config that this package is used in. Believe this issue can be closed.
What exactly is meant by "compliant cryptography" in the app note? Since HTTPS would seem to be a requirement from a different location (i.e. TLS package or Base-PP or something else), is there a specific requirement here? Does this even need to be said?
I assume the intent here is that the HTTPS should meet the expected NIAP requirements, but this is a vague term since it isn't defined anywhere, so I have no way to know whether the HTTPS may be compliant as no algorithms or ciphersuites are defined in the package.
This is also in the FIA_CMPC_EXT.1 app note.