FIA_CMCC_EXT.1 & FIA_CMPC_EXT.1 app note "compliant cryptography"

[woodbe]

What exactly is meant by "compliant cryptography" in the app note? Since HTTPS would seem to be a requirement from a different location (i.e. TLS package or Base-PP or something else), is there a specific requirement here? Does this even need to be said?

I assume the intent here is that the HTTPS should meet the expected NIAP requirements, but this is a vague term since it isn't defined anywhere, so I have no way to know whether the HTTPS may be compliant as no algorithms or ciphersuites are defined in the package.

This is also in the FIA_CMPC_EXT.1 app note.

[woodbe]

It is noted in the app note for FIA_CMCS_EXT.1.1 that cryptography needs to be limited to those specified in the PP or PP-Module claiming conformance to this FP. I think this is the phrasing that should be use in place of "compliant cryptography"

[jfisherbah]

App notes for CMCC and CMCS updated to note that the baseline for 'compliant cryptography' here is conformance to FCS_HTTPS_EXT.1, which is inherently expected to be part of any PP or PP-config that this package is used in. Believe this issue can be closed.