Need to take action per DISA FSO comment:
FMT_MEC_EXT.1.2:
Strike this requirement or provide additional explantion of its objectives in an application note. This requirement seems to preclude apps that provide FIPS-validated data storage containers when the OS does not provide FIPS-validated cryptographic modules for data-at-rest. Such apps may be among the most important to have NIAP-evaluated. FPT_API_EXT.1 includes the phrase "unless providing cryptographic services is the purpose of the application" but a similar exception is lacking here.
Note: We need to sync with FE PP developers on this, in case this will be covered in other PP.
Need to take action per DISA FSO comment: FMT_MEC_EXT.1.2: Strike this requirement or provide additional explantion of its objectives in an application note. This requirement seems to preclude apps that provide FIPS-validated data storage containers when the OS does not provide FIPS-validated cryptographic modules for data-at-rest. Such apps may be among the most important to have NIAP-evaluated. FPT_API_EXT.1 includes the phrase "unless providing cryptographic services is the purpose of the application" but a similar exception is lacking here.
Note: We need to sync with FE PP developers on this, in case this will be covered in other PP.