implement functionality to securely store [assignment: list of credentials] according to [selection: FCS_COP.1/SKC, FCS_PBKDF_EXT.1 ]
However, the test AA states
For all credentials for which the application implements functionality, the evaluator shall verify credentials are encrypted according to FCS_COP.1/SKC or conditioned according to FCS_CKM.1/AK and FCS_PBKDF_EXT.1.
The reference to FCS_CKM.1/AA seems to be a mistake here. It is not required to condition passwords, nor does FCS_PBKDF_EXT.1 ever refer to it.
In the SFR text, FCS_STO_EXT.1 states
However, the test AA states
The reference to FCS_CKM.1/AA seems to be a mistake here. It is not required to condition passwords, nor does FCS_PBKDF_EXT.1 ever refer to it.