crpezol
commented
2 years ago For #1 we agree and have updated the document. Since "hybrid" is not motioned in the Bio cPP-Module it is being left as-is.
We are working with the Biometric ITC to solve #2 and #3.
woodbe
MDFv3.3 2022-04-01 – FIA_UAU.5.1 An application note indicates if biometric or hybrid is selected, then the “cPP-Module for Biometrics” essentially must be claimed. It is not correct or consistent to impose such a requirement in an application note (refer to the inclusion of the TLS package, Bluetooth module, and VPN client module in other requirements).
1) The selection itself should refer to the cPP-Module for Biometrics like “selection: biometric in accordance with the cPP-Module for Biometrics, hybrid in accordance with the cPP-Module for Biometrics, no other mechanism”.
2) The “cPP-Module for Biometrics” has not yet been approved by NIAP and a review of that suggests it is only half baked at this point in time, see the specific comments listed below. Among those comments are some concern about expecting general CC labs to be biometric subject matter experts in evaluation certain quality and performance documents, at least one test that is impossible to perform, questions about whether the use of the toolbox is fully optional (like the requirements it seems to be associated with), and concerns about the toolbox itself in terms of required and acceptable test evidence, some informational gaps, excessive requirements like expensive test equipment that is good for only limited time periods, etc. We believe that the module needs to be improved to the point that evaluators and validators could possibly come to agreeable objective conclusions and also to ensure that the effort and cost for tests is commensurate with any assurance that might be gained – our review suggests that the biometric testing for a single factor using all of the optional requirements and the full toolbox could require as much effort and more cost than all of the other MDF communication-related testing combined.
• https://github.com/biometricITC/cPP-biometrics/issues/368 • https://github.com/biometricITC/cPP-biometrics/issues/369 • https://github.com/biometricITC/cPP-biometrics/issues/370 • https://github.com/biometricITC/cPP-biometrics/issues/371 • https://github.com/biometricITC/cPP-biometrics/issues/372 • https://github.com/biometricITC/cPP-biometrics/issues/373 • https://github.com/biometricITC/cPP-biometrics/issues/374 • https://github.com/biometricITC/cPP-biometrics/issues/375 • https://github.com/biometricITC/cPP-biometrics/issues/376 • https://github.com/biometricITC/cPP-biometrics/issues/377 • https://github.com/biometricITC/cPP-biometrics/issues/378 • https://github.com/biometricITC/Face-Toolbox/issues/17 • https://github.com/biometricITC/Fingerprint-Toolbox/issues/77 • https://github.com/biometricITC/cPP-toolboxes/issues/52 • https://github.com/biometricITC/cPP-toolboxes/issues/51 • https://github.com/biometricITC/cPP-toolboxes/issues/53 • https://github.com/biometricITC/cPP-toolboxes/issues/54
3) Given Comments 1 and 2 above, we suggest that it might be prudent to offer an option where the biometric module is actually objective, so one could claim either “biometric” or “biometric in accordance with the cPP-Module for Biometrics” for example. Unfortunately the obvious problem, is that FIA_BMG_EXT.1 has been relocated into that module (along with all the other formerly objective biometric requirements), although that single SFR could be brought back in order to form a reasonable alternative (comparable with the previous PP) to conforming with the module.
Assuming this suggestion is not acceptable, the module should at a minimum be revised to 1) ensure that all test cases are actually reasonably possible and 2) to clearly reflect that the toolbox testing is optional (i.e., is specifically related to the two optional requirements in that module). The reason for 1 is obvious and the reason for 2 is that the toolbox testing will be very costly in and of itself and also complicated/in deterministic in terms of evaluation evidence given strict timeframes, equipment dates that might be hard to identify, the very large number of artifacts used in testing, etc. all that would presumably somehow need to be reported.