<threat-mapping ref="threat-id">
Explanation of how it addresses the threat.
</threat-mapping>
This will allow auto generation of the Security Requirements Rationale Section that will replace the Security Objectives Rationale section for Direct Rationale PPs. The current Security Requirements Rationale section that appears after the mandatory SFRs should contain the contents of the appendix that we now call "Inherently Satisfied Requirements." This is my reading of the CC:2022.
Each SFR should include one or more of these
This will allow auto generation of the Security Requirements Rationale Section that will replace the Security Objectives Rationale section for Direct Rationale PPs. The current Security Requirements Rationale section that appears after the mandatory SFRs should contain the contents of the appendix that we now call "Inherently Satisfied Requirements." This is my reading of the CC:2022.