search

commoncriteria / transforms

Repository for various transforms that are common across CC projects.
The Unlicense
1 stars 2 forks source link

SFRs should be expressly mapped to Threats #102

Closed robertmclemons closed 6 months ago

robertmclemons commented 7 months ago

Each SFR should include one or more of these

   <threat-mapping ref="threat-id">
       Explanation of how it addresses the threat.
   </threat-mapping>

This will allow auto generation of the Security Requirements Rationale Section that will replace the Security Objectives Rationale section for Direct Rationale PPs. The current Security Requirements Rationale section that appears after the mandatory SFRs should contain the contents of the appendix that we now call "Inherently Satisfied Requirements." This is my reading of the CC:2022.

robertmclemons commented 6 months ago

This is OBE. Instead, threat rationales are with the threats.