search

commoncriteria / transforms

Repository for various transforms that are common across CC projects.
The Unlicense
1 stars 2 forks source link

Reorganize for Direct Rationale PPs #108

Closed robertmclemons closed 4 months ago

robertmclemons commented 5 months ago

CC:2022 says: "A security requirements rationale that directly maps the SFRs and any security objectives for the operational environment to the SPD-elements is included. It is recommended that this part of the security requirements rationale is located directly under each of the threats, OSPs and assumptions in the SPD section. As in STs that contain security objectives for the TOE, the security requirements rationale also needs to justify the absence of superfluous SFRs and any SFR dependencies that are not satisfied; this part of the rationale is typically located after the definition of the SFRs."

So mappings to SFRs and such should all be expressed in the SPD section amongst the Threats, Assumptions, etc.

The Security Requirements Rationale will be reserved for explaining the "absence of superfluous SFRs and any SFR dependencies that are not satisfied." And the Implicitly Satisfied Requirements appendix can go away.

robertmclemons commented 4 months ago

Direct Rationale PPs and Modules are now supported.