dmhale1
commented
3 years ago Can we get an update on this? The ECD should not be a duplicate of the SFR and needs to be more generic as described above.
Closed kgal closed 2 years ago
dmhale1
commented
3 years ago Can we get an update on this? The ECD should not be a duplicate of the SFR and needs to be more generic as described above.
kgal
commented
2 years ago Fixed
I don’t know whether the functionality to alter the ECD version of an SFR has been put in. If there has been, please advise on the schema (didn’t see an example of it in WIDS). There is a situation in the VPN Client Module where it applies. Specifically, the VPN Client Module defines two instances of FCS_CKM_EXT.2 as follows: When GPOS PP is the Base-PP: The [selection: VPN client, OS] shall store persistent secrets and private keys when not in use in OS-provided key storage. When App PP is the Base-PP: The [selection: TOE, TOE platform] shall store persistent secrets and private keys when not in use in platform-provided key storage. What I would like to do is define the ECD version of the SFR more broadly with an assignment, so that each of these two versions can have their more restrictive selections formatted as assignments. So ideally I would want the Appendix D “original” version of the SFR to say something like this: The [assignment: entity responsible for key storage] shall store persistent secrets and private keys when not in use in platform-provided key storage. But in the current schema it looks like the ECD still picks up the exact text of the body text component with no ability to make the ECD version more generic.