Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NIAP APE_REQ.2-5 Evaluation Comments against the HCD cPP #5

Open
ansukert opened this issue Apr 17, 2023 · 1 comment
Open

NIAP APE_REQ.2-5 Evaluation Comments against the HCD cPP #5

ansukert opened this issue Apr 17, 2023 · 1 comment
Assignees
@brianatricoh
Labels
cPP Issue with the cPP editorial Editorial change NIAP Evaluation Comments from NIAP Evaluation Priority +1 Priority 1 Issue

Comments

@ansukert
Copy link
Contributor

As part of NIAP’s review process of the HCD cPP, we performed an evaluation of the APE work units and identified several needing correction. Please see the following comments:

APE_REQ.2-5, The evaluator shall examine the statement of security requirements to determine that all assignment operations are performed correctly. --

The following are examples of incorrect conventions for assignemnts; there are other instances throughout the document.
FAU_SAR.1.1 - "an Administrator" should not be italicized and the word "assignment:" does not need to be there. Also, "all records" should be in square brackets as it is a completed assignment
FCS_COP.1.1/DataEncryption - "encryption/decryption" should be bold and in brackets (not italicized) at it is a completed assignment
FCS_COP.1.1/SigGen- "cryptographic signature services (generation and verification)" should be bold and in brackets (not italicized) as it is a completed assignment.
FCS_COP.1.1/Hash - "cryptographic hashing services" should be bold and in brackets. "ISO/IEC 10118-3:2004" should be bold and in brackets (not italicized) as both are completed assignments
Other examples include adopting CC Part 2 conventions instead of incorporating the conventions listed in the document.
FCS_COP.1/CMAC - The word “cryptographic” should be inside the brackets with “message authentication”
FDP_ACF.1.2 - completed assignment is formatted with italics and without brackets
FMT_MOF.1.1 - 'U.ADMIN' is a completed assignment and should be in brackets
FMT_MSA.1.1 - 'User Data Access Control SFP' is a completed assignment and should be in brackets
FMT_SMR.1 'U.ADMIN, U.NORMAL' is a completed assignment and should be in brackets
FTP_TRP.1.3/Admin - "initial user authentication and all remote administration actions" should be bold and in brackets; it is a completed assignment
FTP_TRP.1.3/NonAdmin - "initial user authentication and all remote user actions" should be bold and in brackets; it is a completed assignment

We believe an errata version may be worth considering to resolve them
@ansukert ansukert added cPP Issue with the cPP NIAP Evaluation Comments from NIAP Evaluation labels Apr 17, 2023
@ansukert ansukert added Priority +1 Priority 1 Issue editorial Editorial change labels Oct 7, 2023
@gcolunga
Copy link

gcolunga commented Feb 9, 2024
edited

This issue is addressed by the following TD:

  • HCD0003

The TD above is located at the following location:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brianatricoh brianatricoh

Labels
cPP Issue with the cPP editorial Editorial change NIAP Evaluation Comments from NIAP Evaluation Priority +1 Priority 1 Issue
Projects
Interpretation Team
Status: Completed
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ansukert @gcolunga @brianatricoh