NIAP APE_REQ.2-5 Evaluation Comments against the HCD cPP #5
Labels
cPP
Issue with the cPP
editorial
Editorial change
NIAP Evaluation
Comments from NIAP Evaluation
Priority +1
Priority 1 Issue
As part of NIAP’s review process of the HCD cPP, we performed an evaluation of the APE work units and identified several needing correction. Please see the following comments:
APE_REQ.2-5, The evaluator shall examine the statement of security requirements to determine that all assignment operations are performed correctly. --
The following are examples of incorrect conventions for assignemnts; there are other instances throughout the document.
FAU_SAR.1.1 - "an Administrator" should not be italicized and the word "assignment:" does not need to be there. Also, "all records" should be in square brackets as it is a completed assignment
FCS_COP.1.1/DataEncryption - "encryption/decryption" should be bold and in brackets (not italicized) at it is a completed assignment
FCS_COP.1.1/SigGen- "cryptographic signature services (generation and verification)" should be bold and in brackets (not italicized) as it is a completed assignment.
FCS_COP.1.1/Hash - "cryptographic hashing services" should be bold and in brackets. "ISO/IEC 10118-3:2004" should be bold and in brackets (not italicized) as both are completed assignments
Other examples include adopting CC Part 2 conventions instead of incorporating the conventions listed in the document.
FCS_COP.1/CMAC - The word “cryptographic” should be inside the brackets with “message authentication”
FDP_ACF.1.2 - completed assignment is formatted with italics and without brackets
FMT_MOF.1.1 - 'U.ADMIN' is a completed assignment and should be in brackets
FMT_MSA.1.1 - 'User Data Access Control SFP' is a completed assignment and should be in brackets
FMT_SMR.1 'U.ADMIN, U.NORMAL' is a completed assignment and should be in brackets
FTP_TRP.1.3/Admin - "initial user authentication and all remote administration actions" should be bold and in brackets; it is a completed assignment
FTP_TRP.1.3/NonAdmin - "initial user authentication and all remote user actions" should be bold and in brackets; it is a completed assignment
We believe an errata version may be worth considering to resolve them
The text was updated successfully, but these errors were encountered: