NIAP APE_REQ.2-7 Assessment of HCD cPP

[ansukert]

As part of NIAP’s review process of the HCD cPP, we performed an evaluation of the APE work units and identified several needing correction. Please see the following comments:

APE_REQ.2-7, The evaluator shall examine the statement of security requirements to determine that all selection operations are performed correctly. --

General inconsistency with regards to whether or not "selection:" prompt is bolded

The following are examples of incorrect conventions for selections; there are other instances throughout the document.
FAU_GEN.1.1, b. - "not specified" should be in square brackets and not bold as it is a completed selection
FAU_STG.1.2 - "prevent" is a completed selection and should be in square brackets rather than bolded
FCS_CKM.4.1 - All bullets should be italicized as they are operations that need to be completed by the author
FCS_CKM.4.1 - 'no standard' does not need a selection prompt because the PP author has filled out the selection in a way that the ST author has no choice to make
FCS_CKM.1.1/SKG - close bracket is italicized
FCS_COP.1.1/DataEncryption - All selection text should be italcized as they are operations that need to be completed by the author
FCS_COP.1.1/SigGen - All selection text should be italicized as they are operations that need to be completed by the author
FCS_COP.1.1/Hash - refined selection is not italicized
FCS_RBG_EXT.1.2 - selection text not italidized in all cases
FIA_PMG_EXT.1.1 - selection text not italicized in all cases
FTP_ITC.1.2 'the TSF, or the authorized IT entities' is a completed seleciton and should be unitalics and in brackets
FTP_TRP.1.1/NonAdmin - "remote" and "disclosure and detection of modification of the communicated data" should be in square brackets and italicized; they are completed selections by the author

[networklayer]

Observation/comment on the following NIAP comments:

FTP_ITC.1.2 'the TSF, or the authorized IT entities' is a completed selection and should be unitalics and in brackets.

According to section 5.1. “Conventions” in the HCD cPP, for FTP_ITC.1.2:
a) The words “the TSF” is a completed selection and should be in [square brackets] and not bolded.
b) “or the authorized IT entities” is not the same as “another trusted IT product” in CC Part 2, where the original selection is modified. Therefore, it is considered as a refinement and should remain to be bold.

FTP_TRP.1.1/NonAdmin - "remote" and "disclosure and detection of modification of the communicated data" should be in square brackets and italicized; they are completed selections by the author.

According to section 5.1. “Conventions” in the HCD cPP, for FTP_TRP.1.1/NonAdmin:
a) “remote” is a completed selection and should be in [square brackets].
b) “disclosure” is a completed selection and should be in [square brackets].
c) “and detection of modification of the communicated data” is completion of assignment and should be in [Bold text within square brackets]

[gcolunga]

This issue is addressed by the following TD:

• HCD0003

The TD above is located at the following location:

• https://github.com/HCD-iTC/HCD-iTC-Template/tree/Working/TD