FMT_SMR.2 Selection Issue #153
Description
What is the change request for the cPP? Please describe.
The ‘FMT_SMR.2 Restrictions on Security Roles’ SFR is only claimed for TOE's that implement their own authentication mechanism. TOEs that rely on external identity providers MAY still make use of roles and should meet the conditions of this SFR. This SFR should apply to any TOE that has users assume a role through I&A.
This requirement is inconsistently labeled between the cPP and the supporting documents. The cPP lists FMT_SMR.2 as a selection-based SFR but is marked as a Baseline Requirement in the SD.
Describe the solution you'd like
Application Note 29 should be updated to make FMT_SMR.2 mandatory if that SFR is claimed.