Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Quick scope update before use (#397)
* Update to the current master (#296) * Updating the readme This changed the content of the readme, moving the format to adoc (from md), and updating the info. Also includes a folder name change (made a typo). Added an MIT license for the content as well. * Update MobileUseCaseV2.md URL changes and one misspelling. No other changes. I think this should probably be split into separate files instead of one large one. * Delete PP_Config-OS.adoc * Update README.adoc * Update Docs_README.adoc * Delete PP_Config-OS.adoc * Sample quality TD Proposed changes for the TD to add the sample quality research paper and an explicit reference for the validator to point to this as a reference. * Update BS_SD.adoc Date updates * Found "enroll" The language for the PP-Module has used "enrol" but the definitions list has "Failure-to-Enroll". Given the standard usage of one "l", this should be edited. This can wait until the next update and does not need to be made into an interpretation, but should be fixed in the next major release. * Updating the readme This changed the content of the readme, moving the format to adoc (from md), and updating the info. Also includes a folder name change (made a typo). Added an MIT license for the content as well. * scope specification This is to close #301 * removing assumptions This is to close #303. Both the assumptions and the objectives are removed. * updated text updated based on @gfiumara comment * completing the removal of assumptions completing the removal of assumptions as specified by @n-kai and the NIAP comments (missed the table previously) * Update BiocPP.adoc * Update PP_Config.adoc * Update BS_SD.adoc * Revert "Update BiocPP.adoc" This reverts commit a03b6bd. * Revert "Update PP_Config.adoc" This reverts commit 2c09b39. * Revert "Update BS_SD.adoc" This reverts commit 7f2b79c. * Revert "Revert "Update PP_Config.adoc"" This reverts commit 9c6a884. * Revert "Revert "Revert "Update PP_Config.adoc""" This reverts commit 1da95b9. * Consistency and Rationale edit This is for @n-kai to show these commits directly. This is based on the assumptions branch, but specifically moves his commits into a new branch (there is a little bit of a mess in the assumptions branch as I pulled them over). This is to close #302 at this time. There are changes here for #300 as well. * Update BiocPP.adoc * Grammar. * Remove normative language from application notes. * protect -> protects changed "protect" to "protects" in phrases where "shall" had been removed. * Remove application note Per discussion: #315 (comment) * second application note removal removed other application note * FPT_BDP_EXT updates This closes #308 and closes #309. This removes FPT_BDP_EXT.2/3 and replaces them with FPT_KST_EXT.1/2 from the MDF with modifications to add biometric data. Secure Execution Environment -> Separate Execution Environment. This is from the MDF in sections FCS_CKM_EXT.1 & FCS_CKM_EXT.4, as a method of separation from the OS. FPT_BDP_EXT.1 is changed to mirror FCS_CKM_EXT.1.2 in specifying some sort of hardware isolation (basically the SEE of some sort), and removed descriptions related to encryption for the EA. * further updates edited references to MDF and also removed the Acknowledgements from the numbered list in the TOC for the PPM. * Quality metric update This is to close #314 This is a modification from the MDF v3.2 requirement to make it explicit that a vendor can choose their own metric (with a description to be specified) or an independent one (such as NFIQ, though I haven't added a reference for it, and I'm not sure if we should in the app note or not). I added some bullets in the SD to note this as well. * verification added The same issues from enrollment apply to verification, so I modified the requirement to match. * FIA_MBV_EXT.1.1 remove assignment This is to close #305. This removes the assignment that we had allowed originally. The original thinking was that to use the assignment the vendor would have had to provide PAD and everything else, it wouldn't just be allowed, but NIAP prefers more explicit control (which is fine). What I would expect as the proper course for this would be the vendor asks to add a new modality, and once everything has been submitted and approved, a TD would be issued to add the new modality to the list. This ensures that only approved modalities are allowed, and they must be approved before. I alphabetized the list so there isn't any particular preference among the modalities. I removed Voice because we don't have a toolbox for it at this time. The other issue about the app note is already resolved by #315. * Revert "FIA_MBV_EXT.1.1 remove assignment" This reverts commit c6da430. * FIA_MBV_EXT.1.1 remove assignment This is to close #305. This removes the assignment that we had allowed originally. The original thinking was that to use the assignment the vendor would have had to provide PAD and everything else, it wouldn't just be allowed, but NIAP prefers more explicit control (which is fine). What I would expect as the proper course for this would be the vendor asks to add a new modality, and once everything has been submitted and approved, a TD would be issued to add the new modality to the list. This ensures that only approved modalities are allowed, and they must be approved before. I alphabetized the list so there isn't any particular preference among the modalities. I removed Voice because we don't have a toolbox for it at this time. The other issue about the app note is already resolved by #315. * fixed ECD fixed the ECD change to match * remove the app note This is to close #307. The other app notes mentioned are already removed due to other changes. It isn't clear that we actually need this app note though. While clearly it depends on the base PP, I don't know that it needs a note about consistency that doesn't actually provide information about the SFR itself. * conformance updates This is to close #300. This adds the base PP and allowed PPC modules (it isn't clear if MDF sub-modules need to be added like Wi-Fi or the TLS package, but I don't think so since those would be specified as part of the base PP). * Update BiocPP.adoc update based on comments from @gfiumara * Added BMD Added biometrics management description based on the FE PP 1.0 from NIAP. This is optional for the developer and so does not have the same expectations as the FE PP does in terms of the content. This is to close #323. The FE PP defines the expectations of the KMD in the SD, but since it isn't clear if every vendor will utilize the BMD, I do not think we can lay out requirements on the document or even in the SD as to what is expected where. * Update Protection Profile/BiocPP.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Protection Profile/BiocPP.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Protection Profile/BiocPP.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Protection Profile/BiocPP.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Protection Profile/BiocPP.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Base-PP and SFR edits The changes here are to close #316 and to make all the SFRs consistent to have :: markings so they all display the same way. * BMD descriptions This is to close #325 Proposed changes for all the current SFRs that could use the BMD. * Expansion of FPT_BDP_EXT This is to close #324 I think this is a better method than #329 that uses FTP_TRP in how we have defined the environment. It adds a new FPT_BDP_EXT.1.2 which specifically calls out internal transmission of biometric data between components (i.e. the sensor and the SEE) * Update BS_SD.adoc added BMD reference in a few more places * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update SFR Direction Complete "6.2. PP_MD_V3.3 Security Functional Requirements Direction" except adding EA for modified SFR to BIOSD * Close out TODO items This is to try and close out the remaining TODO items for the MDF integrations. The rationale table was added and the other places where something that was needed I have reviewed and edited as seemed necessary (in some cases there didn't seem to be anything that needed to be changed on review so the TODO was just removed). * FPT_BDP_EXT_change I agree with FPT_BDP_EXT with the following changes. * Application note of FPT_BDP_EXT.1.1 is moved to one of FCS_CKM_EXT.4 because it's about the destruction of biometric data and I see very similar description for REK there. * Add FPT_AEX_EXT.4.3 to modified SFR because, as NIAP commented, mobile device itself have to provide the SEE. * Modify FPT_BDP_EXT based on introduction of FPT_AEX_EXT.4.3 * Changes to have less MDF changes This tries to make the application note edits more explicit by copying in the paragraph from the MDF and adding edits to it here (I don't know if that is the right way or if NIAP would prefer something else). I have removed the new FPT_AEX_EXT4.3 requirement by adjusting the app note to have more explicit notes about separate processor modes or even processors so it is clear these can be part of the description. We can suggest an SEE concept to NIAP for the revision where we are linked, but I think we should minimize drastic changes from our side for that. So I have tried to define it within. I think this should work, but maybe requires some more definition as to the expected description about what we would want to see (probably under the SD which I have added these into, but just by pointing them to the original EA). * fixed typo fixed typo pointed out by @n-kai * Update BiocPP.adoc * Update BiocPP.adoc To resolve raised issues with the PR * Update BiocPP.adoc I mistakenly approved and merged the pull request #336 without waiting for the ECD update. This is the ECD update to match the new SFR change. * editorial edits While not necessarily everything, these are editorial edits I found while reviewing the BIOSD for the strict guidance. All the ISO changes are around how it looks in the text so that everything looks like "ISO/IEC xxxxx" while still having the short codes as they were. This is more stylistic than anything else, but across the two docs to be consistent. * Edit to point to quality papers This is to add a reference to review the quality papers for how to create low quality samples, and if that is unsuccessful, to ask the vendor (instead of asking first). I have also added a reference related to vascular state of the art. This will close #339 and close #341 * New types of tests This is a start to the new artefacts test plan. This will close #342 This update changes the assumptions section in the text. Other changes still need to be updated. * Update BS_SD.adoc updated based on call * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * remove new artefacts This update removes the new artefacts and rewrites it to point to adding them separately and then you are just following the "normal" process because the new artefact is now part of the toolbox. * FPT_BDP_EXT.1 EA update This is to match FPT_BDP_EXT.1 testing requirements to match the updated SFR. This will close #340 One thing I am not certain about is how easy (or possible) scanning during the process itself is. I know that many tests using memory dumps cause the system to stop so it can write out the RAM contents to disk, so setting this up may be difficult since you couldn't readily scan memory, then do something and scan it again to check for the changes. I do think this is possible (with engineering builds), but am not certain on all platforms. The other concern is the timing. It may be difficult to get the scan during the verification step (the period for that should be small, though maybe the vendor could provide a special app to request the verification that would trigger the scan too, I don't know). Variations could be to just allow the scan to proceed after the transaction to see if anything is left after the process completes. * IAPAR update This is to close #343 One concern I have here is that I updated FIA_MBE_EXT.3.1 to match, but technically IAPAR is for verification, so I'm not sure we can use that for enrolment. I don't know what to do if we don't, since then the enrolment requirement is vague, but I also don't know if an IAPAR for verification is in any way equivalent for enrolment. I didn't make any further changes in terms of tables or such that would explain the calculations or anything differently (or more explicitly), so we may end up needing to do something along those lines, but I'm not sure. * Strict Guidance update This initial commit isn't complete but is something to get started with. * update for quality This commit completes the initial updates for the quality assessment. All the links previously to the "assessment criteria for samples" are now pointing to the quality assessment criteria report section. * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update BS_SD.adoc move the ISO into the right order (after replacing NFIQ2) * Update BS_SD.adoc * Update BS_SD.adoc * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update BS_SD.adoc edit based on @gfiumara comment * Update Supporting Documents/BS_SD.adoc I agree Thank you Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update BiocPP.adoc * Update BS_SD.adoc * iTC approval for new artefacts An update to add back iTC approval before new artefact types are allowed * IAPARE Added IAPARE to docs for enrolment. For the SD just added "/IAPARE" to the mentions of IAPAR already added since those sections would cover both. * consolidation of changes Making all the SFR edits on one line. Also added definition for developer defined quality assessment method. * remove IAPARE Remove IAPARE and return the FIA_MBE_EXT.3 requirement back to the original * Update BS_SD.adoc added conditions around testing * Fix some heading markers Errors turned up in the processing for the output that the headings were off. This just fixes them, no other changes. * fixed ditaa image labels This removes the ".png" from the ditaa labels as it was causing HTML output to be generated as file.png.png. No other changes * Update BiocPP.adoc Change to the "Attempt" definition at the beginning of the PP. * Update BS_SD.adoc * Update BS_SD.adoc * Update BS_SD.adoc * Update BS_SD.adoc * Update BS_SD.adoc * Update BS_SD.adoc * Update BS_SD.adoc * Update BS_SD.adoc * Update BS_SD.adoc * Update BS_SD.adoc * Update BS_SD.adoc * Update BS_SD.adoc * Update BS_SD.adoc * Update BS_SD.adoc * Update BS_SD.adoc * Update BS_SD.adoc * Update BS_SD.adoc * Update BS_SD.adoc * Update BiocPP.adoc * Update BiocPP.adoc * Update PP_Config.adoc * Update BS_SD.adoc I replaced PP_MD_V3.3 with PP_MD in PPM, PPCFG and BIOSD because if V3.3 will be incremented, PP_MD_V3.3 should also be updated. * Update BiocPP.adoc minor edits to some sentences * Update BS_SD.adoc Several updates to the text (usually adding "the" or similar edits). * Brian updates Some minor editorial updates on the language * Brian edits minor editorial changes for readability * Brian editorial changes minor changes to the language * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Protection Profile/BiocPP.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Protection Profile/BiocPP.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Protection Profile/BiocPP.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Protection Profile/BiocPP.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Protection Profile/BiocPP.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * clarification update based on discussion during 9/21 call * Update BS_SD.adoc * Update BS_SD.adoc * edits from Brian some edits to the text for better readability. * Change PP_MD_V33 to PP_MD * Appnote changes for FIA_MBV_EXT.3.1 Modify Application Note 15 and add Application Note 16 * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update README.adoc * inconsistent ECD I found this while looking at the ECD for something else. Just an inconsistent title * Changes for publication Summary of changes: - PP_MD -> PP_MDF (v3.2 made the change from MD to MDF) - revisions v1.0 (or 0.99) -> v1.1 for all docs - PPC-MDF -> CFG-MDF-BIO in references * verify NBAF (#381) * verify NBAF This is to answer #372 * Update BS_SD.adoc * Update BS_SD.adoc (#379) * ATE_IND update (#382) This is to close #373. * Optional PAD AVA_VAN (#383) * Optional PAD AVA_VAN This is to close #374 * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * PAD optional (#384) * PAD optional This is to close #375. * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Testing week justfication (#385) * Testing week justfication This is to close #377. * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Quality assessment update (#386) * Quality assessment update This is to close #368 and close #369. * update from call Update based on the call discussion * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * memory dump update (#380) * memory dump update To respond to #370 * Update BS_SD.adoc modification to look for template header data (which should be easier to find instead of trying to make something to dump a specific scan to external storage) and let scans occur at any time, before/during/after as possible by the lab * updates based on call This updates to remove the memory test as out of scope as it is testing the SEE boundary, and not the TOE boundary. In line 597 there is a statement (which I left) about source code review being acceptable to ensure this as an alternative to testing (which I left specifically for the TSFI test). I don't want to make this a requirement for the general boundary issue (that everything is inside the SEE), but it is something to consider. * no TSFI outputs (based on memory dump changes) (#388) * no TSFI outputs (based on memory dump changes) This is to close #371. This new PR supercedes #387 due to the number of changes that were made in #380 that coincided with the changes for this topic. * local storage update * Update BS_SD.adoc * Toolbox integration (#389) This is to close #378 This part includes the section 4.4 in the PP-Config as well as the additional reference of the Toolbox in the documents. In the SD this covers adding the toolbox to the list of supporting docs reference at the beginning (I made that into a table from the bullet list to make it a little more clear) * remove independent testing limit (#390) This is to make the SD match the updated toolbox in biometricITC/cPP-toolboxes#59 * adding IAPAR definition (#391) * adding IAPAR definition Added IAPAR definition in section 7 to respond to concerns about clarity of PAD testing. * Update BS_SD.adoc * Update Supporting Documents/BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Update BS_SD.adoc Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> * Date update This is just an update of the dates using the date of the last commit that was approved (prior to this one). * date and allowed list To match up with the PP_MDF release the following changes were made: - release dates for the docs all changed to match with the dates of the PP_MDF date (September 12, 2022) - The specific PP-Modules that are allowed was removed and replaced by a link to a new page on the website. This will prevent needing to revise the PPM every time NIAP publishes as new Module update as the website page can be done easily. - in the PP-Config (which will not be used as NIAP will create their own), I changed the reference to the PPM to MOD_BIO_V1.0 which matches the NIAP format for the names * correct titles * Update BiocPP.adoc * Update BS_SD.adoc * Update BiocPP.adoc To close #395 and close #396 Co-authored-by: Brian Wood <be.wood@samsung.com> Co-authored-by: n-kai <n-kai@ipa.go.jp> Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov> Co-authored-by: ccolin318 <56977088+ccolin318@users.noreply.github.com>
- Loading branch information
5 people
committed
Oct 4, 2022
1 parent
ad41237
commit 28923e4