Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove independent week #59

Merged
merged 1 commit into from
Jul 12, 2022
Merged

remove independent week #59

merged 1 commit into from
Jul 12, 2022

Conversation

woodbe
Copy link
Collaborator

@woodbe woodbe commented Jun 28, 2022
edited
Loading

remove one week timeline for independent testing

This is to close #53

@woodbe
remove independent week
93d3441 
remove one week timeline for independent testing
n-kai
n-kai requested changes Jul 6, 2022
View reviewed changes
Copy link
Collaborator

@n-kai n-kai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Following text in [BIOSD] should also be changed.

7.3.1.4. Conduct the penetration testing

In order to place bounds on the effort involved related to the attack potential calculations for PAD functionality, the independent and penetration testing is expected to be finished within a single week, considering the assurance level claimed by [BIOPP-Module].

woodbe added a commit to biometricITC/cPP-biometrics that referenced this pull request Jul 11, 2022
@woodbe
remove independent testing limit
3bb08de 
This is to make the SD match the updated toolbox in biometricITC/cPP-toolboxes#59
@woodbe woodbe mentioned this pull request Jul 11, 2022
Merged
@woodbe
Copy link
Collaborator Author

woodbe commented Jul 11, 2022

@n-kai I created biometricITC/cPP-biometrics#390 to address the mismatch.

@woodbe woodbe requested a review from n-kai July 11, 2022 18:17
@woodbe woodbe merged commit a4cba5f into working Jul 12, 2022
@woodbe woodbe deleted the woodbe-patch-1 branch July 12, 2022 14:08
woodbe added a commit to biometricITC/cPP-biometrics that referenced this pull request Jul 12, 2022
@woodbe
remove independent testing limit (#390)
98ec4b0 
This is to make the SD match the updated toolbox in biometricITC/cPP-toolboxes#59
woodbe added a commit to biometricITC/cPP-biometrics that referenced this pull request Aug 24, 2022
@woodbe @n-kai
@gfiumara @ccolin318
Publication update for v1.1 (#394)
ad41237 
* Update to the current master (#296)

* Updating the readme

This changed the content of the readme, moving the format to adoc (from md), and updating the info.

Also includes a folder name change (made a typo).

Added an MIT license for the content as well.

* Update MobileUseCaseV2.md

URL changes and one misspelling. No other changes.

I think this should probably be split into separate files instead of one large one.

* Delete PP_Config-OS.adoc

* Update README.adoc

* Update Docs_README.adoc

* Delete PP_Config-OS.adoc

* Sample quality TD

Proposed changes for the TD to add the sample quality research paper and an explicit reference for the validator to point to this as a reference.

* Update BS_SD.adoc

Date updates

* Found "enroll"

The language for the PP-Module has used "enrol" but the definitions list has "Failure-to-Enroll". Given the standard usage of one "l", this should be edited.

This can wait until the next update and does not need to be made into an interpretation, but should be fixed in the next major release.

* Updating the readme

This changed the content of the readme, moving the format to adoc (from md), and updating the info.

Also includes a folder name change (made a typo).

Added an MIT license for the content as well.

* scope specification

This is to close #301

* removing assumptions

This is to close #303. Both the assumptions and the objectives are removed.

* updated text

updated based on @gfiumara comment

* completing the removal of assumptions

completing the removal of assumptions as specified by @n-kai and the NIAP comments (missed the table previously)

* Update BiocPP.adoc

* Update PP_Config.adoc

* Update BS_SD.adoc

* Revert "Update BiocPP.adoc"

This reverts commit a03b6bd.

* Revert "Update PP_Config.adoc"

This reverts commit 2c09b39.

* Revert "Update BS_SD.adoc"

This reverts commit 7f2b79c.

* Revert "Revert "Update PP_Config.adoc""

This reverts commit 9c6a884.

* Revert "Revert "Revert "Update PP_Config.adoc"""

This reverts commit 1da95b9.

* Consistency and Rationale edit

This is for @n-kai to show these commits directly.

This is based on the assumptions branch, but specifically moves his commits into a new branch (there is a little bit of a mess in the assumptions branch as I pulled them over).

This is to close #302 at this time.

There are changes here for #300 as well.

* Update BiocPP.adoc

* Grammar.

* Remove normative language from application notes.

* protect -> protects

changed "protect" to "protects" in phrases where "shall" had been removed.

* Remove application note

Per discussion:
#315 (comment)

* second application note removal

removed other application note

* FPT_BDP_EXT updates

This closes #308 and closes #309.

This removes FPT_BDP_EXT.2/3 and replaces them with FPT_KST_EXT.1/2 from the MDF with modifications to add biometric data.

Secure Execution Environment -> Separate Execution Environment. This is from the MDF in sections FCS_CKM_EXT.1 & FCS_CKM_EXT.4, as a method of separation from the OS.

FPT_BDP_EXT.1 is changed to mirror FCS_CKM_EXT.1.2 in specifying some sort of hardware isolation (basically the SEE of some sort), and removed descriptions related to encryption for the EA.

* further updates

edited references to MDF and also removed the Acknowledgements from the numbered list in the TOC for the PPM.

* Quality metric update

This is to close #314

This is a modification from the MDF v3.2 requirement to make it explicit that a vendor can choose their own metric (with a description to be specified) or an independent one (such as NFIQ, though I haven't added a reference for it, and I'm not sure if we should in the app note or not).

I added some bullets in the SD to note this as well.

* verification added

The same issues from enrollment apply to verification, so I modified the requirement to match.

* FIA_MBV_EXT.1.1 remove assignment

This is to close #305.

This removes the assignment that we had allowed originally. The original thinking was that to use the assignment the vendor would have had to provide PAD and everything else, it wouldn't just be allowed, but NIAP prefers more explicit control (which is fine).

What I would expect as the proper course for this would be the vendor asks to add a new modality, and once everything has been submitted and approved, a TD would be issued to add the new modality to the list. This ensures that only approved modalities are allowed, and they must be approved before.

I alphabetized the list so there isn't any particular preference among the modalities.

I removed Voice because we don't have a toolbox for it at this time.

The other issue about the app note is already resolved by #315.

* Revert "FIA_MBV_EXT.1.1 remove assignment"

This reverts commit c6da430.

* FIA_MBV_EXT.1.1 remove assignment

This is to close #305.

This removes the assignment that we had allowed originally. The original thinking was that to use the assignment the vendor would have had to provide PAD and everything else, it wouldn't just be allowed, but NIAP prefers more explicit control (which is fine).

What I would expect as the proper course for this would be the vendor asks to add a new modality, and once everything has been submitted and approved, a TD would be issued to add the new modality to the list. This ensures that only approved modalities are allowed, and they must be approved before.

I alphabetized the list so there isn't any particular preference among the modalities.

I removed Voice because we don't have a toolbox for it at this time.

The other issue about the app note is already resolved by #315.

* fixed ECD

fixed the ECD change to match

* remove the app note

This is to close #307.

The other app notes mentioned are already removed due to other changes. It isn't clear that we actually need this app note though. While clearly it depends on the base PP, I don't know that it needs a note about consistency that doesn't actually provide information about the SFR itself.

* conformance updates

This is to close #300.

This adds the base PP and allowed PPC modules (it isn't clear if MDF sub-modules need to be added like Wi-Fi or the TLS package, but I don't think so since those would be specified as part of the base PP).

* Update BiocPP.adoc

update based on comments from @gfiumara

* Added BMD

Added biometrics management description based on the FE PP 1.0 from NIAP.

This is optional for the developer and so does not have the same expectations as the FE PP does in terms of the content.

This is to close #323.

The FE PP defines the expectations of the KMD in the SD, but since it isn't clear if every vendor will utilize the BMD, I do not think we can lay out requirements on the document or even in the SD as to what is expected where.

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Base-PP and SFR edits

The changes here are to close #316 and to make all the SFRs consistent to have :: markings so they all display the same way.

* BMD descriptions

This is to close #325

Proposed changes for all the current SFRs that could use the BMD.

* Expansion of FPT_BDP_EXT

This is to close #324

I think this is a better method than #329 that uses FTP_TRP in how we have defined the environment. It adds a new FPT_BDP_EXT.1.2 which specifically calls out internal transmission of biometric data between components (i.e. the sensor and the SEE)

* Update BS_SD.adoc

added BMD reference in a few more places

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update SFR Direction

Complete "6.2. PP_MD_V3.3 Security Functional Requirements Direction" except adding EA for modified SFR to BIOSD

* Close out TODO items

This is to try and close out the remaining TODO items for the MDF integrations.

The rationale table was added and the other places where something that was needed I have reviewed and edited as seemed necessary (in some cases there didn't seem to be anything that needed to be changed on review so the TODO was just removed).

* FPT_BDP_EXT_change

I agree with FPT_BDP_EXT with the following changes.

* Application note of FPT_BDP_EXT.1.1 is moved to one of FCS_CKM_EXT.4 because it's about the destruction of biometric data and I see very similar description for REK there.

* Add FPT_AEX_EXT.4.3 to modified SFR because, as NIAP commented, mobile device itself have to provide the SEE.

* Modify FPT_BDP_EXT based on introduction of FPT_AEX_EXT.4.3

* Changes to have less MDF changes

This tries to make the application note edits more explicit by copying in the paragraph from the MDF and adding edits to it here (I don't know if that is the right way or if NIAP would prefer something else).

I have removed the new FPT_AEX_EXT4.3 requirement by adjusting the app note to have more explicit notes about separate processor modes or even processors so it is clear these can be part of the description. We can suggest an SEE concept to NIAP for the revision where we are linked, but I think we should minimize drastic changes from our side for that. So I have tried to define it within. I think this should work, but maybe requires some more definition as to the expected description about what we would want to see (probably under the SD which I have added these into, but just by pointing them to the original EA).

* fixed typo

fixed typo pointed out by @n-kai

* Update BiocPP.adoc

* Update BiocPP.adoc

To resolve raised issues with the PR

* Update BiocPP.adoc

I mistakenly approved and merged the pull request #336 without waiting for the ECD update. This is the ECD update to match the new SFR change.

* editorial edits

While not necessarily everything, these are editorial edits I found while reviewing the BIOSD for the strict guidance.

All the ISO changes are around how it looks in the text so that everything looks like "ISO/IEC xxxxx" while still having the short codes as they were. This is more stylistic than anything else, but across the two docs to be consistent.

* Edit to point to quality papers

This is to add a reference to review the quality papers for how to create low quality samples, and if that is unsuccessful, to ask the vendor (instead of asking first).

I have also added a reference related to vascular state of the art.

This will close #339 and close #341

* New types of tests

This is a start to the new artefacts test plan.

This will close #342

This update changes the assumptions section in the text. Other changes still need to be updated.

* Update BS_SD.adoc

updated based on call

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* remove new artefacts

This update removes the new artefacts and rewrites it to point to adding them separately and then you are just following the "normal" process because the new artefact is now part of the toolbox.

* FPT_BDP_EXT.1 EA update

This is to match FPT_BDP_EXT.1 testing requirements to match the updated SFR.

This will close #340

One thing I am not certain about is how easy (or possible) scanning during the process itself is. I know that many tests using memory dumps cause the system to stop so it can write out the RAM contents to disk, so setting this up may be difficult since you couldn't readily scan memory, then do something and scan it again to check for the changes. I do think this is possible (with engineering builds), but am not certain on all platforms.

The other concern is the timing. It may be difficult to get the scan during the verification step (the period for that should be small, though maybe the vendor could provide a special app to request the verification that would trigger the scan too, I don't know).

Variations could be to just allow the scan to proceed after the transaction to see if anything is left after the process completes.

* IAPAR update

This is to close #343

One concern I have here is that I updated FIA_MBE_EXT.3.1 to match, but technically IAPAR is for verification, so I'm not sure we can use that for enrolment. I don't know what to do if we don't, since then the enrolment requirement is vague, but I also don't know if an IAPAR for verification is in any way equivalent for enrolment.

I didn't make any further changes in terms of tables or such that would explain the calculations or anything differently (or more explicitly), so we may end up needing to do something along those lines, but I'm not sure.

* Strict Guidance update

This initial commit isn't complete but is something to get started with.

* update for quality

This commit completes the initial updates for the quality assessment. All the links previously to the "assessment criteria for samples" are now pointing to the quality assessment criteria report section.

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update BS_SD.adoc

move the ISO into the right order (after replacing NFIQ2)

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update BS_SD.adoc

edit based on @gfiumara comment

* Update Supporting Documents/BS_SD.adoc

I agree Thank you

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update BiocPP.adoc

* Update BS_SD.adoc

* iTC approval for new artefacts

An update to add back iTC approval before new artefact types are allowed

* IAPARE

Added IAPARE to docs for enrolment. For the SD just added "/IAPARE" to the mentions of IAPAR already added since those sections would cover both.

* consolidation of changes

Making all the SFR edits on one line. Also added definition for developer defined quality assessment method.

* remove IAPARE

Remove IAPARE and return the FIA_MBE_EXT.3 requirement back to the original

* Update BS_SD.adoc

added conditions around testing

* Fix some heading markers

Errors turned up in the processing for the output that the headings were off. This just fixes them, no other changes.

* fixed ditaa image labels

This removes the ".png" from the ditaa labels as it was causing HTML output to be generated as file.png.png.

No other changes

* Update BiocPP.adoc

Change to the "Attempt" definition at the beginning of the PP.

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BiocPP.adoc

* Update BiocPP.adoc

* Update PP_Config.adoc

* Update BS_SD.adoc

I replaced PP_MD_V3.3 with PP_MD in PPM, PPCFG and BIOSD because if V3.3 will be incremented, PP_MD_V3.3 should also be updated.

* Update BiocPP.adoc

minor edits to some sentences

* Update BS_SD.adoc

Several updates to the text (usually adding "the" or similar edits).

* Brian updates

Some minor editorial updates on the language

* Brian edits

minor editorial changes for readability

* Brian editorial changes

minor changes to the language

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* clarification

update based on discussion during 9/21 call

* Update BS_SD.adoc

* Update BS_SD.adoc

* edits from Brian

some edits to the text for better readability.

* Change PP_MD_V33 to PP_MD

* Appnote changes for FIA_MBV_EXT.3.1

Modify Application Note 15 and add Application Note 16

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update README.adoc

* inconsistent ECD

I found this while looking at the ECD for something else. Just an inconsistent title

* Changes for publication

Summary of changes:

- PP_MD -> PP_MDF (v3.2 made the change from MD to MDF)
- revisions v1.0 (or 0.99) -> v1.1 for all docs
- PPC-MDF -> CFG-MDF-BIO in references

* verify NBAF (#381)

* verify NBAF

This is to answer #372

* Update BS_SD.adoc

* Update BS_SD.adoc (#379)

* ATE_IND update (#382)

This is to close #373.

* Optional PAD AVA_VAN (#383)

* Optional PAD AVA_VAN

This is to close #374

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* PAD optional (#384)

* PAD optional

This is to close #375.

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Testing week justfication (#385)

* Testing week justfication

This is to close #377.

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Quality assessment update (#386)

* Quality assessment update

This is to close #368 and close #369.

* update from call

Update based on the call discussion

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* memory dump update (#380)

* memory dump update

To respond to #370

* Update BS_SD.adoc

modification to look for template header data (which should be easier to find instead of trying to make something to dump a specific scan to external storage) and let scans occur at any time, before/during/after as possible by the lab

* updates based on call

This updates to remove the memory test as out of scope as it is testing the SEE boundary, and not the TOE boundary.

In line 597 there is a statement (which I left) about source code review being acceptable to ensure this as an alternative to testing (which I left specifically for the TSFI test). I don't want to make this a requirement for the general boundary issue (that everything is inside the SEE), but it is something to consider.

* no TSFI outputs (based on memory dump changes) (#388)

* no TSFI outputs (based on memory dump changes)

This is to close #371.

This new PR supercedes #387 due to the number of changes that were made in #380 that coincided with the changes for this topic.

* local storage update

* Update BS_SD.adoc

* Toolbox integration (#389)

This is to close #378

This part includes the section 4.4 in the PP-Config as well as the additional reference of the Toolbox in the documents.

In the SD this covers adding the toolbox to the list of supporting docs reference at the beginning (I made that into a table from the bullet list to make it a little more clear)

* remove independent testing limit (#390)

This is to make the SD match the updated toolbox in biometricITC/cPP-toolboxes#59

* adding IAPAR definition (#391)

* adding IAPAR definition

Added IAPAR definition in section 7 to respond to concerns about clarity of PAD testing.

* Update BS_SD.adoc

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Date update

This is just an update of the dates using the date of the last commit that was approved (prior to this one).

* date and allowed list

To match up with the PP_MDF release the following changes were made:

- release dates for the docs all changed to match with the dates of the PP_MDF date (September 12, 2022)
- The specific PP-Modules that are allowed was removed and replaced by a link to a new page on the website. This will prevent needing to revise the PPM every time NIAP publishes as new Module update as the website page can be done easily.
- in the PP-Config (which will not be used as NIAP will create their own), I changed the reference to the PPM to MOD_BIO_V1.0 which matches the NIAP format for the names

* correct titles

* Update BiocPP.adoc

* Update BS_SD.adoc

Co-authored-by: Brian Wood <be.wood@samsung.com>
Co-authored-by: n-kai <n-kai@ipa.go.jp>
Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>
Co-authored-by: ccolin318 <56977088+ccolin318@users.noreply.github.com>
woodbe added a commit that referenced this pull request Aug 24, 2022
@woodbe @n-kai
@nils-tekampe @The-Fiona @ccolin318 @gfiumara
v1.1 Publication update (#62)
882229d 
* two editorial fixes (#40)

* Added contribution from other repo

* working

* working

* working

* Update toolbox.adoc

Updated text, added specific number of PAIs to be created in the test (as opposed to having this in individual toolbox tests for consistency)

* Update toolbox.adoc

Editorial corrections

* Update toolbox.adoc

Updated the pass/fail criteria based on @The-Fiona comments

* Updates to Eye Toolbox

Added new test list (with sensor applicability).

Modified test sets to add number of species types to be produced (including all variants).

Removed "Other" section as this is now in main toolbox overview.

* added to toolbox.adoc

* Migrated vein to adoc

Created attack subfolder, moved all attacks there. Renamed "general.md" to "vein_PADtesting.adoc"

No content changes (other than changing Variations to "None")

* migrated face to adoc

Moved from TXT files to adoc format, not content change.

Moved files into attacks folder to fit with eye (and PR for vein)

* migrated remaining tests to adoc

I migrated the remaining docs to adoc. I copied the attack potential table to all the tests (without changes except in tests 5 becasue those are largely blank so I put in "?"). I moved the remaining files to make it follow the other toolbox updates.

I moved the inventory document to adoc as well.

* IND to FUN

Edited ATE_IND.1 to ATE_FUN.1

* Update toolbox.adoc

undo the ATE_IND to ATE_FUN back to ATE_IND

* remove TODO line

Remove the TODO line based on discussion on 5/16 to leave it as transactions for vendor flexibility

* Single subject update

Based on the 5/30 call this proposed change is to specify the number of subjects to be used in the creation of PAI.

* changed date

changed date

* fixed internal reference link

Similar problem with reference links as in PP-Module

* Clarification about AVA_VAN

Based on comments from Mary Baisch, this update attempts to clarify that that toolbox is not intended for AVA_VAN but can be used as the basis for those tests with modifications that the evaluator may decide to make.

Also found a misspelling, and added the :icons: font in the header (though I removed the section that specifically needed it).

* Revert "Clarification about AVA_VAN"

This reverts commit 05e5e51.

* Initial update for PR1

Based on comments by Mary Baisch this is intended to further clarify how the toolbox could be used as a basis for the creation of AVA_VAN tests while not being written for that purpose.

Also fixed a misspelling and added :icons: font line to the header.

* Toolbox Template Example

This is in response to #18 about related to having a standardized template for a toolbox.

There are 4 files in the main folder (here BIO is used to mark the modality, so this should be EYE, FACE, FINGER, etc):

PAD Testing - the description of anything specific to this modality that needs to be documented (in addition to the toolbox overview) along with an introduction to the toolbox.

List - a table list of all the tests and any applicability notes (like these are only relevant with certain types of sensors or other considerations)

Inventory - a list of the inventory that is used in the test, things like paper, printers, camera, the things used to make the PAI

References - external references for any of the attacks (a master list)

Within the main folder there would then be subfoldlers marked with XX_<attack category>_attacks. The XX would be numbering for increasing difficulty (i.e. the lowest level PAI, simplest to create would be 01, the most difficult test would be the top number). The <attack category> would be some sort of title that would provide some clarity as to what the tests will be used as a source for the PAI.

Within each folder then, you would have the files names XX_YY_attack where the XX matches the folder number and YY is the test number.

The List table should match out all the numbers. While I don't have it in here, there is a (Vx) listing for some of the tests, this is when there is a number of variants for the specific test available (so a test with a V1 and V2 would have 2 variants in addition to the "base" test). This could be handled in another way though.

This used the eye tests to fill out the template, but I didn't modify any of the files.

* Revert "Toolbox Template Example"

This reverts commit 8a48e39.

* Revert "Revert "Toolbox Template Example""

This reverts commit aba98fa.

* Revert "Revert "Revert "Toolbox Template Example"""

This reverts commit 6e2d608.

* Revert "Revert "Revert "Revert "Toolbox Template Example""""

This reverts commit 448dbb8.

* Revert "Revert "Revert "Revert "Revert "Toolbox Template Example"""""

This reverts commit 645dcfa.

* Toolbox Template Example

This is in response to #18 about related to having a standardized template for a toolbox.

There are 4 files in the main folder (here BIO is used to mark the modality, so this should be EYE, FACE, FINGER, etc):

PAD Testing - the description of anything specific to this modality that needs to be documented (in addition to the toolbox overview) along with an introduction to the toolbox.

List - a table list of all the tests and any applicability notes (like these are only relevant with certain types of sensors or other considerations)

Inventory - a list of the inventory that is used in the test, things like paper, printers, camera, the things used to make the PAI

References - external references for any of the attacks (a master list)

Within the main folder there would then be subfoldlers marked with XX_<attack category>_attacks. The XX would be numbering for increasing difficulty (i.e. the lowest level PAI, simplest to create would be 01, the most difficult test would be the top number). The <attack category> would be some sort of title that would provide some clarity as to what the tests will be used as a source for the PAI.

Within each folder then, you would have the files names XX_YY_attack where the XX matches the folder number and YY is the test number.

The List table should match out all the numbers. While I don't have it in here, there is a (Vx) listing for some of the tests, this is when there is a number of variants for the specific test available (so a test with a V1 and V2 would have 2 variants in addition to the "base" test). This could be handled in another way though.

This used the eye tests to fill out the template, but I didn't modify any of the files.

* update to 3 subjects

Update to three subjects as noted in #17

* Updated to match new toolbox template

This is an update to match the new toolbox template. No changes were made to the attacks themselves. Previous attack set 01 has been removed as the scan and reprint tests have been removed from Face as well.

* Eye Attack Potential update

Added Attack Potential tables for each attack and each species type for each attack. All calculations show under the 13 limit.

* Update for clarification

This is to close #22 as agreed on the 12/5 call.

* Test procedure update

This is to close #23 related to clarifying the overall testing description.

The table was also updated to follow a more "standard" format.

The PP name was updated to match the current.

* first commit

* Update toolbox.adoc

* Update toolbox.adoc

* Update toolbox.adoc

* Update toolbox.adoc

* Brian toolbox edits

My suggested edits to the changes.

I have edited some text (moved a few things around), did some grammar checking, and edited the tables.

* editorial update by Kai

I updated the overview to fix some inconsistency or mistakes

* research paper authority

One line update to strengthen the use of research papers

* 1st commit

* 2nd commit

* 3rd commit

* 1st commit

* Update and rename 2D-face_attack_1-2.adoc to 2D-face_attack_1_1.adoc

* Update 2D_Face_Toolbox_overview.adoc

* Update 2D-face_attack_1_1.adoc

* Update 2D_Face_Toolbox_Tool_Inventory.adoc

* Update and rename references.adoc to 2D_Face_Toolbox_References.adoc

* Update 2D-face_attack_1_1.adoc

* Update and rename 2D-face_attack_1-3.adoc to 2D-face_attack_1_2.adoc

* Update 2D-face_attack_1_2.adoc

* Update 2D-face_attack_1_1.adoc

* Update and rename 2D-face_attack_2-1.adoc to 2D-face_attack_1_3.adoc

* Update 2D-face_attack_1_1.adoc

* Update 2D-face_attack_1_2.adoc

* Update 2D-face_attack_1_1.adoc

* Update 2D-face_attack_1_2.adoc

* Update 2D-face_attack_1_2.adoc

* Update 2D-face_attack_1_3.adoc

* Update and rename 2D-face_attack_2-2.adoc to 2D-face_attack_2-1.adoc

* Delete attack_1-1.adoc

* Update and rename 2D-face_attack_2-3.adoc to 2D-face_attack_2-2.adoc

* Update and rename 2D-face_attack_2-4.adoc to 2D-face_attack_2-3.adoc

* Delete 2D-face_attack_3-1.adoc

* Delete 2D-face_attack_3-2.adoc

* Delete 2D-face_attack_3-3.adoc

* Delete 2D-face_attack_4-1.adoc

* Delete 2D-face_attack_4-2.adoc

* Delete 2D-face_attack_5-1.adoc

* Delete 2D-face_attack_5-2.adoc

* Update 2D_Face_Toolbox_overview.adoc

* Update 2D_Face_Toolbox_Tool_Inventory.adoc

* Update 2D_Face_Toolbox_Tool_Inventory.adoc

* Rename 2D-face_attack_2-1.adoc to 2D-face_attack_2_1.adoc

* Rename 2D-face_attack_2-2.adoc to 2D-face_attack_2_2.adoc

* Rename 2D-face_attack_2-3.adoc to 2D-face_attack_2_3.adoc

* Create 2D_Face_Verification_List.adoc

* Updated based on NK comments

* Update 2D-face_attack_1_3.adoc

* Update 2D-face_attack_1_1.adoc

* Update 2D-face_attack_1_2.adoc

* Update 2D_Face_Verification_List.adoc

* Delete 2D-face_attack_2_1.adoc

* Delete 2D-face_attack_2_2.adoc

* Delete 2D-face_attack_2_3.adoc

* Update toolbox.adoc

* Update toolbox.adoc

* Update toolbox overview

Change the text as suggested by @woodbe in  #32

* Update 2D-face_attack_1_1.adoc

* Update 2D-face_attack_1_2.adoc

* Update 2D-face_attack_1_3.adoc

* editorial fixes

* 3D face toolbox overview

* move file

* Delete 3D_Face_Toolbox_overview.adoc

* editorial fixes

* Update 3D_Face_Toolbox_overview.adoc

* final update

* editorial update

* editorial update

* Update 2D-face_attack_1_1.adoc

* editorial update

* Create 3D-face_attack_1_1.adoc

* Update 2D_Face_Toolbox_Tool_Inventory.adoc

* Create 3D_Face_Toolbox_Tool_Inventory.adoc

* Create 3D-face_attack_3.adoc

* Create 3D_Face_Verification_List.adoc

* Create 3D_Face_Toolbox_References.adoc

* Updates from Brian

I made several updates here. Most focused on language in the reading to be a little clearer. Some table adjustments were also made to present the tables a little better.

* Update 3D_Face_Toolbox_Tool_Inventory.adoc

* Editorial update for proposed release

This is editorial related to the biometricITC/cPP-biometrics#266 to try to polish the Toolbox for release at the same time.

I added a revision history and changed SD to BIOSD. I also edited the title to match with the rest of the docs.

* Update toolbox.adoc

update based on @n-kai comment to move this to the Toolbox from the SD.

* Removal of old toolboxes

Current face and eye toolboxes have been moved to their own repositories, so these are being deleted.

* Removal of old files

These files are being removed as out of date

* Deleting template for toolbox

This template is now out of date. A new one may need to be created, but probably not right now.

* Update toolbox.adoc

Updates based on MITRE's review.

* Updates for public release

These are focused on updating the dates and versions for all the documents in preparation of public release on May 11, 2020.

* Update toolbox.adoc

Added doctype for proper formatting of PDF output

* Move of vein to own repository

moved all vein to separate repository

* two editorial fixes

Fix the errors in table

Co-authored-by: nils <nt@konfidas.de>
Co-authored-by: Brian Wood <be.wood@samsung.com>
Co-authored-by: The-Fiona <37903201+The-Fiona@users.noreply.github.com>
Co-authored-by: ccolin318 <56977088+ccolin318@users.noreply.github.com>

* Update toolbox.adoc (#42)

* Update toolbox.adoc (#44)

* update pass fail criteria and editorial fixes (#47)

* update pass fail criteria and editorial fixes

* Update toolbox.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update toolbox.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update toolbox.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

Co-authored-by: Brian Wood <woodbe@google.com>
Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Changes for publication

Summary of changes:

- version number to v1.1
- date changes

* Revert "Changes for publication"

This reverts commit e7730db.

* Changes for publication

Summary of changes:

- version number to v1.1
- date changes

* Adding the modality versioning (#55)

This is to close #biometricITC/cPP-biometrics/378

This adds the documentation in the Toolbox Overview about how to find the toolboxes, how they are versioned, and how to reference them in the conformance claims

* all artefacts (#56)

This adjusts the definition of what needs to be produced to specifically note that the verification list defines which artefacts need to be tested with specific types of sensors.

* Test evidence (#57)

* Test evidence

Adding a section about the visual recording of data since it is not necessary to record (via photos or video) the production and use of each individual artefact.

This is to close #52

* Update toolbox.adoc

This incorporates the new text from @n-kai as well as moving it from section 8 to 5.1.2 as suggested by @gfiumara

* audio updates

added some text for audio. While not part of the current toolboxes, this would lessen the need (and maybe prevent) an update if audio is added as a modality.

* updates for significant steps

updates to resolve points raised in 6/28 call

* remove independent week (#59)

remove one week timeline for independent testing

* lifespan (#58)

* lifespan

Added some text about the lifespan of artefacts, mainly to state that they can be stored according to manufacturer's recommendations to be re-used, but that this must be documented.

This is to close #54

* Update toolbox.adoc

to address comments about ensuring a stored artefact is still acceptable

* Update toolbox.adoc

* update for IAPAR

This adds a reference for IAPAR to the intro

* update for stored artefact check

To resolve stored vs fresh artefact checking.

* Update toolbox.adoc (#60)

* Update toolbox.adoc

* Update toolbox.adoc

Additional updates to the language

* Update toolbox.adoc

Co-authored-by: Brian Wood <woodbe@google.com>

Co-authored-by: n-kai <n-kai@ipa.go.jp>

* Date update

This is just a date update to match the last commit dates

* date change (#61)

This is updating the doc dates to match up with the PP_MDF release date.

Co-authored-by: n-kai <n-kai@ipa.go.jp>
Co-authored-by: nils <nt@konfidas.de>
Co-authored-by: Brian Wood <be.wood@samsung.com>
Co-authored-by: The-Fiona <37903201+The-Fiona@users.noreply.github.com>
Co-authored-by: ccolin318 <56977088+ccolin318@users.noreply.github.com>
Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>
woodbe added a commit to biometricITC/cPP-biometrics that referenced this pull request Oct 4, 2022
@woodbe @n-kai
@gfiumara @ccolin318
Quick scope update before use (#397)
28923e4 
* Update to the current master (#296)

* Updating the readme

This changed the content of the readme, moving the format to adoc (from md), and updating the info.

Also includes a folder name change (made a typo).

Added an MIT license for the content as well.

* Update MobileUseCaseV2.md

URL changes and one misspelling. No other changes.

I think this should probably be split into separate files instead of one large one.

* Delete PP_Config-OS.adoc

* Update README.adoc

* Update Docs_README.adoc

* Delete PP_Config-OS.adoc

* Sample quality TD

Proposed changes for the TD to add the sample quality research paper and an explicit reference for the validator to point to this as a reference.

* Update BS_SD.adoc

Date updates

* Found "enroll"

The language for the PP-Module has used "enrol" but the definitions list has "Failure-to-Enroll". Given the standard usage of one "l", this should be edited.

This can wait until the next update and does not need to be made into an interpretation, but should be fixed in the next major release.

* Updating the readme

This changed the content of the readme, moving the format to adoc (from md), and updating the info.

Also includes a folder name change (made a typo).

Added an MIT license for the content as well.

* scope specification

This is to close #301

* removing assumptions

This is to close #303. Both the assumptions and the objectives are removed.

* updated text

updated based on @gfiumara comment

* completing the removal of assumptions

completing the removal of assumptions as specified by @n-kai and the NIAP comments (missed the table previously)

* Update BiocPP.adoc

* Update PP_Config.adoc

* Update BS_SD.adoc

* Revert "Update BiocPP.adoc"

This reverts commit a03b6bd.

* Revert "Update PP_Config.adoc"

This reverts commit 2c09b39.

* Revert "Update BS_SD.adoc"

This reverts commit 7f2b79c.

* Revert "Revert "Update PP_Config.adoc""

This reverts commit 9c6a884.

* Revert "Revert "Revert "Update PP_Config.adoc"""

This reverts commit 1da95b9.

* Consistency and Rationale edit

This is for @n-kai to show these commits directly.

This is based on the assumptions branch, but specifically moves his commits into a new branch (there is a little bit of a mess in the assumptions branch as I pulled them over).

This is to close #302 at this time.

There are changes here for #300 as well.

* Update BiocPP.adoc

* Grammar.

* Remove normative language from application notes.

* protect -> protects

changed "protect" to "protects" in phrases where "shall" had been removed.

* Remove application note

Per discussion:
#315 (comment)

* second application note removal

removed other application note

* FPT_BDP_EXT updates

This closes #308 and closes #309.

This removes FPT_BDP_EXT.2/3 and replaces them with FPT_KST_EXT.1/2 from the MDF with modifications to add biometric data.

Secure Execution Environment -> Separate Execution Environment. This is from the MDF in sections FCS_CKM_EXT.1 & FCS_CKM_EXT.4, as a method of separation from the OS.

FPT_BDP_EXT.1 is changed to mirror FCS_CKM_EXT.1.2 in specifying some sort of hardware isolation (basically the SEE of some sort), and removed descriptions related to encryption for the EA.

* further updates

edited references to MDF and also removed the Acknowledgements from the numbered list in the TOC for the PPM.

* Quality metric update

This is to close #314

This is a modification from the MDF v3.2 requirement to make it explicit that a vendor can choose their own metric (with a description to be specified) or an independent one (such as NFIQ, though I haven't added a reference for it, and I'm not sure if we should in the app note or not).

I added some bullets in the SD to note this as well.

* verification added

The same issues from enrollment apply to verification, so I modified the requirement to match.

* FIA_MBV_EXT.1.1 remove assignment

This is to close #305.

This removes the assignment that we had allowed originally. The original thinking was that to use the assignment the vendor would have had to provide PAD and everything else, it wouldn't just be allowed, but NIAP prefers more explicit control (which is fine).

What I would expect as the proper course for this would be the vendor asks to add a new modality, and once everything has been submitted and approved, a TD would be issued to add the new modality to the list. This ensures that only approved modalities are allowed, and they must be approved before.

I alphabetized the list so there isn't any particular preference among the modalities.

I removed Voice because we don't have a toolbox for it at this time.

The other issue about the app note is already resolved by #315.

* Revert "FIA_MBV_EXT.1.1 remove assignment"

This reverts commit c6da430.

* FIA_MBV_EXT.1.1 remove assignment

This is to close #305.

This removes the assignment that we had allowed originally. The original thinking was that to use the assignment the vendor would have had to provide PAD and everything else, it wouldn't just be allowed, but NIAP prefers more explicit control (which is fine).

What I would expect as the proper course for this would be the vendor asks to add a new modality, and once everything has been submitted and approved, a TD would be issued to add the new modality to the list. This ensures that only approved modalities are allowed, and they must be approved before.

I alphabetized the list so there isn't any particular preference among the modalities.

I removed Voice because we don't have a toolbox for it at this time.

The other issue about the app note is already resolved by #315.

* fixed ECD

fixed the ECD change to match

* remove the app note

This is to close #307.

The other app notes mentioned are already removed due to other changes. It isn't clear that we actually need this app note though. While clearly it depends on the base PP, I don't know that it needs a note about consistency that doesn't actually provide information about the SFR itself.

* conformance updates

This is to close #300.

This adds the base PP and allowed PPC modules (it isn't clear if MDF sub-modules need to be added like Wi-Fi or the TLS package, but I don't think so since those would be specified as part of the base PP).

* Update BiocPP.adoc

update based on comments from @gfiumara

* Added BMD

Added biometrics management description based on the FE PP 1.0 from NIAP.

This is optional for the developer and so does not have the same expectations as the FE PP does in terms of the content.

This is to close #323.

The FE PP defines the expectations of the KMD in the SD, but since it isn't clear if every vendor will utilize the BMD, I do not think we can lay out requirements on the document or even in the SD as to what is expected where.

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Base-PP and SFR edits

The changes here are to close #316 and to make all the SFRs consistent to have :: markings so they all display the same way.

* BMD descriptions

This is to close #325

Proposed changes for all the current SFRs that could use the BMD.

* Expansion of FPT_BDP_EXT

This is to close #324

I think this is a better method than #329 that uses FTP_TRP in how we have defined the environment. It adds a new FPT_BDP_EXT.1.2 which specifically calls out internal transmission of biometric data between components (i.e. the sensor and the SEE)

* Update BS_SD.adoc

added BMD reference in a few more places

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update SFR Direction

Complete "6.2. PP_MD_V3.3 Security Functional Requirements Direction" except adding EA for modified SFR to BIOSD

* Close out TODO items

This is to try and close out the remaining TODO items for the MDF integrations.

The rationale table was added and the other places where something that was needed I have reviewed and edited as seemed necessary (in some cases there didn't seem to be anything that needed to be changed on review so the TODO was just removed).

* FPT_BDP_EXT_change

I agree with FPT_BDP_EXT with the following changes.

* Application note of FPT_BDP_EXT.1.1 is moved to one of FCS_CKM_EXT.4 because it's about the destruction of biometric data and I see very similar description for REK there.

* Add FPT_AEX_EXT.4.3 to modified SFR because, as NIAP commented, mobile device itself have to provide the SEE.

* Modify FPT_BDP_EXT based on introduction of FPT_AEX_EXT.4.3

* Changes to have less MDF changes

This tries to make the application note edits more explicit by copying in the paragraph from the MDF and adding edits to it here (I don't know if that is the right way or if NIAP would prefer something else).

I have removed the new FPT_AEX_EXT4.3 requirement by adjusting the app note to have more explicit notes about separate processor modes or even processors so it is clear these can be part of the description. We can suggest an SEE concept to NIAP for the revision where we are linked, but I think we should minimize drastic changes from our side for that. So I have tried to define it within. I think this should work, but maybe requires some more definition as to the expected description about what we would want to see (probably under the SD which I have added these into, but just by pointing them to the original EA).

* fixed typo

fixed typo pointed out by @n-kai

* Update BiocPP.adoc

* Update BiocPP.adoc

To resolve raised issues with the PR

* Update BiocPP.adoc

I mistakenly approved and merged the pull request #336 without waiting for the ECD update. This is the ECD update to match the new SFR change.

* editorial edits

While not necessarily everything, these are editorial edits I found while reviewing the BIOSD for the strict guidance.

All the ISO changes are around how it looks in the text so that everything looks like "ISO/IEC xxxxx" while still having the short codes as they were. This is more stylistic than anything else, but across the two docs to be consistent.

* Edit to point to quality papers

This is to add a reference to review the quality papers for how to create low quality samples, and if that is unsuccessful, to ask the vendor (instead of asking first).

I have also added a reference related to vascular state of the art.

This will close #339 and close #341

* New types of tests

This is a start to the new artefacts test plan.

This will close #342

This update changes the assumptions section in the text. Other changes still need to be updated.

* Update BS_SD.adoc

updated based on call

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* remove new artefacts

This update removes the new artefacts and rewrites it to point to adding them separately and then you are just following the "normal" process because the new artefact is now part of the toolbox.

* FPT_BDP_EXT.1 EA update

This is to match FPT_BDP_EXT.1 testing requirements to match the updated SFR.

This will close #340

One thing I am not certain about is how easy (or possible) scanning during the process itself is. I know that many tests using memory dumps cause the system to stop so it can write out the RAM contents to disk, so setting this up may be difficult since you couldn't readily scan memory, then do something and scan it again to check for the changes. I do think this is possible (with engineering builds), but am not certain on all platforms.

The other concern is the timing. It may be difficult to get the scan during the verification step (the period for that should be small, though maybe the vendor could provide a special app to request the verification that would trigger the scan too, I don't know).

Variations could be to just allow the scan to proceed after the transaction to see if anything is left after the process completes.

* IAPAR update

This is to close #343

One concern I have here is that I updated FIA_MBE_EXT.3.1 to match, but technically IAPAR is for verification, so I'm not sure we can use that for enrolment. I don't know what to do if we don't, since then the enrolment requirement is vague, but I also don't know if an IAPAR for verification is in any way equivalent for enrolment.

I didn't make any further changes in terms of tables or such that would explain the calculations or anything differently (or more explicitly), so we may end up needing to do something along those lines, but I'm not sure.

* Strict Guidance update

This initial commit isn't complete but is something to get started with.

* update for quality

This commit completes the initial updates for the quality assessment. All the links previously to the "assessment criteria for samples" are now pointing to the quality assessment criteria report section.

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update BS_SD.adoc

move the ISO into the right order (after replacing NFIQ2)

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update BS_SD.adoc

edit based on @gfiumara comment

* Update Supporting Documents/BS_SD.adoc

I agree Thank you

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update BiocPP.adoc

* Update BS_SD.adoc

* iTC approval for new artefacts

An update to add back iTC approval before new artefact types are allowed

* IAPARE

Added IAPARE to docs for enrolment. For the SD just added "/IAPARE" to the mentions of IAPAR already added since those sections would cover both.

* consolidation of changes

Making all the SFR edits on one line. Also added definition for developer defined quality assessment method.

* remove IAPARE

Remove IAPARE and return the FIA_MBE_EXT.3 requirement back to the original

* Update BS_SD.adoc

added conditions around testing

* Fix some heading markers

Errors turned up in the processing for the output that the headings were off. This just fixes them, no other changes.

* fixed ditaa image labels

This removes the ".png" from the ditaa labels as it was causing HTML output to be generated as file.png.png.

No other changes

* Update BiocPP.adoc

Change to the "Attempt" definition at the beginning of the PP.

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BS_SD.adoc

* Update BiocPP.adoc

* Update BiocPP.adoc

* Update PP_Config.adoc

* Update BS_SD.adoc

I replaced PP_MD_V3.3 with PP_MD in PPM, PPCFG and BIOSD because if V3.3 will be incremented, PP_MD_V3.3 should also be updated.

* Update BiocPP.adoc

minor edits to some sentences

* Update BS_SD.adoc

Several updates to the text (usually adding "the" or similar edits).

* Brian updates

Some minor editorial updates on the language

* Brian edits

minor editorial changes for readability

* Brian editorial changes

minor changes to the language

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Protection Profile/BiocPP.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* clarification

update based on discussion during 9/21 call

* Update BS_SD.adoc

* Update BS_SD.adoc

* edits from Brian

some edits to the text for better readability.

* Change PP_MD_V33 to PP_MD

* Appnote changes for FIA_MBV_EXT.3.1

Modify Application Note 15 and add Application Note 16

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update README.adoc

* inconsistent ECD

I found this while looking at the ECD for something else. Just an inconsistent title

* Changes for publication

Summary of changes:

- PP_MD -> PP_MDF (v3.2 made the change from MD to MDF)
- revisions v1.0 (or 0.99) -> v1.1 for all docs
- PPC-MDF -> CFG-MDF-BIO in references

* verify NBAF (#381)

* verify NBAF

This is to answer #372

* Update BS_SD.adoc

* Update BS_SD.adoc (#379)

* ATE_IND update (#382)

This is to close #373.

* Optional PAD AVA_VAN (#383)

* Optional PAD AVA_VAN

This is to close #374

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* PAD optional (#384)

* PAD optional

This is to close #375.

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Testing week justfication (#385)

* Testing week justfication

This is to close #377.

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Quality assessment update (#386)

* Quality assessment update

This is to close #368 and close #369.

* update from call

Update based on the call discussion

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* memory dump update (#380)

* memory dump update

To respond to #370

* Update BS_SD.adoc

modification to look for template header data (which should be easier to find instead of trying to make something to dump a specific scan to external storage) and let scans occur at any time, before/during/after as possible by the lab

* updates based on call

This updates to remove the memory test as out of scope as it is testing the SEE boundary, and not the TOE boundary.

In line 597 there is a statement (which I left) about source code review being acceptable to ensure this as an alternative to testing (which I left specifically for the TSFI test). I don't want to make this a requirement for the general boundary issue (that everything is inside the SEE), but it is something to consider.

* no TSFI outputs (based on memory dump changes) (#388)

* no TSFI outputs (based on memory dump changes)

This is to close #371.

This new PR supercedes #387 due to the number of changes that were made in #380 that coincided with the changes for this topic.

* local storage update

* Update BS_SD.adoc

* Toolbox integration (#389)

This is to close #378

This part includes the section 4.4 in the PP-Config as well as the additional reference of the Toolbox in the documents.

In the SD this covers adding the toolbox to the list of supporting docs reference at the beginning (I made that into a table from the bullet list to make it a little more clear)

* remove independent testing limit (#390)

This is to make the SD match the updated toolbox in biometricITC/cPP-toolboxes#59

* adding IAPAR definition (#391)

* adding IAPAR definition

Added IAPAR definition in section 7 to respond to concerns about clarity of PAD testing.

* Update BS_SD.adoc

* Update Supporting Documents/BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Update BS_SD.adoc

Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>

* Date update

This is just an update of the dates using the date of the last commit that was approved (prior to this one).

* date and allowed list

To match up with the PP_MDF release the following changes were made:

- release dates for the docs all changed to match with the dates of the PP_MDF date (September 12, 2022)
- The specific PP-Modules that are allowed was removed and replaced by a link to a new page on the website. This will prevent needing to revise the PPM every time NIAP publishes as new Module update as the website page can be done easily.
- in the PP-Config (which will not be used as NIAP will create their own), I changed the reference to the PPM to MOD_BIO_V1.0 which matches the NIAP format for the names

* correct titles

* Update BiocPP.adoc

* Update BS_SD.adoc

* Update BiocPP.adoc

To close #395 and close #396

Co-authored-by: Brian Wood <be.wood@samsung.com>
Co-authored-by: n-kai <n-kai@ipa.go.jp>
Co-authored-by: Greg Fiumara <gregory.fiumara@nist.gov>
Co-authored-by: ccolin318 <56977088+ccolin318@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gfiumara gfiumara gfiumara approved these changes

@n-kai n-kai n-kai approved these changes

@gregott gregott gregott approved these changes

@xahun xahun Awaiting requested review from xahun

@The-Fiona The-Fiona Awaiting requested review from The-Fiona

@ccparran ccparran Awaiting requested review from ccparran

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@woodbe @gfiumara @n-kai @gregott