TD0599: Corrections to SAR Section in CAPP
Publication Date
2021.09.02
Protection Profiles
PP_CA_V2.1
Other References
Section 5.2
Issue Description
CA PP doesn't list what assurance requirements apply, unlike all other PPs which do explictly list the requirements. Instead, it lists out all of the elements (sometimes incorrectly numbering them), and for the ASE class (for example) it just says "As per activities defined in [CEM]" without saying which ASE families/components apply. Resolution
Section 5.2 in the CAPP is changed as follows: The following text is modified and the table is added before Section 5.2.1, with strikethrough denoting deletion and underline denoting addition: The TOE security assurance requirements defined in this section identify the management and evaluative activities required to address the threats identified in Section 3.1 of this PP are identified in Table 5. Table 5. TOE Security Assurance Requirements
In Section 5.2.3, pg. 77, modify ALC_CMC.2.1E as follows, with strikethrough denoting deletion and underline denoting addition: ALC_CMC.21.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. In Section 5.2.3, pg. 77, change every instance of ALC_CMS.2.1... to ALC_CMC.1.1... Section 5.2.4 is modified as follows, with strikethrough denoting deletion and underline denoting addition: The ST is evaluated Aas per ASE activities defined in [CEM]. In addition, there may be Evaluation Activities specified within Section 5.1 and relevant appendices that call for necessary descriptions to be included in the TSS that are specific to the TOE technology type. Justification
Other PPs have a table listing the applicable SARs and the components used. |