-
Notifications
You must be signed in to change notification settings - Fork 3
Discussions
The purpose of this page is to discuss unresolved issues.
fmt_smf.1.1 uses the phrase "system identity information" (which is uncomfortably close to the PII phrase). Do we have to formally define it? or should we reword to identify information related to the system (then does that include IP address?)
Section 5.1. Note that this uses almost no requirements from the existing CC part 2, and that the requirements are not written in CC language. This is not how a PP should be written. One would think there would be more Part 2 SFRs – in particular, there is no audit.
Section 5.1. The assurance activities are not written properly. The last validators workshop emphasized that each assurance activity should have something for the TSS, something for the guidance documentation, as well as the testing activities.
Isn't "Application Software" == "Application"?
Section 5.1, FDP_DEC_EXT.1.3.: Should Applications be required to provide justification for seeking privileged resources?