SFR to objective mapping
kgal opened this issue · 16 comments
The current schema doesn't provide a place to include rationale for justifying SFR-to-objective mapping. The mapping itself is present, but there should also be a place to put rationale to satisfy the APE_OBJ.2 workunits (similar to the threat-objective mapping rationale that is already present).
This has never been required, so until NIAP specifically asks for it, we will not add it.
This is required per the CC so we need it added.
Hi Kevin - Could this be fixed within the next week or so? We are unable to post new PP-Modules without this section. Thanks. Dianne
I envision after each SO mapping (https://commoncriteria.github.io/pp/pp-template/ModuleTemplate-release.html#SecurityObjectivesTOE), there's going to a section for Rationale, is that what you are thinking? Rationale per SO, but not per requirement? It won't take me long.
I think I have the table you want:
https://commoncriteria.github.io/pp/pp-template/pp-template-release.html#SecurityObjectivesTOE
It's not in the right place and I deleted another section (the Objective definitions) that I have to put back in, but as far as the table itself, how does the content look? I also have to stylize it a bit better too.
Okay how does it look now? I moved it to 4.3 which already has the other table with assumptions/threats/OSPs.
Looks good but it has to be moved to Section 5 under the SFRs. The title need to be "TOE Security Requirements Rationale" and the sentence that describes it should read "The following rationale provides justification for each security objective for the TOE, showing that the SFRs are suitable to meet and achieve the security objectives:" Thank you.
For the pp-template, it's now after the SFRs. Waiting for guidance on modules.
Ok, So, I think it should be the next section 5.2 and move the SAR (current 5.2) to 5.3 in the pp-template. For the Module-Template, it should be moved after the current section 5.4. I think that will work.
One more time... I think I've got it.
Looks good. Thank you.