SFR to objective mapping

Question

SFR to objective mapping

kgal opened this issue 5 years ago · 16 comments

The current schema doesn't provide a place to include rationale for justifying SFR-to-objective mapping. The mapping itself is present, but there should also be a place to put rationale to satisfy the APE_OBJ.2 workunits (similar to the threat-objective mapping rationale that is already present).

Answer 1 · 2020-01-22T17:33:42.000Z

This has never been required, so until NIAP specifically asks for it, we will not add it.

Answer 2 · 2020-02-04T13:14:58.000Z

This is required per the CC so we need it added.

Answer 3 · 2020-02-10T14:48:12.000Z

Hi Kevin - Could this be fixed within the next week or so? We are unable to post new PP-Modules without this section. Thanks. Dianne

Answer 4 · 2020-02-10T21:03:03.000Z

I envision after each SO mapping (https://commoncriteria.github.io/pp/pp-template/ModuleTemplate-release.html#SecurityObjectivesTOE), there's going to a section for Rationale, is that what you are thinking? Rationale per SO, but not per requirement? It won't take me long.

Answer 5 · 2020-02-10T21:21:17.000Z

See - https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0498 We need both.

…

On Mon, Feb 10, 2020 at 4:10 PM kgal ***@***.***> wrote: I envision after each SO mapping ( https://commonncriteria.github.io/pp/pp-template/ModuleTemplate-release.html#SecurityObjectivesTOE <https://commoncriteria.github.io/pp/pp-template/ModuleTemplate-release.html#SecurityObjectivesTOE>), there's going to a section for Rationale, is that what you are thinking? Rationale per SO, but not per requirement? It won't take me long. — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub <#14?email_source=notifications&email_token=AGLFK74MYZ6VCGG6GTUZRFLRCG6IRA5CNFSM4J563X52YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELKIHPQ#issuecomment-584352702>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AGLFK76Z4E5X3DNN4G2WV3DRCG6IRANCNFSM4J563X5Q> .

Answer 6 · 2020-02-10T21:28:37.000Z

But the first one is already in the transforms

…

On Mon, Feb 10, 2020 at 4:21 PM Dianne Hale ***@***.***> wrote: See - https://www.niap-ccevs.org/Documents_and_Guidance/view_td.cfm?TD=0498 We need both. On Mon, Feb 10, 2020 at 4:10 PM kgal ***@***.***> wrote: > I envision after each SO mapping ( > https://commonncriteria.github.io/pp/pp-template/ModuleTemplate-release.html#SecurityObjectivesTOE > <https://commoncriteria.github.io/pp/pp-template/ModuleTemplate-release.html#SecurityObjectivesTOE>), > there's going to a section for Rationale, is that what you are thinking? > Rationale per SO, but not per requirement? It won't take me long. > — > You are receiving this because you modified the open/close state. > Reply to this email directly, view it on GitHub > <#14?email_source=notifications&email_token=AGLFK74MYZ6VCGG6GTUZRFLRCG6IRA5CNFSM4J563X52YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELKIHPQ#issuecomment-584352702>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AGLFK76Z4E5X3DNN4G2WV3DRCG6IRANCNFSM4J563X5Q> > . >

Answer 7 · 2020-02-11T21:43:32.000Z

I think I have the table you want:
https://commoncriteria.github.io/pp/pp-template/pp-template-release.html#SecurityObjectivesTOE
It's not in the right place and I deleted another section (the Objective definitions) that I have to put back in, but as far as the table itself, how does the content look? I also have to stylize it a bit better too.

Answer 8 · 2020-02-11T22:57:24.000Z

Yes, that looks good.

…

On Tue, Feb 11, 2020 at 4:55 PM kgal ***@***.***> wrote: I think I have the table you want: https://commoncriteria.github.io/pp/pp-template/pp-template-release.html#SecurityObjectivesTOE It's not in the right place and I deleted another section (the Objective definitions) that I have to put back in, but as far as the table itself, how does the content look? I also have to stylize it a bit better too. — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub <#14?email_source=notifications&email_token=AGLFK77DFLCVA7FIF4T7ETTRCMLYJA5CNFSM4J563X52YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELOGBVI#issuecomment-584868053>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AGLFK72UM3V6WXSFLDK7QG3RCMLYJANCNFSM4J563X5Q> .

Answer 9 · 2020-02-14T18:47:28.000Z

Okay how does it look now? I moved it to 4.3 which already has the other table with assumptions/threats/OSPs.

Answer 10 · 2020-02-14T19:09:10.000Z

Looks good but it has to be moved to Section 5 under the SFRs. The title need to be "TOE Security Requirements Rationale" and the sentence that describes it should read "The following rationale provides justification for each security objective for the TOE, showing that the SFRs are suitable to meet and achieve the security objectives:" Thank you.

Answer 11 · 2020-02-18T18:30:18.000Z

See if these look okay:
https://commoncriteria.github.io/pp/pp-template/pp-template-release.html#obj_map
https://commoncriteria.github.io/pp/pp-template/ModuleTemplate-release.html#obj-req-map

Answer 12 · 2020-02-18T20:09:51.000Z

I think the SFR rationale should go after all the SFRs are listed. And, for PP-Modules we may need to have this for each “Base-PP Direction” section since often there are different SFRs added for different Base-PPs. But, let me discuss with one of our Senior validators and get back to you on that.

Answer 13 · 2020-02-19T18:58:32.000Z

For the pp-template, it's now after the SFRs. Waiting for guidance on modules.

Answer 14 · 2020-02-19T19:27:55.000Z

Ok, So, I think it should be the next section 5.2 and move the SAR (current 5.2) to 5.3 in the pp-template. For the Module-Template, it should be moved after the current section 5.4. I think that will work.

Answer 15 · 2020-02-20T18:44:40.000Z

One more time... I think I've got it.

Answer 16 · 2020-02-20T19:17:51.000Z

Looks good. Thank you.