Active anti-tamper mechanisms for the remote controller should only permanently disable the remote, not the entire TOE, as is currently written.

FPT_PHP.3 in PSD PP v4.0 is modified as follows (underlines indicate additions):

FPT_PHP.3.1  The TSF shall resist [a physical attack for the purpose of gaining access to the internal components, to damage the anti-tamper battery, to drain or exhaust the anti-tamper battery] to the [TOE enclosure and any remote controllers] by the attacked component becoming permanently disabled.

Application Note:  ‘By the attacked component becoming permanently disabled’ is interpreted to mean that if the TOE enclosure is attacked, the TOE is disabled so that the connected peripheral devices will cease to function; however, if the remote controller is attacked, only the remote controller needs to be disabled so that switching through the remote control functionality will cease to function.

Test steps 1 and 2 are swapped.

See issue.