TD0599: Corrections to SAR Section in CAPP
CA PP doesn't list what assurance requirements apply, unlike all other PPs which do explictly list the requirements. Instead, it lists out all of the elements (sometimes incorrectly numbering them), and for the ASE class (for example) it just says "As per activities defined in [CEM]" without saying which ASE families/components apply.
Section 5.2 in the CAPP is changed as follows:
The following text is modified and the table is added before Section 5.2.1, with strikethrough denoting deletion and underline denoting addition:
The TOE security assurance requirements defined in this section identify the management and evaluative activities required to address the threats identified in Section 3.1 of this PP are identified in Table 5.
Table 5. TOE Security Assurance Requirements
In Section 5.2.3, pg. 77, modify ALC_CMC.2.1E as follows, with strikethrough denoting deletion and underline denoting addition:
ALC_CMC.21.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.
In Section 5.2.3, pg. 77, change every instance of ALC_CMS.2.1... to ALC_CMC.1.1...
Section 5.2.4 is modified as follows, with strikethrough denoting deletion and underline denoting addition:
The ST is evaluated Aas per ASE activities defined in [CEM]. In addition, there may be Evaluation Activities specified within Section 5.1 and relevant appendices that call for necessary descriptions to be included in the TSS that are specific to the TOE technology type.
Other PPs have a table listing the applicable SARs and the components used.