NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0599:  Corrections to SAR Section in CAPP

Publication Date

Protection Profiles

Other References
Section 5.2

Issue Description

CA PP doesn't list what assurance requirements apply, unlike all other PPs which do explictly list the requirements. Instead, it lists out all of the elements (sometimes incorrectly numbering them), and for the ASE class (for example) it just says "As per activities defined in [CEM]" without saying which ASE families/components apply.


Section 5.2 in the CAPP is changed as follows:

The following text is modified and the table is added before Section 5.2.1, with strikethrough denoting deletion and underline denoting addition:

The TOE security assurance requirements defined in this section identify the management and evaluative activities required to address the threats identified in Section 3.1 of this PP are identified in Table 5.

Table 5. TOE Security Assurance Requirements

Assurance Class

Assurance Components

Development (ADV)

Basic functional specification (ADV_FSP.1)

Guidance Documentation (AGD)

Operational user guidance (AGD_OPE.1)

Preparative procedures (AGD_PRE.1)

Life-Cycle Support (ALC)

Labeling of the TOE (ALC_CMC.1)

TOE CM coverage (ALC_CMS.1)

Security Target (ASE)

ST introduction (ASE_INT.1)

Conformance claims (ASE_CCL.1)

Security objectives for the operational environment


Extended components definition (ASE_ECD.1)

Stated security requirements (ASE_REQ.1)

Tests (ATE)

Independent testing - Conformance (ATE_IND.1)

Vulnerability Assessment (AVA)

Vulnerability survey (AVA_VAN.1)

In Section 5.2.3, pg. 77, modify ALC_CMC.2.1E as follows, with strikethrough denoting deletion and underline denoting addition:

ALC_CMC.21.1E      The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.

In Section 5.2.3, pg. 77, change every instance of  ALC_CMS.2.1... to ALC_CMC.1.1...

Section 5.2.4 is modified as follows, with strikethrough denoting deletion and underline denoting addition:

The ST is evaluated Aas per ASE activities defined in [CEM]. In addition, there may be Evaluation Activities specified within Section 5.1 and relevant appendices that call for necessary descriptions to be included in the TSS that are specific to the TOE technology type.


Other PPs have a table listing the applicable SARs and the components used.

Site Map              Contact Us              Home