FDP_FIL_EXT.1 Test 3 requires the evaluator to examine the PSD UA filtering list and verify all devices are authorized. This test cannot be performed as written for devices without an administrative interface that do not allow for inspection of a fixed device filtering list.

The TSS EA for FDP_FIL_EXT.1 is modified as follows, with underlines denoting additions:

TSS

The evaluator shall examine the TSS and verify that it describes whether the PSD has configurable or fixed  device filtering. 

[Conditional – If “configurable” is selected in FDP_FIL_EXT.1.1/UA, then:] The evaluator shall examine the  TSS and verify  that it describes  the process of configuring  the TOE  for whitelisting and blacklisting UA  peripheral devices, including information on how this function is restricted to administrators.  

[Conditional - if TOE includes an internal UA device with no administrative interface for inspection of a fixed device filtering list, then:] The evaluator shall examine the TSS and verify that it specifies the devices on the fixed device filtering list.

FDP_FIL_EXT.1 Test 3 is modified as follows, with underline denoting addition:

Test 3

[Conditional – Perform this only if “fixed” is selected in FDP_FIL_EXT.1.1/UA and TOE does not include an internal UA device]

The evaluator shall examine the PSD UA whitelist and verify that all devices are authorized devices. 

See issue description.