TD0619: Test EAs for internal UA devices
FDP_FIL_EXT.1 Test 3 requires the evaluator to examine the PSD UA filtering list and verify all devices are authorized. This test cannot be performed as written for devices without an administrative interface that do not allow for inspection of a fixed device filtering list.
The TSS EA for FDP_FIL_EXT.1 is modified as follows, with underlines denoting additions:
The evaluator shall examine the TSS and verify that it describes whether the PSD has configurable or fixed device filtering.
[Conditional – If “configurable” is selected in FDP_FIL_EXT.1.1/UA, then:] The evaluator shall examine the TSS and verify that it describes the process of configuring the TOE for whitelisting and blacklisting UA peripheral devices, including information on how this function is restricted to administrators.
[Conditional - if TOE includes an internal UA device with no administrative interface for inspection of a fixed device filtering list, then:] The evaluator shall examine the TSS and verify that it specifies the devices on the fixed device filtering list.
FDP_FIL_EXT.1 Test 3 is modified as follows, with underline denoting addition:
[Conditional – Perform this only if “fixed” is selected in FDP_FIL_EXT.1.1/UA and TOE does not include an internal UA device]
The evaluator shall examine the PSD UA whitelist and verify that all devices are authorized devices.
See issue description.