One of the guidance evaluation activities for FAU_ALT_EXT.1.3 in the Supporting Document for MOD_EDR_V1.0 implies a requirement that is not present in the SFR and is not sufficiently clear on the level of detail required.

The Supporting Document for MOD_EDR_V1.0 is updated as follows:

The following guidance evaluation activity for FAU_ALT_EXT.1 is replaced as follows:

The evaluator shall review the operational guidance to ensure that it contains documentation on the products supported for exporting alerts in standards-based formats.

The evaluator shall examine the guidance documentation to ensure it describes the formats supported and the methods of data export being claimed (e.g., written to a file on the underlying platform, communication over a TOE interface to another product, etc.). If communication over a TOE interface to another product (other than the underlying platform) is required to export the data, the evaluator shall verify the guidance documentation describes what products or product types are supported, how to establish communication with those products, any requirements on those products (particular communication protocol, version of the protocol required, etc.), and the configuration of the TOE needed to communicate with those products.

FAU_ALT_EXT.1.3 does not require the TOE to communicate with another product to export data, as the TOE could output the data to a file, which could then be imported into another product. 

"Documentation on the products supported" could falsely imply that the vendor must provide all guidance needed for another product to receive and process the data.