Test 25 for FPT_RPL.1 in the MOD_MACSEC_V1.0 SD has duplicated requirements over two paragraphs, each with slightly different wording.

FPT_RPL.1 Test 25 in the MOD_MACSEC_V1.0 SD is modified as follows, with highlighted strikethroughs denoting deletion:

Test 25: The evaluator shall set up a MACsec connection with an entity in the operational environment.

The evaluator shall then capture traffic sent from this remote entity to the TOE. The evaluator shall

retransmit copies of this traffic to the TOE in order to impersonate the remote entity where the PN

values in the SecTag of these packets are less than the lowest acceptable PN for the SA. The evaluator

shall observe that the TSF does not take action in response to receiving these packets and that the audit

log indicates that the replayed traffic was discarded.

The evaluator shall establish a MACsec connection between the TOE and a test system. The evaluator

shall then capture traffic sent from the test system to the TOE. The evaluator shall retransmit copies of

this traffic to the TOE in order to impersonate the remote entity where the PN values in the SecTag of

these packets are less than the lowest acceptable PN for the SA. The evaluator shall observe that the

TSF does not take action in response to receiving these packets and that the audit log indicates that the

replayed traffic was discarded.

See issue description.