Compliant Targets of Evaluation for FPs - commoncriteria/pp-template GitHub Wiki
22 January 2024
This is a section that commonly appears in the Introduction of a Functional Package. It often includes information about how to include the Package with PP and Modules. Most importantly, it specifies the dependencies that the Package has on the PP or Module that includes it.
The <componentsneeded> XML element is used to the SFRs that do not appear in the Package, but are depended on by requirements within the Package. The structure is:
<componentsneeded> # list of components needed
<componentneeded> # each component needed
<componentid>FCS_CKM.1</componentid> # CC Id of component needed
<notes> # Words explaining why the component is needed
To support TLS ciphersuites that use RSA, DHE or ECDHE for key exchange, the PP or PP-Module must
include FCS_CKM.1 and specify the corresponding key generation algorithm.</notes>
</componnentneeded>
.
.
</componentsneeded>A table is auto-generated to display the contents of the <componentsneeded> element.
Below is an example of a complete section. This one is pulled from the TLS FP.
<sec:Compliant_Targets_of_Evaluation>
The Target of Evaluation (TOE) in this Package is a product which acts as a (D)TLS client, a (D)TLS server, or both.
This Package describes the security functionality of TLS and DTLS in terms of [CC].
<h:p/>
The contents of this Package must be appropriately combined with a PP or PP-Module.
When this Package is instantiated by a PP or PP-Module, the Package must
include selection-based requirements in accordance with the
selections or assignments indicated in the PP or PP-Module. These may be expanded by the
the ST author.
<h:p/>
The PP or PP-Module which instantiates this Package must typically include
the following components in order to satisfy dependencies of this Package. It is the responsibility
of the PP or PP-Module author who instantiates this Package to ensure that dependence
on these components is satisfied:<h:br/>
<componentsneeded>
<componentneeded>
<componentid>FCS_CKM.1</componentid>
<notes>To support TLS ciphersuites that use RSA, DHE or ECDHE for key exchange, the PP or PP-Module must
include FCS_CKM.1 and specify the corresponding key generation algorithm.</notes>
</componentneeded>
<componentneeded>
<componentid>FCS_CKM.2</componentid>
<notes>To support TLS ciphersuites that use RSA, DHE or ECDHE for key exchange, the PP or PP-Module must
include FCS_CKM.2 and specify the corresponding algorithm.</notes>
</componentneeded>
<componentneeded>
<componentid>FCS_COP.1</componentid>
<notes>To support TLS ciphersuites that use AES for encryption and decryption, the PP or PP-Module
must include FCS_COP.1 (iterating as needed) and specify AES with corresponding key sizes and modes. To
support TLS ciphersuites that use SHA for hashing, the PP or PP-Module must include FCS_COP.1
(iterating as needed) and specify SHA with corresponding digest sizes.
</notes>
</componentneeded>
<!-- The components in the PP or PP-Module that need this SFR should require it;
it is not _directly_ depended upon by this Package.-->
<componentneeded>
<componentid>FCS_RBG_EXT.1</componentid>
<notes>To support random bit generation needed for the TLS handshake,
the PP or PP-Module must include FCS_RBG_EXT.1.</notes>
</componentneeded>
<componentneeded>
<componentid>FIA_X509_EXT.1</componentid>
<notes>
To support validation of certificates needed during TLS connection setup,
the PP or PP-Module must include FIA_X509_EXT.1.
</notes>
</componentneeded>
<componentneeded>
<componentid>FIA_X509_EXT.2</componentid>
<notes>To support the use of X509 certificates for authentication in TLS connection setup,
the PP or PP-Module must include FIA_X509_EXT.2.
</notes>
</componentneeded>
</componentsneeded>
<h:p/>
An ST must identify the applicable version of the PP or
PP-Module and this Package in its conformance claims.
</sec:Compliant_Targets_of_Evaluation>