Implementation‐dependent Requirements - commoncriteria/pp-template GitHub Wiki

16 January 2024

An Implementation-dependent Requirement is an SFR that must be claimed by the ST Author if the TOE implements a particular feature.

CC:2022 Part 1 defines two categories of optional requirements:

The first category of optional requirements is elective. Requirements in this category do not need to be included in a PP/ST in order for the PP/ST to claim conformance (of any type) to the PP or PP-Configuration where the requirement is defined. In this case, it is not obligatory that the PP/ST includes the requirement, even if the TOE implements the functionality described by the requirement.

The second category of optional requirements is conditional. If the TOE implements the described functionality then the optional requirement shall be included in the PP/ST. If the TOE does not implement the functionality covered by the optional requirement, then the requirement is not included in the PP/ST.

In NIAP PPs, the first category ("elective") is called "optional" or "strictly optional." The second category ("conditional") is referred to as "implementation-dependent" or "feature-based."

See the below references for details on how to specify Implementation-dependent Requirements in a document.

Implementation-dependent Requirements specified in a Protection Profile or Functional Package automatically appear in Appendix A.3.

The same is true for Implementation-dependent Requirements defined in the main body of a PP-Module. Implementation-dependent Requirements defined in the Additional SFRs section under a Base PP in a PP-Module appear in the same Additional SFRs section with a header indicating that claiming of the SFR is conditional on the TOE implementing a particular feature.

For more on Optional and Implementation-dependent Requirements, see

• Optional, Objective, and Implementation‐Dependent SFRs, and
• Classifying SFRs as Mandatory, Selection‐based, etc.