Optional Requirements - commoncriteria/pp-template GitHub Wiki

Updated 29 January 2024

An Optional Requirement is an SFR or SAR that is claimed in the ST at the discretion of the St Author. Its claiming is totally optional and without conditions.

CC:2022 Part 1 defines two categories of optional requirements:

The first category of optional requirements is elective. Requirements in this category do not need to be included in a PP/ST in order for the PP/ST to claim conformance (of any type) to the PP or PP-Configuration where the requirement is defined. In this case, it is not obligatory that the PP/ST includes the requirement, even if the TOE implements the functionality described by the requirement.

The second category of optional requirements is conditional. If the TOE implements the described functionality then the optional requirement shall be included in the PP/ST. If the TOE does not implement the functionality covered by the optional requirement, then the requirement is not included in the PP/ST.

In NIAP PPs, the first category ("elective") is called "optional" or "strictly optional." The second category ("conditional") is referred to as "implementation-dependent" or "feature-based."

See the below references for details on how to specify Optional Requirements in a document.

Optional Requirements specified in a Protection Profile or Functional Package automatically appear in Appendix A.1 of the document, entitled "Strictly Optional Requirements." This includes both optional SFRs and optional SARs.

The same is true for Optional Requirements defined in the main body of a PP-Module. Optional Requirements defined in the Additional SFRs section under a Base PP in a PP-Module appear in the same Additional SFRs section with a header indicating that the SFR is optional.

For more on Optional and Implementation-dependent Requirements, see

• Optional, Objective, and Implementation‐Dependent SFRs, and
• Classifying SFRs as Mandatory, Selection‐based, etc.