Other Appendixes - commoncriteria/pp-template GitHub Wiki

25 January 2023

A PP developer can add as many other appendixes as they need.

   <appendix id="apndx-other-things" title="Other Things I Want to Say about This Technology">
      blah blah blah
           .
           .
      And another thing....
           .
           .
      So there!
   </appendix>

The appendix will be automatically given a letter. It will appear in the document after the automatically generated Appendixes A, B, and C (if any), and before the automatically generated Acronyms and Bibliography appendixes.

Some examples:

If your document takes advantage of the Rules construct, you can include a "Validation Guidelines" appendix which is automatically populated with detailed specifications of the Rules. The OSPP and Virtualization PP use Rules. See, Validation Rules.

Some PPs include this Appendix to describe what information is expected to be included in the KMD document. Should all requirements documents that reference a KMD have one of these? I don't know.

Only the MDF PP has one if these. It is a table stating the IV requirements for the modes of AES. Interesting, but not necessary.

MDF has one of these too. It's probably the only PP that does.

An Appendix in the MDM PP that describes additional evaluation activities for distributed TOEs.

The PSD PP includes this Appendix to describe the required documentation regarding how the PSD keeps connected computers isolated from one another.

The PSD includes this Appendix to list the types of devices and protocols that are nor permitted to be connected using PSD-compliant devices.

Some PPs include an Appendix for Rationales. This information is auto-generated in the NIAP Framework and placed in various sections throughout the document. So if you write your PP in XML, you don't need to manually create one of these.