Other PP‐Module Appendixes - commoncriteria/pp-template GitHub Wiki

1 February 2024

All NIAP PP-Modules have an Appendix A for "optional" requirements and an Appendix B for selection-based requirements. All PP-Modules that include Extended Components have Appendix C for the Extended Component Definitions (ECD). Also, all PP-Modules end with an Acronyms Appendix and a Bibliography.

In between the ECD Appendix and the Acronyms Appendix, there may be several other Appendixes at the PP-Author's discretion.

General PP-Modules

Additional appendixes that tend to appear in a typical PP-Module.

Appendix: Use Case Templates

If the PP-Module defines use-cases that change ST Claims when selected, then the PP-Author should include a Use Case Templates Appendix, which is auto-generated from the Use Case definitions.

Appendix: Implicitly Satisfied Requirements

This Appendix should be included if there are any SFR dependencies that are not resolved within the PP-Module.

Appendix: Entropy Documentation and Assessment

This Appendix should be included if the TOE uses an entropy source. Some PP-Modules include this Appendix only to state that the TOE does not need anything more to describe its entropy sources beyond what is in the Base PP. Whatever.

Appendix: Key Management Description

Some PP-Modules include this Appendix to describe what information is expected to be included in the KMD document. Should all requirements documents that reference a KMD have one of these? I don't know.

Appendix: Equivalency Guidelines

Currently, no PP-Modules include a Equivalency Guidelines. But there's no reason why they couldn't.

Network Devices

The Network Device collaborative Protection Profile is the only NIAP-endorsed Protection Profile that explicitly supports distributed TOEs. All PP-Modules that support NDcPP as a base include the following Appendix:

Appendix: Allocation of Requirements in Distributed TOEs

This Appendix defines which components of a distributed TOE must meet which requirements. This is indicated in a table where each SFR is assigned a value of "All" (all components must satisfy the requirement), "One" (at least one component must satisfy the requirement), or "Feature Dependent" (components that implement the feature must satisfy the requirement). Currently, there is no special support for this Appendix in NIAP XML, so the table must be manually generated. Once NDcPP is translated into NIAP XML, there should be a way to auto-generate this table based on tags or attributes of the SFRs.

Peripheral Sharing Devices

The PSD PP has it's own constellation of PP-Modules with their own special Appendixes.

Appendix: Isolation Documentation and Assessment

The PSD PP includes an Appendix describing a requirement for supplementary information for on the way isolation is implemented between two computers connected by a PSD. PSD PP-Modules include this Appendix, if only to state that no other information is required than that that is required by the Base PP.

Appendix: Peripheral Device Connections

This Appendix lists devices and protocols that are not authorized for connection using the PSD.

Appendix: Interactions between PP‐Modules

Some PSD PP-Modules can appear in a configuration with each other. "This appendix provides any additional guidance required to address interactions between multiple PP‐Modules when they are both contained within a PP‐Configuration."