Security Functional Requirements Section - commoncriteria/pp-template GitHub Wiki
Updated 29 January 2024
The SFR section constitutes the bulk of most PPs. In PP-Modules, the SFR section contains all the functional requirements that are common to all Base PPs. It can be declared in one of the usual three ways:
<section title="Security Functional Requirements" id="sec-uniqueId">
<sec:Security_Functional_Requirements>
<sec:sfrs title="Security Functional Requirements">Ideally, the Auditable Events Table for Mandatory SFRs should be the first item in this section. It can be declared like this:
<section id="ss-audit-table" title="Auditable Events for Mandatory SFRs">
<audit-table id="at-mandatory" table="mandatory"/>
</section>If the auditable events are defined with the SFRs as recommended, then the contents of this table are auto-generated from the audit events defined with all the mandatory SFRs.
It is not required that Auditable Events be displayed in this form. The this table can be placed anywhere, but this makes the most sense given how audit events are presented for selection-based and optional requirements.
Alternatively, specifying the <display-audit-with-sfrs/> in the PP Preferences causes all the the audit events to be displayed with their SFR. And you can even do it both ways if you want.
For more on Audit Tables, see Audit Tables.
The main body of the SFR Section consists of sub-sections for each SFR Class. All SFRs are specified in this section whether or not they are mandatory, optional, objective, selection-based, or implementation-dependent. The framework displays the SFRs in their proper place with the mandatory requirements remaining in this section and the others displayed in Appendixes A and B.
The framework automatically generates a Security Functional Requirements Rationale section that is displayed following the last SFR class and before the SAR section.
See also,