Security Requirements Section for PP‐Modules - commoncriteria/pp-template GitHub Wiki

31 January 2024

The Security Requirements section for PP-Modules consists of three sub-sections. First is a section defining the Base-PP requirements that are modified or added by the PP-Module, along with the information needed to generate a Consistency Rationale.

These sections are followed by the requirements that apply across all Base-PPs. These are organized by sections for mandatory, optional, objective, selection-based, and implementation-dependent SFRs. There is also an optional section for any SARs that may be introduced by the PP-Module.

• Requirements Direction for Each Base PP
• • Modified SFRs
• • Additional SFRs
• • Consistency Information
• PP-Module TOE Requirements
• • Mandatory SFRs
• • SARs (optional)
• • Optional SFRs
• • Selection-based SFRs
• • Objective SFRs
• • Implementation-dependent SFRs
• TOE Security Requirements Rationale

This input is generated into several sections of the final document:

• Security Requirements
• • Requirements Direction for Base PP 1
• • Requirements Direction for Base PP 2
• • Requirements Direction for Base PP N
• • TOE Security Functional Requirements (from Mandatory SFRs)
• • TOE Security Functional Requirements Rationale (auto-generated)
• • TOE Security Assurance Requirements (from SARs, if present)
• Consistency Rationale (auto-generated, a subsection for each Base PP)
• Appendix A: Optional SFRs
• • Appendix A.1: Strictly Optional Requirements (from Optional SFRs)
• • Appendix A.2: Objective Requirements (from Objective SFRs)
• • Appendix A.3: Implementation-dependent Requirements (from Implementation-dependent SFRs)
• Appendix B: Selection-based Requirements (from Selection-based SFRs)

Currently, all SARs, whether optional or mandatory, appear in the TOE Security Assurance Requirements subsection. This may change in the future.

In NIAP PP-Modules, the Evaluation Activities are currently published in a separate Supporting Document. Soon this will change and EAs will be published as part of the PP-Module.

The Security Requirements Section can specified in one of three ways:

  <section title="Security Requirements" id="sec-uniqueId">

  <sec:Security_Requirements>

  <sec:secreq title="Security Requirements">

The section declaration can be followed by arbitrary HTML text or any number of other sections before the SFR section.