Use Cases Section - commoncriteria/pp-template GitHub Wiki
Updated 29 January 2024
The purpose of the Use Cases section is to support there being different selections required for different uses of the TOE technology. For example, different selections may be required for a device being used in a CSfC configuration versus in a tactical use case.
Use cases appear both in the Use Cases section and in an Appendix. The Appendix is auto-generated.
The Use Cases section contains a series of <usecase> elements within a <usecases> element. Each <usecase>
must include title and id attributes, and a <description> element. The title is displayed with the description in
the Use Cases section and in the Appendix. The id attribute is used by the automation system to indicate whether or not the
use case is claimed in a Security Target.
The <config> element is used to indicate the selections that must be made when the use case is claimed. For example,
a config element might contain
<ref-id>sel-fcs-cop-1-aes-cbc-128</ref-id>where sel-fcs-cop-1-aes-cbc-128 is an identifier associated with a selection elsewhere in the document.
SFRs can be included in the ST through use cases by specifying them by id in the same manner. In such cases, the SFR should include a <depends on-uc="usecaseid"/> element indicating the dependency on the use-case.
The <config> element is optional. If it is not included, then the use cases are just words that appear in the document and have no effect on ST claims.
The XML document Author needs to create a section for the Use Cases. A complete Use Case section could look something like this.
<section title="Use Cases" id="sec-usecases">
This Protection Profile supports several use cases. The cases enumerated below add requirements to
the baseline for this PP due to additional threats or changes in assumptions about the operational environment.
<usecases>
<usecase title="CSfC EUD" id="uc-csfc-eud">
<description>
EUDs used in accordance with the CSfC Mobile Access Capability Package can include
smart phones, tablets, and laptops. This use case covers the basic CSfC requirements
for tablet and laptop EUDs (mobile devices are out of scope for this PP).<h:p/>
Although CSfC requires that users maintain physical control of EUDs at all times,
this use case effectively adds requirements for audit and basic tamper detection and reporting.
</description>
<config>
<ref-id>sel-fpt-php-1</ref-id>
<ref-id>sel-fpt-php-2</ref-id>
</config>
</usecase>
<usecase title="Tactical EUD" id="uc-tactical-eud">
<description>
This use case adds requirements for portable end user computing devices in a tactical environment.
</description>
<config>
<ref-id>sel-fpt-php-3</ref-id>
</config>
</usecase>
.
.
</usecases>
</section>For a Protection Profile, if at least one use case includes a <config> element, then an Appendix listing all the use cases and configurations will be auto-generated. It generally appears near the end of the document, just before the Acronyms and Bibliography.
For a PP-Module, the PP Author must for some reason insert an empty Appendix near the end of the document, which is then auto-populated. E.g.:
<appendix title="Use Case Templates" id="appdx-use-case-templates"/>The title attribute must match those words exactly.
See also, Use Case Templates.