@@ -582,8 +582,7 @@ And maybe there should be a section of the PP that says all this. So maybe some
582582 <cc-pkg-claim>
583583 <FP-cc-ref conf="conformant">Functional Package for TLS, version 2.1</FP-cc-ref>
584584 <FP-cc-ref conf="conformant">Functional Package for Secure Shell, version 2.0</FP-cc-ref>
585- <FP-cc-ref conf="conformant">Functional Package for X.509, version 1.0</FP-cc-ref>
586- <AP-cc-ref conf="conformant">Assurance Package for Flaw Remediation, version 1.0</AP-cc-ref>
585+ <FP-cc-ref conf="conformant">Functional Package for X.509, version 1.0</FP-cc-ref>
587586 </cc-pkg-claim>
588587 </CClaimsInfo>
589588 </sec:Conformance_Claims>
@@ -11578,6 +11577,201 @@ And maybe there should be a section of the PP that says all this. So maybe some
1157811577 </aactivity>
1157911578 </a-element>
1158011579 </a-component>
11580+
11581+ <a-component cc-id="alc_flr.1" name="Basic Flaw Remediation (ALC_FLR.1)" status="optional">
11582+ <a-element type="D">
11583+ <title>The developer shall document and provide flaw remediation procedures addressed to TOE
11584+ developers.</title>
11585+ </a-element>
11586+ <a-element type="C">
11587+ <title>The flaw remediation procedures documentation shall describe the procedures used to
11588+ track all reported security flaws in each release of the TOE.</title>
11589+ </a-element>
11590+ <a-element type="C">
11591+ <title>The flaw remediation procedures shall require that a description of the nature and effect
11592+ of each security flaw be provided, as well as the status of finding a correction to that flaw.</title>
11593+ </a-element>
11594+ <a-element type="C">
11595+ <title>The flaw remediation procedures shall require that corrective actions be identified for
11596+ each of the security flaws.</title>
11597+ </a-element>
11598+ <a-element type="C">
11599+ <title>The flaw remediation procedures documentation shall describe the methods used to
11600+ provide flaw information, corrections and guidance on corrective actions to TOE users.</title>
11601+ </a-element>
11602+ <a-element type="E">
11603+ <title>The evaluator shall confirm that the information provided meets all requirements for
11604+ content and presentation of evidence.</title>
11605+ <aactivity>Evaluated as specified by <xref to="bibCEM"/>.</aactivity>
11606+ </a-element>
11607+ </a-component>
11608+
11609+
11610+
11611+ <a-component cc-id="alc_flr.2" name="Flaw Reporting Procedures (ALC_FLR.2)" status="optional">
11612+ <a-element type="D">
11613+ <title>
11614+ The developer shall document and provide flaw remediation procedures addressed to TOE
11615+ developers.</title>
11616+ </a-element>
11617+ <a-element type="D">
11618+ <title>
11619+ The developer shall establish a procedure for accepting and acting upon all reports of
11620+ security flaws and requests for corrections to those flaws.
11621+ </title>
11622+ </a-element>
11623+ <a-element type="D">
11624+ <title>
11625+ The developer shall provide flaw remediation guidance addressed to TOE users.
11626+ </title>
11627+ </a-element>
11628+ <a-element type="C">
11629+ <title>
11630+ The flaw remediation procedures documentation shall describe the procedures used to track all
11631+ reported security flaws in each release of the TOE.</title>
11632+ </a-element>
11633+ <a-element type="C">
11634+ <title>
11635+ The flaw remediation procedures shall require that a description of the nature and effect of each
11636+ security flaw be provided, as well as the status of finding a correction to that flaw.</title>
11637+ </a-element>
11638+ <a-element type="C">
11639+ <title>
11640+ The flaw remediation procedures shall require that corrective actions be identified for each of the
11641+ security flaws.</title>
11642+ </a-element>
11643+ <a-element type="C">
11644+ <title>
11645+ The flaw remediation procedures documentation shall describe the methods used to provide flaw
11646+ information, corrections and guidance on corrective actions to TOE users.
11647+ </title>
11648+ </a-element>
11649+ <a-element type="C">
11650+ <title>
11651+ The flaw remediation procedures shall describe a means by which the developer receives
11652+ from TOE users reports and enquiries of suspected security flaws in the TOE.
11653+ </title>
11654+ </a-element>
11655+ <a-element type="C">
11656+ <title>
11657+ The procedures for processing reported security flaws shall ensure that any reported
11658+ flaws are remediated and the remediation procedures issued to TOE users.
11659+ </title>
11660+ </a-element>
11661+ <a-element type="C">
11662+ <title>
11663+ The procedures for processing reported security flaws shall provide safeguards that any
11664+ corrections to these security flaws do not introduce any new flaws.
11665+ </title>
11666+ </a-element>
11667+ <a-element type="C">
11668+ <title>
11669+ The flaw remediation guidance shall describe a means by which TOE users report to the
11670+ developer any suspected security flaws in the TOE.
11671+ </title>
11672+ </a-element>
11673+ <a-element type="E">
11674+ <title>
11675+ The evaluator shall confirm that the information provided meets all requirements for content and
11676+ presentation of evidence.</title>
11677+ <aactivity>Evaluated as specified by <xref to="bibCEM"/>.</aactivity>
11678+ </a-element>
11679+ </a-component>
11680+
11681+
11682+ <a-component cc-id="alc_flr.3" name="Systematic Flaw Remediation (ALC_FLR.3)" status="optional">
11683+ <a-element type="D">
11684+ <title>
11685+ The developer shall document and provide flaw remediation procedures addressed to TOE
11686+ developers.
11687+ </title>
11688+ </a-element>
11689+ <a-element type="D">
11690+ <title>
11691+ The developer shall establish a procedure for accepting and acting upon all reports of security
11692+ flaws and requests for corrections to those flaws.
11693+ </title>
11694+ </a-element>
11695+ <a-element type="D">
11696+ <title>
11697+ The developer shall provide flaw remediation guidance addressed to TOE users.
11698+ </title>
11699+ </a-element>
11700+ <a-element type="C">
11701+ <title>
11702+ The flaw remediation procedures documentation shall describe the procedures used to track all
11703+ reported security flaws in each release of the TOE.
11704+ </title>
11705+ </a-element>
11706+ <a-element type="C">
11707+ <title>
11708+ The flaw remediation procedures shall require that a description of the nature and effect of each
11709+ security flaw be provided, as well as the status of finding a correction to that flaw.
11710+ </title>
11711+ </a-element>
11712+ <a-element type="C">
11713+ <title>
11714+ The flaw remediation procedures shall require that corrective actions be identified for each of the
11715+ security flaws.
11716+ </title>
11717+ </a-element>
11718+ <a-element type="C">
11719+ <title>
11720+ The flaw remediation procedures documentation shall describe the methods used to provide flaw
11721+ information, corrections and guidance on corrective actions to TOE users.
11722+ </title>
11723+ </a-element>
11724+ <a-element type="C">
11725+ <title>
11726+ The flaw remediation procedures shall describe a means by which the developer receives from
11727+ TOE users reports and enquiries of suspected security flaws in the TOE.
11728+ </title>
11729+ </a-element>
11730+ <a-element type="C">
11731+ <title>
11732+ The flaw remediation procedures shall include a procedure requiring timely response and
11733+ the automatic distribution of security flaw reports and the associated corrections to
11734+ registered users who might be affected by the security flaw.
11735+ </title>
11736+ </a-element>
11737+ <a-element type="C">
11738+ <title>
11739+ The procedures for processing reported security flaws shall ensure that any reported flaws are
11740+ remediated and the remediation procedures issued to TOE users.
11741+ </title>
11742+ </a-element>
11743+ <a-element type="C">
11744+ <title>
11745+ The procedures for processing reported security flaws shall provide safeguards that any
11746+ corrections to these security flaws do not introduce any new flaws.
11747+ </title>
11748+ </a-element>
11749+ <a-element type="C">
11750+ <title>
11751+ The flaw remediation guidance shall describe a means by which TOE users report to the
11752+ developer any suspected security flaws in the TOE.
11753+ </title>
11754+ </a-element>
11755+ <a-element type="C">
11756+ <title>
11757+ The flaw remediation guidance shall describe a means by which TOE users may register
11758+ with the developer, to be eligible to receive security flaw reports and corrections.
11759+ </title>
11760+ </a-element>
11761+ <a-element type="C">
11762+ <title>
11763+ The flaw remediation guidance shall identify the specific points of contact for all reports
11764+ and enquiries about security issues involving the TOE.
11765+ </title>
11766+ </a-element>
11767+ <a-element type="E">
11768+ <title>
11769+ The evaluator shall confirm that the information provided meets all requirements for content and
11770+ presentation of evidence.</title>
11771+ <aactivity>Evaluated as specified by <xref to="bibCEM"/>.</aactivity>
11772+ </a-element>
11773+ </a-component>
11774+
1158111775 </section>
1158211776
1158311777 <section title="Class ASE: Security Target Evaluation" id="ase">
0 commit comments