Update gpcp.xml

Results of 9/4 meeting. Issues 64, 65, and 67 addressed and closed. Changes made to FIA_AFL_EXT.1.3 and FIA_UAU.5.1.

Author: zjbdragon

input/gpcp.xml

@@ -6741,31 +6741,27 @@
 
 			<f-element id="fia-afl-ext-1e3">
 				<title>
-					<h:mark>The TSF shall maintain the number of unsuccessful authentication attempts that have occurred 
+					The TSF shall maintain the number of unsuccessful authentication attempts that have occurred 
 					upon power off if the minimum boot time of the system is shorter than the lockout time
-					specified in FIA_AFL_EXT.1.5. (see Issue 64)</h:mark>
+					specified in FIA_AFL_EXT.1.5.
 				</title>
 				<note role="application">
-					<h:mark>The purpose of this requirement is to prevent hammering attacks focused on
-					a device's pre-OS firmware from bypassing the actions in FIA_AFL_EXT.1.5 by power
-					cycling the system in order to zero the authentication failure count. This purpose
-					is achieved by default if the minimum reboot time of the system is greater than the
-					timeout penalty specified in FIA_AFL_EXT.1.5.<h:p/>
-					If the actions specified in FIA_AFL_EXT.1.5 are device wipe or a non-time-limited lockout, or if
-					the minimum reboot time is shorter than the specified lockout time, then  
-					the authentication failure count must be maintained across power cycles. The variation of
-					boot duration of individual devices and the configurability of FIA_AFL_EXT.1.5
-					may create scenarios where some devices are compliant by design (specifically server-class
-					devices with lengthy boot times) while other devices (specifically fast-booting
-					workstations) may need to implement this requirement. The intention is to protect
-					the pre-OS firmware without making assumptions as to boot duration per device.
-					<h:p/></h:mark>	
-					The TOE may implement an Authentication Factor interface that precedes another Authentication
-					Factor interface in the boot sequence (for example, a volume DAR decryption interface which
-					precedes the lockscreen interface) before the user can access the GPCP. In this situation,
-					because the user must successfully authenticate to the first interface to access the second,
-					the number of unsuccessful authentication attempts need not be maintained for the second 
-					interface.
+					The purpose of this requirement is to prevent hammering attacks focused on a device's pre-OSfirmware
+					from bypassing the actions in FIA_AFL_EXT.1.5 by power cycling the system in order to zero the
+					authentication failure count. The intention is to protect the pre-OS firmware without making
+					assumptions as to boot duration per device. This purpose is achieved by default if the minimum reboot
+					time of the system is greater than the timeout penalty specified in FIA_AFL_EXT.1.5.<h:p/>
+					If the actions specified in FIA_AFL_EXT.1.5 are device wipe or a non-time-limited lockout, or if the
+					minimum reboot time is shorter than the specified lockout time, then the authentication failure count
+					must be maintained across power cycles. The variation of boot duration of individual devices and the
+					configurability of FIA_AFL_EXT.1.5 may create scenarios where some devices are compliant by default
+					(specifically slow-booting servers and workstations) while other devices (specifically fast-booting
+					desktops and notebooks) may need to implement this requirement.<h:p/>
+					The TOE may implement an Authentication Factor interface that precedes another Authentication Factor
+					interface in the boot sequence (for example, a volume DAR decryption interface which precedes the
+					lockscreen interface) before the user can access the GPCP. In this situation, because the user must
+					successfully authenticate to the first interface to access the second, the number of unsuccessful
+					authentication attempts need not be maintained for the second interface.
 				</note>
 			</f-element>
 
@@ -6789,18 +6785,18 @@
 					TSF shall 
 						<selectables linebreak="yes">
 							<selectable>perform a wipe of all protected data</selectable>
-							<selectable>exclude the <h:mark>current Administrator</h:mark> from further authentication attempts</selectable>
-							<selectable>exclude the <h:mark>current Administrator</h:mark> from further authentication
-								attempts for <assignable><h:mark>a period of time greater than zero seconds</h:mark></assignable></selectable>
-							<selectable>exclude the <h:mark>current Administrator</h:mark> from further authentication
-								attempts for <assignable><h:mark>a period of time greater than the minimum boot time of the system</h:mark></assignable></selectable>
+							<selectable>exclude the current Administrator from further authentication attempts</selectable>
+							<selectable>exclude the current Administrator from further authentication
+								attempts for <assignable>a period of time greater than zero seconds</assignable></selectable>
+							<selectable>exclude the current Administrator from further authentication
+								attempts for <assignable>a period of time greater than the minimum boot time of the system</assignable></selectable>
 						</selectables>.
 				</title>
 				<note role="application">
-					<h:mark>(Issue 65) The "current Administrator" is the entity attempting to authenticate to the TOE that has run afoul of 
+					The "current Administrator" is the entity attempting to authenticate to the TOE that has run afoul of 
 					the limit on authentication attempts. For platforms that support multiple Administrator identities, only the
 					identity that has run afoul is punished. For platforms without such support, these actions
-					are effectively applied to the authentication mechanism rather than a specific user.</h:mark><h:p/>
+					are effectively applied to the authentication mechanism rather than a specific user.<h:p/>
 					Wipe is performed in accordance with FCS_CKM.6. Protected data is all non-TSF data, 
 					including all user or enterprise data. Some or all of this data may be considered sensitive
 					data as well.<h:p/>
@@ -7034,11 +7030,11 @@
 				<title>
 					The TSF shall provide [<h:i>password and 
 					<selectables>
-						<selectable id="sel-fia-uau-5-x509">X.509 certificate-based authentication</selectable>
-						<selectable id="sel-fia-uau-5-ssh"><h:mark>SSH-based public key, password, or certificate authentication</h:mark></selectable>
+						<selectable id="sel-fia-uau-5-x509">certificate-based authentication</selectable>
+						<selectable id="sel-fia-uau-5-ssh">public key-based authentication</selectable>
 						<selectable>biometric authentication</selectable>
 						<selectable exclusive="yes">no other authentication mechanism</selectable>
-					</selectables></h:i>] to support user authentication.<h:mark>See Issue 67</h:mark>
+					</selectables></h:i>] to support user authentication.
 				</title>
 				<note role="application">
 					This SFR is included in the ST if the "<h:i>Administrator</h:i>" role is selected
@@ -7050,9 +7046,8 @@
 					The Password Authentication Factor is configured according to FIA_PMG_EXT.1.<h:p/>
 					If "<h:i>X.509 certificate-based authentication</h:i>" is selected, then the ST must include 
 					FIA_X509_EXT.1 and FIA_X509_EXT.2 from <xref to="pkg-x509"/>.<h:p/>
-					The ST Author should select "<h:i>SSH-based authentication</h:i>" if the TOE supports 
-					SSH-based authentication, whether public key-, password-, or certificate-based. In this case,
-					the ST claims the <xref to="pkg-ssh"/>.	
+					If "<h:i>public key-based authentication authentication</h:i>" is selected, then the ST must claim
+					the <xref to="pkg-ssh"/>.	
 				</note>
 			</f-element>
 			<f-element id="fia-uau-5e2">