Spell check and version numbers

Jenn Honkofsky · Jenn Honkofsky · commit b7a5939676d2 · 2025-08-22T22:38:20.000-04:00
diff --git a/input/stip.xml b/input/stip.xml
@@ -23,23 +23,24 @@
   
   <RevisionHistory>
     <entry>
-      <version>2.0</version>
-      <date>2025-04-25</date>
-      <subject>Incorporate NIAP Technical Decisions, Update to CC:2022</subject>
+      <version>1.0</version>
+      <date>2019-08-23</date>
+      <subject>Update release</subject>
     </entry>
+    
     <entry>
       <version>1.1</version>
       <date>2022-11-17</date>
       <subject>Updates to reflect GitHub conversion, compatibility with CPP_ND_V2.2E, and Technical Decisions applied to version 1.0</subject>
     </entry>
-  </RevisionHistory>
-  <RevisionHistory>
+    
     <entry>
-      <version>1.0</version>
-      <date>2019-08-23</date>
-      <subject>Update release</subject>
-    </entry>
+      <version>2.0</version>
+      <date>2025-04-25</date>
+      <subject>Incorporate NIAP Technical Decisions, Update to CC:2022</subject>
+    </entry>    
   </RevisionHistory>
+  
 
   <include-pkg id="pkgX509">
     <git>
@@ -51,7 +52,7 @@
   <include-pkg id="pkgTLS">
     <git>
       <url>https://github.com/commoncriteria/tls</url>
-      <branch>release-2.0</branch>
+      <branch>release-2.1</branch>
     </git>
     <url>https://www.niap-ccevs.org/protectionprofiles/465</url>
   </include-pkg>
@@ -322,10 +323,10 @@
       <cc-pp-conf/>
       <cc-pp-config-with>
         <PP-cc-ref>Network Device collaborative Protection Profile Version 4.0</PP-cc-ref>
-        <Mod-cc-ref>collaborative PP-Module for Stateful Traffic Filter Firewalls, v1.4 + Errata, 20200625</Mod-cc-ref>
+        <Mod-cc-ref>collaborative PP-Module for Stateful Traffic Filter Firewalls, v2.0</Mod-cc-ref>
       </cc-pp-config-with>
       <cc-pkg-claim>
-        <FP-cc-ref conf="conformant">Functional Package for TLS, version 2.0</FP-cc-ref>
+        <FP-cc-ref conf="conformant">Functional Package for TLS, version 2.1</FP-cc-ref>
         <FP-cc-ref conf="conformant">Functional Package for X.509, version 1.0</FP-cc-ref>
       </cc-pkg-claim>
     </CClaimsInfo>
@@ -1032,15 +1033,17 @@ expected to enforce.<h:p/>
           </base-sfr-spec>
           <base-sfr-spec cc-id="fcs_tlsc_ext.1" id="nd-mod-fcs-tlsc-ext-1" title="TLS Client Protocol without Mutual Authentication">
             <consistency-rationale>Other than defining an additional selection-based trigger, there is no modification to this SFR.</consistency-rationale>
-            <description>This PP-Module does not modify this SFR as it is defined in the <h:a href="https://www.niap-ccevs.org/protectionprofiles/465">Functional Package for TLS, version 2.0</h:a>. This SFR is selection-based in the Functional Package for its potential use in trusted communications.
+            <description>This PP-Module does not modify this SFR as it is defined in the <h:a
+              href="https://www.niap-ccevs.org/protectionprofiles/465">Functional Package for TLS, version 2.1</h:a>. This SFR is selection-based in the Functional Package for its potential use in trusted communications.
               This PP-Module also defines EST as a supported method of obtaining certificates for the TOE, which may use TLS. 
               This SFR can therefore also be triggered if the TOE claims FIA_ESTC_EXT.1 and selects a mechanism that makes use of FCS_TLSC_EXT.1.</description>
              
               <no-change/>
           </base-sfr-spec>
           <base-sfr-spec cc-id="fcs_tlsc_ext.2" title="TLS Client Support for Mutual Authentication" id="nd-mod-fcs-tlsc-ext-2">
             <consistency-rationale>Other than being defined as selection-based, there is no modification to this SFR.</consistency-rationale>
-            <description>This PP-Module does not modify this SFR as it is defined in the <h:a href="https://www.niap-ccevs.org/protectionprofiles/465">Functional Package for TLS, version 2.0</h:a>. This SFR is selection-based in the Functional Package for its potential use in trusted communications.
+            <description>This PP-Module does not modify this SFR as it is defined in the <h:a
+              href="https://www.niap-ccevs.org/protectionprofiles/465">Functional Package for TLS, version 2.1</h:a>. This SFR is selection-based in the Functional Package for its potential use in trusted communications.
               This PP-Module also defines EST as a supported method of obtaining certificates, which may use mutually-authenticated TLS. 
               This SFR can therefore also be triggered if the TOE claims FIA_ESTC_EXT.1, dependent on selection in FIA_ESTC_EXT.1.4. </description>
               <no-change/>
@@ -1076,8 +1079,10 @@ expected to enforce.<h:p/>
             <description>
               <h:p>This SFR has been modified from its definition in the Base-PP to mandate the use of TLS. Other protocol options may be selected without restriction. Any element that is not present in this section is unchanged from its definition in the Base-PP.</h:p>
               <h:p>The text of the specified elements is replaced with:</h:p>
-              <h:p><h:b>FTP_ITC.1.1: </h:b>The TSF shall be capable of using <h:b>TLS as defined in the <h:a href="https://www.niap-ccevs.org/protectionprofiles/465">Functional Package for TLS, version 2.0</h:a></h:b> and [<h:b>selection: </h:b><h:i>IPsec, 
-                SSH <h:b>as defined in the <h:a href="https://www.niap-ccevs.org/protectionprofiles/515">Functional Package for SSH, version 2.0</h:a></h:b>, DTLS <h:b>as defined in the <h:a href="https://www.niap-ccevs.org/protectionprofiles/465">Functional Package for TLS, version 2.0</h:a></h:b>, HTTPS, <h:b>no other protocols</h:b></h:i>] 
+              <h:p><h:b>FTP_ITC.1.1: </h:b>The TSF shall be capable of using <h:b>TLS as defined in
+                the <h:a href="https://www.niap-ccevs.org/protectionprofiles/465">Functional Package for TLS, version 2.1</h:a></h:b> and [<h:b>selection: </h:b><h:i>IPsec, 
+                SSH <h:b>as defined in the <h:a
+                  href="https://www.niap-ccevs.org/protectionprofiles/515">Functional Package for SSH, version 2.0</h:a></h:b>, DTLS <h:b>as defined in the <h:a href="https://www.niap-ccevs.org/protectionprofiles/465">Functional Package for TLS, version 2.1</h:a></h:b>, HTTPS, <h:b>no other protocols</h:b></h:i>] 
                 to provide a trusted communication channel between itself and authorized IT entities supporting the following capabilities: audit server, <h:b>TLS session proxying, </h:b>[<h:b>selection: </h:b><h:i>authentication server, <h:b>Enrollment over Secure Transport, </h:b>[<h:b>assignment: </h:b>other capabilities], no other capabilities</h:i>] 
                 that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from modification and disclosure.</h:p>
               <h:p><h:b>Application Note: </h:b>This SFR is modified from its definition in the Base-PP by specifying that a conformant TOE will always implement TLS trusted channels at minimum, due
@@ -1535,7 +1540,7 @@ expected to enforce.<h:p/>
                     For i=0..31, the evaluator shall verify the encrypt functionality by using Key1{i}=Key2{i}=Key3{i} equal to
                     the round i key in table A.3 of NIST SP800-20, and IV=0x0000000000000000 to encrypt plaintext =
                     0x0000000000000000, and verifying that the resulting ciphertext c4{i} matches the known result for round
-                    I indicated in table A.3 of NSIT SP800-20.
+                    I indicated in table A.3 of NIST SP800-20.
                     <h:p/>
                     For i=0..31, the evaluator shall verify the decrypt functionality by using Key1{i}=Key2{i}=Key3{i} equal to
                     the round I key in table A.3 of NIST SP800-20, and IV=0x0000000000000000 to decrypt ciphertext c4{i}
@@ -1546,7 +1551,7 @@ expected to enforce.<h:p/>
                     For i=0..18, the evaluator shall verify the encrypt functionality by using Key1{i}=Key2{i}=Key3{i} equal to
                     the round i key in table A.4 of NIST SP800-20, and IV=0x0000000000000000 to encrypt the round i
                     plaintext, p4{i} in table A.4 of NIST SP300-20, and verifying that the resulting ciphertext c4{i} matches the
-                    known result for round i indicated in table A.4 of NSIT SP800-20.
+                    known result for round i indicated in table A.4 of NIST SP800-20.
                     <h:p/>
                     For i=0..18, the evaluator shall verify the decrypt functionality by using Key1{i}=Key2{i}=Key3{i} equal to
                     the round i key in table A.4 of NIST SP800-20, and IV=0x0000000000000000 to decrypt ciphertext =c4{i}
@@ -4747,7 +4752,7 @@ legacy cipher suites. -->
             specify minimum required functionality for X.509 authentication based on its use in STIP. The PP-Module
             also refines the authorized roles that can perform the related management function.</consistency-rationale>
             <description><comment>This component will ostensibly be moved to the definitions present in the X.509 FP. However, we currently do not have a way to accurately model its status in this PP-Module. 
-              In this case, there is an assignment that will need to be filled in in one of the open-ended assignment fields present in the X.509 FP, but there is 
+              In this case, there is an assignment that will need to be filled in one of the open-ended assignment fields present in the X.509 FP, but there is 
               no way to provide guidance on what selections/assignments must be made in the FP from the PP-Module. There is also no way to provide guidance on what selections must be made in the Base-PP in order to 
               make the X.509 FP applicable to the product.
             </comment></description>
