diff --git a/.github/workflows/quick_build.yml b/.github/workflows/quick_build.yml
new file mode 100644
index 0000000..7d51bfe
--- /dev/null
+++ b/.github/workflows/quick_build.yml
@@ -0,0 +1,301 @@
+name: QuickBuild v4.6 20251010
+
+on:
+ push:
+ branches:
+ - '*'
+ - '!gh-pages'
+ workflow_dispatch:
+ inputs:
+ environment:
+ type: string
+ default: DEV
+ required: true
+
+jobs:
+ test:
+ runs-on: ubuntu-latest
+ name: Quick Build
+ steps:
+ - name: Checkout project and transforms
+ uses: actions/checkout@v3
+ with:
+ submodules: true
+
+ - name: Install Build Packages
+# run: "sudo apt-get update && sudo apt-get install -y xsltproc hunspell pandoc"
+ run: "sudo apt-get update && sudo apt-get install -y hunspell python3-lxml xsltproc"
+
+ - name: Install Jing
+ run: wget -O - https://github.com/relaxng/jing-trang/releases/download/V20181222/jing-20181222.zip | jar -x
+
+ - name: Set branch name
+ run: echo "action_branch=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
+
+ - name: Set base URL
+ run: echo "action_projname=${PWD##*/}" >> $GITHUB_ENV
+
+ - name: Quick Build
+ run: WARN_PATH="output/SanityChecksOutput.md" make
+
+ - name: Build PP-Modules
+ run: |
+ for moddir in Modules/*/; do
+ if ls ${moddir}input/*.xml 1>/dev/null 2>&1; then
+ echo "Building module in ${moddir}..."
+ cd ${moddir}
+ WARN_PATH="output/SanityChecksOutput.md" make || true
+ cd $GITHUB_WORKSPACE
+ else
+ echo "No XML input in ${moddir}, skipping."
+ fi
+ done
+
+
+ - name: Branch Test
+ run: |
+ branchname=$(echo ${GITHUB_REF#refs/heads/})
+ if [[ $branchname =~ [0-9] ]]; then
+ echo "action_is_release=YES" >> $GITHUB_ENV
+ else
+ echo "action_is_release=NO" >> $GITHUB_ENV
+ fi
+
+ # PDFify
+ - name: PDFify
+ if: ${{ env.action_is_release == 'YES' }}
+ run: |
+ sudo apt install -y chromium
+ cd output
+ for aa in *.html; do
+ chromium --no-sandbox --headless --disable-gpu --no-pdf-header-footer --timeout=10000 \
+ --print-to-pdf=${aa}.pdf \
+ file://${PWD}/${aa}
+ done
+
+ - id: validate
+ run: |
+ RNG_OUT="output/ValidationReport.txt" make validate || true
+
+ - name: Set valerrors
+ run: echo "action_valerrors=$(wc -l output/ValidationReport.txt | { read first rest ; echo $first ; } )" >> $GITHUB_ENV
+
+ - id: spellcheck
+ run: |
+ SPELL_OUT="output/SpellCheckReport.txt" make spellcheck
+
+ - name: Set spellerrors
+ run: echo "action_spellerrors=$(wc -l output/SpellCheckReport.txt | { read first rest ; echo $first ; } )" >> $GITHUB_ENV
+
+ - name: Get Transforms Date
+# run: echo "action_tdate=2002222" >> $GITHUB_ENV
+ run: echo "action_tdate=$(cd transforms && git log -1 --format=%cs; cd ->/dev/null)" >> $GITHUB_ENV
+
+ - name: Get DaisyDiff
+ run: |
+ wget -O- https://github.com/AndroidKitKat/ExecuteDaisy/archive/master.zip | jar -x
+ [ -d "output/images" ] || mkdir "output/images";
+ cp -u -r ExecuteDaisy-master/js ExecuteDaisy-master/css output;
+ cp -u ExecuteDaisy-master/images/* output/images;
+
+
+ - name: Make tmp dir
+ run: mkdir tmp
+
+ - name: diff
+ run: TMP=tmp make diff || true;
+ # Little diff depends on having a git history.
+ # The current checkout has depth=1 and has no history
+ #- name: little diff
+ # run: make little-diff || true
+
+ - name: Outstanding TDs
+ id: tds
+ run: |
+ if [ "${{steps.extract_branch.outputs.branch}}" == "master" ] &&
+ ls input/tds/*.xml ; then
+ echo "Master branch should not have TDs" >> output/TDValidationReport.txt
+ fi
+ # make effective
+ # PP_XML=output/effective.xml RNG_OUT=output/TDValidationReport.txt make validate || true
+ # IF STATEMENT HERE
+ # PP_XML=output/effective.xml PP_RELEASE_HTML=output/AppliedTDs.html make release
+ # java -jar ExecuteDaisy-master/*.jar output/*-release.html output/AppliedTDs.html --file=output/AppliedTDs-Diff.html
+
+ - name: Set TD badge attributes
+ run: |
+ NUM=$(ls input/tds/*.xml | wc -l)
+ if [ $NUM == 0 ]; then
+ echo "action_tdcolor=gray" >> $GITHUB_ENV
+ echo "action_tdwarns=N/A" >> $GITHUB_ENV
+ echo "GOING THROUGH HERE $NUM"
+ else
+ echo "action_tdcolor=$(if [ -s output/TDValidationReport.txt ]; then echo orange; else echo green; fi)" >> $GITHUB_ENV
+ echo "action_tdwarns=$NUM:$(wc -l output/TDValidationReport.txt | { read first rest ; echo $first;})" >> $GITHUB_ENV
+ echo "THERE ARE TDs $NUM"
+
+ fi
+ # Not sure what the point of this is
+ - name: Validate Effective
+ run: |
+ echo "action_effvalcolor=$(if [ -s output/TDValidationReport.txt ]; then echo orange; else echo green; fi)" >> $GITHUB_ENV
+ echo "action_effvalwarns=$(wc -l output/TDValidationReport.txt | { read first rest ; echo $first;} )" >> $GITHUB_ENV
+
+
+ - name: Prepare environment
+ run: |
+ # Generates a GitHub Workflow output named `lines` with a coverage value
+ echo "action_spellcolor=$(if [ 0 = ${{ env.action_spellerrors }} ]; then echo green; else echo red; fi)" >> $GITHUB_ENV
+ echo "action_valcolor=$(if [ 0 = ${{ env.action_valerrors }} ]; then echo green; else echo red; fi)" >> $GITHUB_ENV
+ echo "action_sanitystatus=$(if [ -s output/SanityChecksOutput.md ]; then echo some; else echo none; fi)" >> $GITHUB_ENV
+ echo "action_sanitycolor=$(if [ -s output/SanityChecksOutput.md ]; then echo red; else echo green; fi )" >> $GITHUB_ENV
+
+
+
+ - name: Generate the spelling badge SVG image
+ uses: emibcn/badge-action@v2.0.2
+ with:
+ label: 'Misspellings'
+ status: ${{ env.action_spellerrors }}
+ color: ${{ env.action_spellcolor }}
+ path: output/spell-badge.svg
+
+
+
+ - name: Generate the validation badge SVG image
+ uses: emibcn/badge-action@v2.0.2
+ with:
+ label: 'Validation'
+ status: ${{ env.action_valerrors }}
+ color: ${{ env.action_valcolor }}
+ path: output/validation.svg
+
+
+ - name: Generate the warnings badge
+ uses: emibcn/badge-action@v2.0.2
+ with:
+ label: 'Warnings'
+ status: ${{ env.action_sanitystatus }}
+ color: ${{ env.action_sanitycolor }}
+ path: output/warnings.svg
+
+
+ - name: Generate the transforms badge
+ uses: emibcn/badge-action@v2.0.2
+ with:
+ label: 'Transforms'
+ status: ${{ env.action_tdate }}
+ color: gray
+ path: output/transforms.svg
+
+ - name: TD Badge
+ uses: emibcn/badge-action@v2.0.2
+ with:
+ label: 'TDs'
+ status: ${{ env.action_tdwarns }}
+ color: ${{ env.action_tdcolor }}
+ path: output/tds.svg
+
+ - name: Make Dashboard Snippet
+ run: |
+ rurl="https://raw.githubusercontent.com/appswcpp/${{env.action_projname}}/gh-pages/${{env.action_branch}}"
+ surl="https://appswcpp.github.io/${{env.action_projname}}/${{env.action_branch}}"
+ gurl="https://github.com/appswcpp/${{env.action_projname}}/blob/gh-pages/${{env.action_branch}}"
+ (
+ echo '[cols="1,1,1,1,1,1,1,1"]'
+ echo '|==='
+ echo "8+|${{ env.action_projname }} "
+ echo "| https://github.com/appswcpp/${{env.action_projname}}/tree/${{env.action_branch}}[${{ env.action_branch }}] "
+ echo "a| $surl/${{env.action_projname}}-release.html[๐]"
+ echo "a|[link=$gurl/ValidationReport.txt]"
+ echo "image::$rurl/validation.svg[Validation]"
+ echo "a|[link=$gurl/SanityChecksOutput.md]"
+ echo "image::$rurl/warnings.svg[SanityChecks]"
+ echo "a|[link=$gurl/SpellCheckReport.txt]"
+ echo "image::$rurl/spell-badge.svg[SpellCheck]"
+ echo "a|[link=$gurl/TDValidationReport.txt]"
+ echo "image::$rurl/tds.svg[TDs]"
+ echo "a|image::$rurl/transforms.svg[transforms,150]"
+ echo "a| [link=$gurl/HTMLs.adoc]"
+ echo "image::$rurl/html_count.svg[HTML Count]"
+ echo "[link=$gurl/PDFs.adoc]"
+ echo "image::$rurl/pdf_count.svg[PDF Count]"
+ echo '|==='
+ ) > output/Minidash.adoc
+
+
+ - name: HTML List
+ run: |
+ surl="https://appswcpp.github.io/${{env.action_projname}}/${{env.action_branch}}"
+ ( for aa in output/*.html ; do
+ echo "* $surl/${aa#*/}[${aa#*/}]"
+ done ) > output/HTMLs.adoc
+ HTML_COUNT=$(wc -l < output/HTMLs.adoc)
+ echo "action_html_count=$HTML_COUNT" >> $GITHUB_ENV
+
+ - name: PDF List
+ run: |
+ surl="https://appswcpp.github.io/${{env.action_projname}}/${{env.action_branch}}"
+ cd output
+ (for aa in $(find . -name '*.pdf') ; do
+ echo "* $surl/${aa#*/}[${aa#*/}]"
+ done ) > PDFs.adoc
+ PDF_COUNT=$(wc -l < PDFs.adoc)
+ echo "action_pdf_count=$PDF_COUNT" >> $GITHUB_ENV
+
+
+ - name: HTML Badge
+ uses: emibcn/badge-action@v2.0.2
+ with:
+ label: 'HTMLs'
+ status: ${{ env.action_html_count }}
+ color: gray
+ path: output/html_count.svg
+
+ - name: PDF Badge
+ uses: emibcn/badge-action@v2.0.2
+ with:
+ label: 'PDFs'
+ status: ${{ env.action_pdf_count }}
+ color: gray
+ path: output/pdf_count.svg
+
+
+ - name: Prepare checkout
+ run: |
+ mkdir gh-pages
+
+ - uses: actions/checkout@v3
+ with:
+ ref: gh-pages
+ path: gh-pages
+
+
+ - name: Move output to branch
+ run: |
+ rm -rf gh-pages/${{ env.action_branch }}
+ mv output gh-pages/${{ env.action_branch }}
+ for moddir in Modules/*/; do
+ modname=$(basename ${moddir})
+ if [ -d "${moddir}output" ]; then
+ mkdir -p gh-pages/${{ env.action_branch }}/Modules/${modname}
+ cp -r ${moddir}output/* gh-pages/${{ env.action_branch }}/Modules/${modname}/ 2>/dev/null || true
+ fi
+ done
+
+ - name: Make listing
+ run: |
+ cd gh-pages
+ (echo "Listing";
+ date;
+ echo "
";
+ for aa in $(find . -name '*.*'); do
+ echo "- $aa
";
+ done;
+ echo "
") > index.html
+
+ - name: Deploy ๐
+ uses: JamesIves/github-pages-deploy-action@v4
+ with:
+ branch: gh-pages # The branch the action should deploy to.
+ folder: gh-pages # The folder the action should deploy.
diff --git a/.github/workflows/quick_build_pdf.yml b/.github/workflows/quick_build_pdf.yml
new file mode 100644
index 0000000..0d3b76c
--- /dev/null
+++ b/.github/workflows/quick_build_pdf.yml
@@ -0,0 +1,277 @@
+name: QuickBuild v4.6pdf 20251010
+# Run only on demand to do quick build with both pdf and html output
+
+on:
+ workflow_dispatch:
+ inputs:
+ environment:
+ type: string
+ default: DEV
+ required: true
+
+jobs:
+ test:
+ runs-on: ubuntu-latest
+ name: Quick Build
+ steps:
+ - name: Checkout project and transforms
+ uses: actions/checkout@v3
+ with:
+ submodules: true
+
+ - name: Install Build Packages
+# run: "sudo apt-get update && sudo apt-get install -y xsltproc hunspell pandoc"
+ run: "sudo apt-get update && sudo apt-get install -y hunspell python3-lxml xsltproc"
+
+ - name: Install Jing
+ run: wget -O - https://github.com/relaxng/jing-trang/releases/download/V20181222/jing-20181222.zip | jar -x
+
+ - name: Set branch name
+ run: echo "action_branch=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
+
+ - name: Set base URL
+ run: echo "action_projname=${PWD##*/}" >> $GITHUB_ENV
+
+ - name: Quick Build
+ run: WARN_PATH="output/SanityChecksOutput.md" make
+
+
+ - name: Branch Test
+ run: |
+ branchname=$(echo ${GITHUB_REF#refs/heads/})
+ if [[ $branchname =~ [0-9] ]]; then
+ echo "action_is_release=YES" >> $GITHUB_ENV
+ else
+ echo "action_is_release=NO" >> $GITHUB_ENV
+ fi
+
+ # PDFify
+ - name: PDFify
+ run: |
+ sudo apt install -y chromium
+ cd output
+ for aa in *.html; do
+ chromium --no-sandbox --headless --disable-gpu --no-pdf-header-footer --timeout=10000 \
+ --print-to-pdf=${aa}.pdf \
+ file://${PWD}/${aa}
+ done
+
+ - id: validate
+ run: |
+ RNG_OUT="output/ValidationReport.txt" make validate || true
+
+ - name: Set valerrors
+ run: echo "action_valerrors=$(wc -l output/ValidationReport.txt | { read first rest ; echo $first ; } )" >> $GITHUB_ENV
+
+ - id: spellcheck
+ run: |
+ SPELL_OUT="output/SpellCheckReport.txt" make spellcheck
+
+ - name: Set spellerrors
+ run: echo "action_spellerrors=$(wc -l output/SpellCheckReport.txt | { read first rest ; echo $first ; } )" >> $GITHUB_ENV
+
+ - name: Get Transforms Date
+# run: echo "action_tdate=2002222" >> $GITHUB_ENV
+ run: echo "action_tdate=$(cd transforms && git log -1 --format=%cs; cd ->/dev/null)" >> $GITHUB_ENV
+
+# - name: Get DaisyDiff
+# run: |
+# wget -O- https://github.com/AndroidKitKat/ExecuteDaisy/archive/master.zip | jar -x
+# [ -d "output/images" ] || mkdir "output/images";
+# cp -u -r ExecuteDaisy-master/js ExecuteDaisy-master/css output;
+# cp -u ExecuteDaisy-master/images/* output/images;
+
+
+ - name: Make tmp dir
+ run: mkdir tmp
+
+# - name: diff
+# run: TMP=tmp make diff || true;
+ # Little diff depends on having a git history.
+ # The current checkout has depth=1 and has no history
+ #- name: little diff
+ # run: make little-diff || true
+
+ - name: Outstanding TDs
+ id: tds
+ run: |
+ if [ "${{steps.extract_branch.outputs.branch}}" == "master" ] &&
+ ls input/tds/*.xml ; then
+ echo "Master branch should not have TDs" >> output/TDValidationReport.txt
+ fi
+ # make effective
+ # PP_XML=output/effective.xml RNG_OUT=output/TDValidationReport.txt make validate || true
+ # IF STATEMENT HERE
+ # PP_XML=output/effective.xml PP_RELEASE_HTML=output/AppliedTDs.html make release
+ # java -jar ExecuteDaisy-master/*.jar output/*-release.html output/AppliedTDs.html --file=output/AppliedTDs-Diff.html
+
+ - name: Set TD badge attributes
+ run: |
+ NUM=$(ls input/tds/*.xml | wc -l)
+ if [ $NUM == 0 ]; then
+ echo "action_tdcolor=gray" >> $GITHUB_ENV
+ echo "action_tdwarns=N/A" >> $GITHUB_ENV
+ echo "GOING THROUGH HERE $NUM"
+ else
+ echo "action_tdcolor=$(if [ -s output/TDValidationReport.txt ]; then echo orange; else echo green; fi)" >> $GITHUB_ENV
+ echo "action_tdwarns=$NUM:$(wc -l output/TDValidationReport.txt | { read first rest ; echo $first;})" >> $GITHUB_ENV
+ echo "THERE ARE TDs $NUM"
+
+ fi
+ # Not sure what the point of this is
+ - name: Validate Effective
+ run: |
+ echo "action_effvalcolor=$(if [ -s output/TDValidationReport.txt ]; then echo orange; else echo green; fi)" >> $GITHUB_ENV
+ echo "action_effvalwarns=$(wc -l output/TDValidationReport.txt | { read first rest ; echo $first;} )" >> $GITHUB_ENV
+
+
+ - name: Prepare environment
+ run: |
+ # Generates a GitHub Workflow output named `lines` with a coverage value
+ echo "action_spellcolor=$(if [ 0 = ${{ env.action_spellerrors }} ]; then echo green; else echo red; fi)" >> $GITHUB_ENV
+ echo "action_valcolor=$(if [ 0 = ${{ env.action_valerrors }} ]; then echo green; else echo red; fi)" >> $GITHUB_ENV
+ echo "action_sanitystatus=$(if [ -s output/SanityChecksOutput.md ]; then echo some; else echo none; fi)" >> $GITHUB_ENV
+ echo "action_sanitycolor=$(if [ -s output/SanityChecksOutput.md ]; then echo red; else echo green; fi )" >> $GITHUB_ENV
+
+
+
+ - name: Generate the spelling badge SVG image
+ uses: emibcn/badge-action@v2.0.2
+ with:
+ label: 'Misspellings'
+ status: ${{ env.action_spellerrors }}
+ color: ${{ env.action_spellcolor }}
+ path: output/spell-badge.svg
+
+
+
+ - name: Generate the validation badge SVG image
+ uses: emibcn/badge-action@v2.0.2
+ with:
+ label: 'Validation'
+ status: ${{ env.action_valerrors }}
+ color: ${{ env.action_valcolor }}
+ path: output/validation.svg
+
+
+ - name: Generate the warnings badge
+ uses: emibcn/badge-action@v2.0.2
+ with:
+ label: 'Warnings'
+ status: ${{ env.action_sanitystatus }}
+ color: ${{ env.action_sanitycolor }}
+ path: output/warnings.svg
+
+
+ - name: Generate the transforms badge
+ uses: emibcn/badge-action@v2.0.2
+ with:
+ label: 'Transforms'
+ status: ${{ env.action_tdate }}
+ color: gray
+ path: output/transforms.svg
+
+ - name: TD Badge
+ uses: emibcn/badge-action@v2.0.2
+ with:
+ label: 'TDs'
+ status: ${{ env.action_tdwarns }}
+ color: ${{ env.action_tdcolor }}
+ path: output/tds.svg
+
+ - name: Make Dashboard Snippet
+ run: |
+ rurl="https://raw.githubusercontent.com/appswcpp/${{env.action_projname}}/gh-pages/${{env.action_branch}}"
+ surl="https://appswcpp.github.io/${{env.action_projname}}/${{env.action_branch}}"
+ gurl="https://github.com/appswcpp/${{env.action_projname}}/blob/gh-pages/${{env.action_branch}}"
+ (
+ echo '[cols="1,1,1,1,1,1,1,1"]'
+ echo '|==='
+ echo "8+|${{ env.action_projname }} "
+ echo "| https://github.com/appswcpp/${{env.action_projname}}/tree/${{env.action_branch}}[${{ env.action_branch }}] "
+ echo "a| $surl/${{env.action_projname}}-release.html[๐]"
+ echo "a|[link=$gurl/ValidationReport.txt]"
+ echo "image::$rurl/validation.svg[Validation]"
+ echo "a|[link=$gurl/SanityChecksOutput.md]"
+ echo "image::$rurl/warnings.svg[SanityChecks]"
+ echo "a|[link=$gurl/SpellCheckReport.txt]"
+ echo "image::$rurl/spell-badge.svg[SpellCheck]"
+ echo "a|[link=$gurl/TDValidationReport.txt]"
+ echo "image::$rurl/tds.svg[TDs]"
+ echo "a|image::$rurl/transforms.svg[transforms,150]"
+ echo "a| [link=$gurl/HTMLs.adoc]"
+ echo "image::$rurl/html_count.svg[HTML Count]"
+ echo "[link=$gurl/PDFs.adoc]"
+ echo "image::$rurl/pdf_count.svg[PDF Count]"
+ echo '|==='
+ ) > output/Minidash.adoc
+
+
+ - name: HTML List
+ run: |
+ surl="https://appswcpp.github.io/${{env.action_projname}}/${{env.action_branch}}"
+ ( for aa in output/*.html ; do
+ echo "* $surl/${aa#*/}[${aa#*/}]"
+ done ) > output/HTMLs.adoc
+ HTML_COUNT=$(wc -l < output/HTMLs.adoc)
+ echo "action_html_count=$HTML_COUNT" >> $GITHUB_ENV
+
+ - name: PDF List
+ run: |
+ surl="https://appswcpp.github.io/${{env.action_projname}}/${{env.action_branch}}"
+ cd output
+ (for aa in $(find . -name '*.pdf') ; do
+ echo "* $surl/${aa#*/}[${aa#*/}]"
+ done ) > PDFs.adoc
+ PDF_COUNT=$(wc -l < PDFs.adoc)
+ echo "action_pdf_count=$PDF_COUNT" >> $GITHUB_ENV
+
+
+ - name: HTML Badge
+ uses: emibcn/badge-action@v2.0.2
+ with:
+ label: 'HTMLs'
+ status: ${{ env.action_html_count }}
+ color: gray
+ path: output/html_count.svg
+
+ - name: PDF Badge
+ uses: emibcn/badge-action@v2.0.2
+ with:
+ label: 'PDFs'
+ status: ${{ env.action_pdf_count }}
+ color: gray
+ path: output/pdf_count.svg
+
+
+ - name: Prepare checkout
+ run: |
+ mkdir gh-pages
+
+ - uses: actions/checkout@v3
+ with:
+ ref: gh-pages
+ path: gh-pages
+
+
+ - name: Move output to branch
+ run: |
+ rm -rf gh-pages/${{ env.action_branch }}
+ mv output gh-pages/${{ env.action_branch }}
+
+ - name: Make listing
+ run: |
+ cd gh-pages
+ (echo "Listing";
+ date;
+ echo "
";
+ for aa in $(find . -name '*.*'); do
+ echo "- $aa
";
+ done;
+ echo "
") > index.html
+
+ - name: Deploy ๐
+ uses: JamesIves/github-pages-deploy-action@v4
+ with:
+ branch: gh-pages # The branch the action should deploy to.
+ folder: gh-pages # The folder the action should deploy.
diff --git a/cPP/v2/.github/workflows/validate.yml b/.github/workflows/validate.yml
similarity index 100%
rename from cPP/v2/.github/workflows/validate.yml
rename to .github/workflows/validate.yml
diff --git a/.gitignore b/.gitignore
index 9bea433..002872c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,15 @@
-
+output/*.*
+output/css
+output/js
+*~
+input/*.html
+input/schemas.xml
+*.rnc
+tmp
+LocalUser.make
+output/images/diff-*.gif
.DS_Store
+.venv-build/pyvenv.cfg
+.venv-build/bin/python3.12
+.venv-build/bin/python3
+.venv-build/bin/python
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..c6fee0c
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "transforms"]
+ path = transforms
+ url = https://github.com/commoncriteria/transforms.git
diff --git a/AppIT/AppIT_Process.adoc b/Archive/AppIT/AppIT_Process.adoc
similarity index 100%
rename from AppIT/AppIT_Process.adoc
rename to Archive/AppIT/AppIT_Process.adoc
diff --git a/AppIT/images/AppIT1.jpeg b/Archive/AppIT/images/AppIT1.jpeg
similarity index 100%
rename from AppIT/images/AppIT1.jpeg
rename to Archive/AppIT/images/AppIT1.jpeg
diff --git a/Archive/LICENSE b/Archive/LICENSE
new file mode 100644
index 0000000..6fc560f
--- /dev/null
+++ b/Archive/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 itc-wgtools
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/Modules/Agent/.asciidoctor/diagram/FCO_CPC_EXT.png.cache b/Archive/Modules/Agent/.asciidoctor/diagram/FCO_CPC_EXT.png.cache
similarity index 100%
rename from Modules/Agent/.asciidoctor/diagram/FCO_CPC_EXT.png.cache
rename to Archive/Modules/Agent/.asciidoctor/diagram/FCO_CPC_EXT.png.cache
diff --git a/Modules/Agent/SD-MOD-Agent.adoc b/Archive/Modules/Agent/SD-MOD-Agent.adoc
similarity index 100%
rename from Modules/Agent/SD-MOD-Agent.adoc
rename to Archive/Modules/Agent/SD-MOD-Agent.adoc
diff --git a/Archive/Modules/Agent/appSW_PP_Config_ServerAgent.adoc b/Archive/Modules/Agent/appSW_PP_Config_ServerAgent.adoc
new file mode 100644
index 0000000..55f9f9f
--- /dev/null
+++ b/Archive/Modules/Agent/appSW_PP_Config_ServerAgent.adoc
@@ -0,0 +1,342 @@
+= PP-Configuration for Enterprise Server Applications and Agent/Application Component(s)
+:showtitle:
+:toc:
+:table-caption: Table
+:icons: font
+:revnumber: 1.0e
+:revdate: 2024-02-15
+
+:iTC-longname: iTC for Application Software
+:iTC-shortname: AppSW-iTC
+:iTC-email: cm-itc-mailing-list@gmail.com
+:iTC-website: https://appswcpp.github.io/
+:iTC-GitHub: https://github.com/appswcpp/repository/
+
+:sectnums!:
+== Acknowledgements
+
+This PP-Configuration was developed by the {iTC-longname} international Technical Community (iTC) also known as {iTC-shortname} with representatives from Industry, Government agencies, Common Criteria Test Laboratories, and members of academia.
+
+=== Revision History
+
+.Revision history
+[%header,cols="1,2,4"]
+|===
+|Version
+|Date
+|Description
+
+|1.0
+|2022-04-06
+|Initial Release
+
+|1.0e
+|2024-02-15
+|Incorporated feedback received following initial release.
+
+
+|===
+
+:sectnums:
+== Introduction
+
+=== PP-Configuration Overview
+The purpose of a PP-Configuration is to combine Protection Profiles (PPs) and PP-Modules for various technology types into a single configuration that can be evaluated as a whole.
+
+This PP-Configuration is for enterprise server applications and their agent or application component(s). It provides the enforceable PP-Configuration path for distributed application software, including server-agent deployments, clustered server deployments, and microservices architectures composed of multiple application payload components.
+
+=== PP-Configuration Reference
+
+This PP-Configuration is identified as follows:
+
+* PP-Configuration for Enterprise Server Applications and Agent/Application Component(s), Version {revnumber}, {revdate}
+* As a shorthand reference, it can be identified as "CFG_APP-Server-Agent_V{revnumber}""
+
+=== PP-Configuration Components
+
+This PP-Configuration includes the following components:
+
+.PP-Configuration Components
+[cols="1,3"]
+|===
+|[base PP]
+|cPP_APP_SW_V1.1
+
+|[PP-Module 1]
+|MOD_Server_v1.1
+
+|[PP-Module 2]
+|MOD_Agent_v1.1
+
+|===
+
+=== Distributed and Microservices TOE Architectures
+For this PP-Configuration, a distributed TOE consists of multiple separately deployed application components that collectively provide the TOE security functionality. Each TOE component shall be identified in the ST and mapped to the base PP, Server Module, Agent Module, or a combination of those components, as applicable.
+
+For containerized or microservices TOEs, the TOE consists of the application payload components identified in the ST. The container orchestration platform, container runtime, operating system, service mesh infrastructure, ingress infrastructure, cluster networking, and platform-provided secret or configuration stores are part of the operational environment unless explicitly included in the TOE boundary.
+
+The ST shall provide an SFR allocation rationale that identifies whether each claimed requirement is satisfied by all TOE components, by applicable TOE components that perform the relevant function, by at least one TOE component, by the TOE as a whole, or by an allowed operational environment dependency. The ST shall describe all inter-component TOE communications and identify the mechanisms used to authorize and protect those communications.
+
+==== SFR Allocation for Distributed TOEs
+For a distributed TOE, the SFRs are satisfied by the TOE as a whole; however, not every SFR is necessarily implemented by every TOE component. The ST author shall use the following allocation categories to identify how each SFR is satisfied by the distributed TOE.
+
+All Components::
+Every TOE component shall independently satisfy the requirement.
+
+Applicable Components::
+Every TOE component that performs the relevant function shall satisfy the requirement. The ST shall identify the components to which the requirement applies and justify why the requirement does not apply to other TOE components.
+
+At Least One Component::
+At least one TOE component shall satisfy the requirement on behalf of the TOE. The ST shall identify the component or components that satisfy the requirement and describe how this satisfies the TOE-level claim.
+
+TOE as a Whole::
+The requirement is satisfied by the collective behavior of the TOE components. The ST shall describe the TOE-level behavior and identify any component responsibilities necessary to satisfy the claim.
+
+Operational Environment Dependency::
+The TOE relies on the operational environment for the function, where allowed by the base cPP or PP-Module. The ST shall identify the environmental dependency and the guidance shall describe the required environmental configuration.
+
+The following table defines the expected allocation for the base cPP SFRs in a distributed TOE.
+
+.Base cPP SFR Allocation for Distributed TOEs
+[cols="2,2,4",options="header"]
+|===
+|SFR
+|Allocation
+|Distributed TOE guidance
+
+|FCS_CKM.1/AK
+|Applicable Components
+|Applies to each TOE component that invokes or implements asymmetric key generation.
+
+|FCS_CKM.1/SK
+|Applicable Components
+|Applies to each TOE component that generates symmetric keys.
+
+|FCS_CKM.2
+|Applicable Components
+|Applies to each TOE component that performs key establishment.
+
+|FCS_CKM_EXT.1
+|Applicable Components
+|Applies to each TOE component that invokes or implements key generation services.
+
+|FCS_COP.1/Hash
+|Applicable Components
+|Applies to each TOE component that performs hashing for a claimed function.
+
+|FCS_COP.1/KeyedHash
+|Applicable Components
+|Applies to each TOE component that performs keyed-hash functions for a claimed function.
+
+|FCS_COP.1/SigGen
+|Applicable Components
+|Applies to each TOE component that generates digital signatures.
+
+|FCS_COP.1/SigVer
+|Applicable Components
+|Applies to each TOE component that verifies digital signatures, including update verification if performed by that component.
+
+|FCS_COP.1/SKC
+|Applicable Components
+|Applies to each TOE component that performs encryption or decryption.
+
+|FCS_HTTPS_EXT.1
+|Applicable Components
+|Applies to each TOE component that implements HTTPS as a client, server, or server with mutual authentication.
+
+|FCS_HTTPS_EXT.2
+|Applicable Components
+|Applies to each TOE component that implements HTTPS with peer certificate authentication behavior covered by this requirement.
+
+|FCS_PBKDF_EXT.1
+|Applicable Components
+|Applies to each TOE component that performs password conditioning.
+
+|FCS_RBG.1
+|Applicable Components
+|Applies to each TOE component that implements RBG functionality.
+
+|FCS_RBG.2
+|Applicable Components
+|Applies to each TOE component that implements RBG functionality using external seeding.
+
+|FCS_RBG.3
+|Applicable Components
+|Applies to each TOE component that implements RBG functionality using a single internal noise source.
+
+|FCS_RBG.4
+|Applicable Components
+|Applies to each TOE component that implements RBG functionality using multiple internal noise sources.
+
+|FCS_RBG.5
+|Applicable Components
+|Applies to each TOE component that implements RBG functionality using combined noise sources.
+
+|FCS_RBG_EXT.1
+|Applicable Components
+|Applies to each TOE component that invokes platform-provided RBG services, implements RBG functionality, or claims no RBG functionality.
+
+|FCS_SNI_EXT.1
+|Applicable Components
+|Applies to each TOE component that creates or uses salts, nonces, or initialization vectors for claimed cryptographic functions.
+
+|FCS_STO_EXT.1
+|Applicable Components
+|Applies to each TOE component that persistently stores credentials.
+
+|FDP_DAR_EXT.1
+|Applicable Components
+|Applies to each TOE component that stores sensitive application data at rest.
+
+|FDP_DEC_EXT.1
+|All Components
+|Each TOE component shall identify and restrict its access to platform resources and sensitive information repositories as required by the base cPP.
+
+|FDP_NET_EXT.1
+|All Components
+|Each TOE component shall identify and restrict its inbound and outbound network communications.
+
+|FMT_CFG_EXT.1
+|All Components
+|Each TOE component shall satisfy secure-by-default and file-permission requirements for its installed binaries, data, and default credentials.
+
+|FMT_MEC_EXT.1
+|Applicable Components
+|Applies to each TOE component that stores or manages configuration options.
+
+|FMT_SMF.1
+|Applicable Components
+|Applies to each TOE component that provides security management functions. At least one component shall be identified if management functions are claimed for the TOE.
+
+|FPR_ANO_EXT.1
+|Applicable Components
+|Applies to each TOE component that transmits personally identifiable information.
+
+|FPT_AEX_EXT.1
+|All Components
+|Each TOE component shall satisfy the anti-exploitation requirements applicable to its platform and implementation type.
+
+|FPT_API_EXT.1
+|All Components
+|Each TOE component shall use only documented and supported platform APIs.
+
+|FPT_API_EXT.2
+|Applicable Components
+|Applies to each TOE component that parses IANA MIME media types covered by the objective requirement.
+
+|FPT_FLS.1
+|Applicable Components
+|Applies to each TOE component that must preserve a secure state for the selected failure conditions.
+
+|FPT_IDV_EXT.1
+|TOE as a Whole
+|The TOE shall identify software versions. The ST shall identify how each separately versioned TOE component is represented in the TOE version information.
+
+|FPT_LIB_EXT.1
+|All Components
+|Each TOE component shall identify its third-party libraries.
+
+|FPT_TST.1
+|Applicable Components
+|Applies to each TOE component that performs TSF self-tests or integrity verification covered by the requirement.
+
+|FPT_TUD_EXT.1
+|TOE as a Whole
+|The TOE shall provide trusted update support. The ST shall identify how each updateable TOE component is checked, delivered, installed, and versioned.
+
+|FPT_TUD_EXT.2
+|Applicable Components
+|Applies to each TOE component or update package that performs installation or update integrity functions covered by this selection-based requirement.
+
+|FTP_DIT_EXT.1
+|Applicable Components
+|Applies to each TOE component that transmits data or sensitive data to another trusted IT product or invokes platform-provided functionality for that protection. Inter-component TOE communications are addressed by the Server and Agent Module requirements in this PP-Configuration.
+|===
+
+The following table defines the expected allocation for the Server and Agent PP-Module SFRs in a distributed TOE.
+
+.Server and Agent Module SFR Allocation for Distributed TOEs
+[cols="2,2,4",options="header"]
+|===
+|SFR
+|Allocation
+|Distributed TOE guidance
+
+|FMT_MEC_EXT.1/Server
+|Applicable Components
+|Applies to each Server Application component that stores or manages server configuration data.
+
+|FMT_SMF.1/Server
+|Applicable Components
+|Applies to each Server Application component that provides management functions. The ST shall identify which component or components manage inter-component communications, enrollment, or policy.
+
+|FPT_AEX_EXT.2/Server
+|All Server Components
+|Each Server Application component shall be compatible with security features provided by its platform vendor.
+
+|FCO_CPC_EXT.1/Server
+|Applicable Components
+|Applies to each Server Application component that enables, disables, registers, or authorizes communication with another TOE component.
+
+|FIA_X509_EXT.1/ITT/Server
+|Applicable Components
+|Applies to each Server Application component that validates X.509 certificates for inter-TOE-part communication.
+
+|FPT_ITT.1/Server
+|Applicable Components
+|Applies to each Server Application component that transmits TSF data between separate parts of the TOE.
+
+|FCO_CPC_EXT.1/Agent
+|Applicable Components
+|Applies to each Agent Application component that is enabled, disabled, registered, authorized, or otherwise controlled for communication with another TOE component.
+
+|FPT_ITT.1/Agent
+|Applicable Components
+|Applies to each Agent Application component that transmits TSF data between separate parts of the TOE.
+
+|FIA_X509_EXT.1/ITT/Agent
+|Applicable Components
+|Applies to each Agent Application component that validates X.509 certificates for inter-TOE-part communication.
+|===
+
+If an operational environment component, such as a container orchestration platform, container runtime, service mesh infrastructure, ingress infrastructure, cluster networking, or platform-provided secret or configuration store, is relied upon to support a claimed SFR, the ST shall identify the dependency. The evaluator assesses the TOE's use of the dependency and the required configuration guidance, but the environmental component is not included in the TOE boundary unless explicitly claimed.
+
+If a TOE container receives credentials, keys, tokens, certificates, or other secrets from an operational environment mechanism, such as a platform secret store, mounted secret volume, injected environment variable, or external secrets provider, the ST shall identify the mechanism, the TOE components that consume the secrets, the purpose of each secret, and whether the TOE persists, transforms, caches, or re-exports the secret. If the TOE persists or manages the secret after receipt, the applicable base cPP requirements, including FCS_STO_EXT.1, FDP_DAR_EXT.1, FMT_MEC_EXT.1, and related cryptographic requirements, apply to the TOE component performing that function.
+
+== Conformance Claims
+
+=== CC Statement
+
+To be conformant to this PP-Configuration, an ST must demonstrate Exact Conformance, as defined by the CC and CEM addenda for Exact Conformance, Selection-Based SFRs, and Optional SFRs.
+
+=== CC Conformance Claims
+
+This PP-Configuration, and its components specified in section 1.3, are conformant to Parts 2 (extended) and 3 (conformant) of Common Criteria Version 3.1, Release 5 [CC].
+
+== SAR Statement
+
+The set of SARs specified for this PP-Configuration are taken from, and identical to, those specified in the base PP.
+
+=== Related Documents
+
+**Common Criteria**footnote:[For details see http://www.commoncriteriaportal.org/]
+
+.Common Criteria References
+[cols="1,3",]
+|===
+|[#CC1]#[CC1]# |Common Criteria for Information Technology Security Evaluation, +
+Part 1: Introduction and General Model, +
+CCMB-2017-04-001, Version 3.1 Revision 5, April 2017.
+|[#CC2]#[CC2]# |Common Criteria for Information Technology Security Evaluation, +
+Part 2: Security Functional Components, +
+CCMB-2017-04-002, Version 3.1 Revision 5, April 2017.
+|[#CC3]#[CC3]# |Common Criteria for Information Technology Security Evaluation, +
+Part 3: Security Assurance Components, +
+CCMB-2017-04-003, Version 3.1 Revision 5, April 2017.
+|[#CEM]#[CEM]# |Common Methodology for Information Technology Security Evaluation, +
+Evaluation Methodology, +
+CCMB-2017-04-004, Version 3.1 Revision 5, April 2017.
+|[#addenda]#[addenda]# |CC and CEM addenda, +
+Exact Conformance, Selection-Based SFRs, Optional SFRs, +
+Version 0.5, May 2017.
+|===
diff --git a/Modules/Agent/cPP_MOD-Agent.adoc b/Archive/Modules/Agent/cPP_MOD-Agent.adoc
similarity index 86%
rename from Modules/Agent/cPP_MOD-Agent.adoc
rename to Archive/Modules/Agent/cPP_MOD-Agent.adoc
index 1dab93b..be8ee52 100644
--- a/Modules/Agent/cPP_MOD-Agent.adoc
+++ b/Archive/Modules/Agent/cPP_MOD-Agent.adoc
@@ -92,11 +92,20 @@ For more see the http://www.commoncriteriaportal.org/[Common Criteria Portal].
==== Compliant Targets of Evaluation
-This is a Collaborative Protection Profile (cPP) Module whose Target of Evaluation (TOE) is Enterprise Agent Applications. This PP-Module is compatible with the cPP for Application Software and collaborative PP-Module for Server Applications.
+This is a Collaborative Protection Profile (cPP) Module whose Target of Evaluation (TOE) is Enterprise Agent Applications. This PP-Module is compatible with the cPP for Application Software and collaborative PP-Module for Server Applications.
+
+For purposes of a PP-Configuration, an Agent Application is any separately deployed TOE application component that communicates with another TOE component under the control, coordination, policy, enrollment, or trust relationship established by the TOE. This may include endpoint agents, worker services, peer services, microservice payloads, subordinate application services, or other application components that are identified as TOE parts in the ST.
+
+For containerized or microservices TOEs, the TOE consists of the application payload components identified in the ST. The container orchestration platform, container runtime, operating system, service mesh infrastructure, ingress infrastructure, cluster networking, and platform-provided secret or configuration stores are part of the operational environment unless explicitly included in the TOE boundary.
=== TOE Use Cases
All use cases of Enterprise Agent applications defined in the {base-pp} are applicable to this PP-Module.
+=== Distributed and Microservices TOE Configurations
+This PP-Module may be used in a PP-Configuration with the PP-Module for Server Applications to evaluate distributed application software. Distributed application software includes server-agent deployments, clustered server deployments, and microservices architectures composed of multiple application payload components.
+
+The ST shall identify each Agent Application component, describe the role of each component, identify which claimed SFRs are implemented by each component, and describe all communications between Agent Application components and other TOE components. The ST shall also distinguish TOE components from operational environment components. If the TOE relies on operational environment components for execution, scheduling, networking, isolation, credential storage, configuration storage, time services, or protection of inter-component communications, the ST shall identify the dependency and the guidance shall describe the required environmental configuration.
+
== CC Conformance Claims
As defined by the references <>, <> and <>, this PP-Module:
@@ -178,7 +187,7 @@ The TSF shall implement a registration process in which TOE parts establish and
].
-*Application Note {counter:appnote}:* An Agent can communicate with a Server or another Agent. This SFR can be iterated if the registration method varies depending on what TOE parts are communicating.
+*Application Note {counter:appnote}:* An Agent can communicate with a Server, another Agent, or another separately deployed TOE component identified in the ST. In a microservices architecture, this may include communication between application payload services. This SFR can be iterated if the registration method varies depending on what TOE parts are communicating.
"No channel" is selected if the registration is performed via out-of-band manual means.
*FCO_CPC_EXT.1.3/Agent*
@@ -260,7 +269,7 @@ This is a new component within the FCO class used to define high-level constrain
+---------------------------------------+ +-----+
....
-FCO_CPC_EXT.1/Agent Component Registration Channel Definition, requires the TSF to support a registration channel for joining together server and agent TOE parts, and to ensure that the availability of this channel is under the control of an Administrator. It also requires statement of the type of channel used (allowing specification of further lower-level security requirements by reference to other SFRs).
+FCO_CPC_EXT.1/Agent Component Registration Channel Definition, requires the TSF to support a registration channel for joining together server and agent TOE parts or other distributed application TOE components, and to ensure that the availability of this channel is under the control of an Administrator. It also requires statement of the type of channel used (allowing specification of further lower-level security requirements by reference to other SFRs).
*Management: FCO_CPC_EXT.1/Agent*
@@ -301,4 +310,4 @@ Dependencies: No other components
When this PP-Module is used to extend [cPP_APP_SW], the TOE type for the overall TOE is still a generic application. However, one of the functions of the device must be the ability for it to the capability to be managed by a server application. The TOE boundary is simply extended to include that functionality.
=== SFR Dependencies Analysis
-The dependencies between SFRs implemented by the TOE are addressed as shown in the base PP.
\ No newline at end of file
+The dependencies between SFRs implemented by the TOE are addressed as shown in the base PP.
diff --git a/Modules/Agent/images/FCO_CPC_EXT.png b/Archive/Modules/Agent/images/FCO_CPC_EXT.png
similarity index 100%
rename from Modules/Agent/images/FCO_CPC_EXT.png
rename to Archive/Modules/Agent/images/FCO_CPC_EXT.png
diff --git a/Modules/Agent/images/fpt_aex_ext_componentlevel.jpg b/Archive/Modules/Agent/images/fpt_aex_ext_componentlevel.jpg
similarity index 100%
rename from Modules/Agent/images/fpt_aex_ext_componentlevel.jpg
rename to Archive/Modules/Agent/images/fpt_aex_ext_componentlevel.jpg
diff --git a/Modules/Agent/images/tbd.jpg b/Archive/Modules/Agent/images/tbd.jpg
similarity index 100%
rename from Modules/Agent/images/tbd.jpg
rename to Archive/Modules/Agent/images/tbd.jpg
diff --git a/Modules/Server/.asciidoctor/diagram/FCO_CPC_EXT.png.cache b/Archive/Modules/Server/.asciidoctor/diagram/FCO_CPC_EXT.png.cache
similarity index 100%
rename from Modules/Server/.asciidoctor/diagram/FCO_CPC_EXT.png.cache
rename to Archive/Modules/Server/.asciidoctor/diagram/FCO_CPC_EXT.png.cache
diff --git a/Modules/Server/.asciidoctor/diagram/FMT_MEC_EXT.png.cache b/Archive/Modules/Server/.asciidoctor/diagram/FMT_MEC_EXT.png.cache
similarity index 100%
rename from Modules/Server/.asciidoctor/diagram/FMT_MEC_EXT.png.cache
rename to Archive/Modules/Server/.asciidoctor/diagram/FMT_MEC_EXT.png.cache
diff --git a/Modules/Server/.asciidoctor/diagram/FPT_AEX_EXT.png.cache b/Archive/Modules/Server/.asciidoctor/diagram/FPT_AEX_EXT.png.cache
similarity index 100%
rename from Modules/Server/.asciidoctor/diagram/FPT_AEX_EXT.png.cache
rename to Archive/Modules/Server/.asciidoctor/diagram/FPT_AEX_EXT.png.cache
diff --git a/Modules/Server/SD-MOD-Server.adoc b/Archive/Modules/Server/SD-MOD-Server.adoc
similarity index 100%
rename from Modules/Server/SD-MOD-Server.adoc
rename to Archive/Modules/Server/SD-MOD-Server.adoc
diff --git a/Modules/Server/appSW_PP_Config_Server.adoc b/Archive/Modules/Server/appSW_PP_Config_Server.adoc
similarity index 100%
rename from Modules/Server/appSW_PP_Config_Server.adoc
rename to Archive/Modules/Server/appSW_PP_Config_Server.adoc
diff --git a/Modules/Server/cPP_MOD-Server.adoc b/Archive/Modules/Server/cPP_MOD-Server.adoc
similarity index 88%
rename from Modules/Server/cPP_MOD-Server.adoc
rename to Archive/Modules/Server/cPP_MOD-Server.adoc
index 8fe618a..4599f74 100644
--- a/Modules/Server/cPP_MOD-Server.adoc
+++ b/Archive/Modules/Server/cPP_MOD-Server.adoc
@@ -92,11 +92,20 @@ For more see the http://www.commoncriteriaportal.org/[Common Criteria Portal].
==== Compliant Targets of Evaluation
-This is a Collaborative Protection Profile (cPP) Module whose Target of Evaluation (TOE) is Enterprise Server Applications. This PP-Module is compatible with the cPP for Application Software.
+This is a Collaborative Protection Profile (cPP) Module whose Target of Evaluation (TOE) is Enterprise Server Applications. This PP-Module is compatible with the cPP for Application Software.
+
+For a distributed TOE, the Server Application is the TOE component, or set of TOE components, that provides management, coordination, policy, API-facing, or other server-side functionality for the TOE. In a microservices architecture, a Server Application component may be a service or application payload that coordinates, exposes, or controls TOE functionality. The container orchestration platform, container runtime, operating system, service mesh infrastructure, ingress infrastructure, cluster networking, and platform-provided secret or configuration stores are part of the operational environment unless explicitly included in the TOE boundary.
=== TOE Use Cases
All use cases of Enterprise Server applications defined in the {base-pp} are applicable to this PP-Module.
+=== Distributed and Microservices TOE Configurations
+This PP-Module may be used in a PP-Configuration with the PP-Module for Agent Applications to evaluate distributed application software. Distributed application software includes server-agent deployments, clustered server deployments, and microservices architectures composed of multiple application payload components.
+
+For a distributed TOE, the ST shall identify each TOE component, describe the role of each TOE component, identify which components implement each claimed SFR, and describe all communications between TOE components. The ST shall also distinguish TOE components from operational environment components. Operational environment components may include container orchestration, container runtimes, operating systems, service mesh infrastructure, ingress infrastructure, cluster networking, platform-provided secret or configuration stores, and other infrastructure services not explicitly included in the TOE boundary.
+
+If the TOE relies on operational environment components for execution, scheduling, networking, isolation, credential storage, configuration storage, time services, or protection of inter-component communications, the ST shall identify the dependency and the guidance shall describe the required environmental configuration.
+
== CC Conformance Claims
As defined by the references <>, <> and <>, this PP-Module:
@@ -205,7 +214,7 @@ The TSF shall be capable of performing the following management functions:
* configuration of communication with other trusted IT entities
* [_selection:_
-** _configuration of communication with Agent according to FCO_CPC_EXT.1/Server and FPT_ITT.1/Server_
+** _configuration of communication with other TOE components according to FCO_CPC_EXT.1/Server and FPT_ITT.1/Server_
** _allow/disallow the enrollment of a TOE agent by administrative function or policy,_
** _query agent version,_
** _provide update functionality to agent,_
@@ -215,7 +224,7 @@ The TSF shall be capable of performing the following management functions:
** _configure number of authentication attempts and failed authentication behavior,_
** _[assignment: Other management functions]_]
-*Application Note {counter:appnote}:* Functions that relate to management of agents is intended to be used in conjuction with the Agent module, however, it can be used with third party agents that aren't necessarily within the TOE boundary.
+*Application Note {counter:appnote}:* Functions that relate to management of agents or other separately deployed TOE components are intended to be used in conjunction with the Agent module. The same functions may also be used with third-party entities that are in the operational environment and are not within the TOE boundary.
=== Protection of the TSF (FPT)
@@ -231,7 +240,7 @@ This PP-Module does not define any additional assurance requirements above and b
[appendix]
== Selection-Based Requirements
-These SFRs apply if and only if an Agent Module is included in the evaluation.
+These SFRs apply when the TOE includes separately deployed TOE parts that communicate with one another as part of a PP-Configuration that includes the Agent Module. For microservices architectures, these SFRs apply to the communication relationships between Server Application components and Agent Application components as those components are identified in the ST. The ST author should iterate these SFRs as needed for different component pairs or communication mechanisms.
=== Communication (FCO)
==== FCO_CPC_EXT.1/Server
@@ -419,7 +428,7 @@ This is a new component within the FCO class used to define high-level constrain
+---------------------------------------+ +-----+
....
-FCO_CPC_EXT.1/Server Component Registration Channel Definition, requires the TSF to support a registration channel for joining together server and agent TOE parts, and to ensure that the availability of this channel is under the control of an Administrator. It also requires statement of the type of channel used (allowing specification of further lower-level security requirements by reference to other SFRs).
+FCO_CPC_EXT.1/Server Component Registration Channel Definition, requires the TSF to support a registration channel for joining together server and agent TOE parts or other distributed application TOE components, and to ensure that the availability of this channel is under the control of an Administrator. It also requires statement of the type of channel used (allowing specification of further lower-level security requirements by reference to other SFRs).
*Management: FCO_CPC_EXT.1/Server*
@@ -459,4 +468,4 @@ Dependencies: No other components
When this PP-Module is used to extend [cPP_APP_SW], the TOE type for the overall TOE is still a generic application. However, one of the functions of the device must be the ability for it to the capability to manage agent applications. The TOE boundary is simply extended to include that functionality.
=== SFR Dependencies Analysis
-The dependencies between SFRs implemented by the TOE are addressed as shown in the base PP.
\ No newline at end of file
+The dependencies between SFRs implemented by the TOE are addressed as shown in the base PP.
diff --git a/Modules/Server/images/FCO_CPC_EXT.png b/Archive/Modules/Server/images/FCO_CPC_EXT.png
similarity index 100%
rename from Modules/Server/images/FCO_CPC_EXT.png
rename to Archive/Modules/Server/images/FCO_CPC_EXT.png
diff --git a/Modules/Server/images/FMT_MEC_EXT.png b/Archive/Modules/Server/images/FMT_MEC_EXT.png
similarity index 100%
rename from Modules/Server/images/FMT_MEC_EXT.png
rename to Archive/Modules/Server/images/FMT_MEC_EXT.png
diff --git a/Modules/Server/images/FPT_AEX_EXT.png b/Archive/Modules/Server/images/FPT_AEX_EXT.png
similarity index 100%
rename from Modules/Server/images/FPT_AEX_EXT.png
rename to Archive/Modules/Server/images/FPT_AEX_EXT.png
diff --git a/Modules/Server/images/fpt_aex_ext_componentlevel.jpg b/Archive/Modules/Server/images/fpt_aex_ext_componentlevel.jpg
similarity index 100%
rename from Modules/Server/images/fpt_aex_ext_componentlevel.jpg
rename to Archive/Modules/Server/images/fpt_aex_ext_componentlevel.jpg
diff --git a/Modules/Server/images/tbd.jpg b/Archive/Modules/Server/images/tbd.jpg
similarity index 100%
rename from Modules/Server/images/tbd.jpg
rename to Archive/Modules/Server/images/tbd.jpg
diff --git a/README.adoc b/Archive/README.adoc
similarity index 100%
rename from README.adoc
rename to Archive/README.adoc
diff --git a/cPP/.asciidoctor/diagram/FCS_CKM_EXT.png.cache b/Archive/cPP/.asciidoctor/diagram/FCS_CKM_EXT.png.cache
similarity index 100%
rename from cPP/.asciidoctor/diagram/FCS_CKM_EXT.png.cache
rename to Archive/cPP/.asciidoctor/diagram/FCS_CKM_EXT.png.cache
diff --git a/cPP/.asciidoctor/diagram/FCS_HTTPS_EXT.png.cache b/Archive/cPP/.asciidoctor/diagram/FCS_HTTPS_EXT.png.cache
similarity index 100%
rename from cPP/.asciidoctor/diagram/FCS_HTTPS_EXT.png.cache
rename to Archive/cPP/.asciidoctor/diagram/FCS_HTTPS_EXT.png.cache
diff --git a/cPP/.asciidoctor/diagram/FCS_RBG_EXT.png.cache b/Archive/cPP/.asciidoctor/diagram/FCS_RBG_EXT.png.cache
similarity index 100%
rename from cPP/.asciidoctor/diagram/FCS_RBG_EXT.png.cache
rename to Archive/cPP/.asciidoctor/diagram/FCS_RBG_EXT.png.cache
diff --git a/cPP/.asciidoctor/diagram/FCS_STO_EXT.png.cache b/Archive/cPP/.asciidoctor/diagram/FCS_STO_EXT.png.cache
similarity index 100%
rename from cPP/.asciidoctor/diagram/FCS_STO_EXT.png.cache
rename to Archive/cPP/.asciidoctor/diagram/FCS_STO_EXT.png.cache
diff --git a/cPP/.asciidoctor/diagram/FDP_NET_EXT.png.cache b/Archive/cPP/.asciidoctor/diagram/FDP_NET_EXT.png.cache
similarity index 100%
rename from cPP/.asciidoctor/diagram/FDP_NET_EXT.png.cache
rename to Archive/cPP/.asciidoctor/diagram/FDP_NET_EXT.png.cache
diff --git a/cPP/.asciidoctor/diagram/FIA_EIP_EXT.png.cache b/Archive/cPP/.asciidoctor/diagram/FIA_EIP_EXT.png.cache
similarity index 100%
rename from cPP/.asciidoctor/diagram/FIA_EIP_EXT.png.cache
rename to Archive/cPP/.asciidoctor/diagram/FIA_EIP_EXT.png.cache
diff --git a/cPP/.asciidoctor/diagram/FIA_UAU_EXT.png.cache b/Archive/cPP/.asciidoctor/diagram/FIA_UAU_EXT.png.cache
similarity index 100%
rename from cPP/.asciidoctor/diagram/FIA_UAU_EXT.png.cache
rename to Archive/cPP/.asciidoctor/diagram/FIA_UAU_EXT.png.cache
diff --git a/cPP/.asciidoctor/diagram/FIA_UIA_EXT.png.cache b/Archive/cPP/.asciidoctor/diagram/FIA_UIA_EXT.png.cache
similarity index 100%
rename from cPP/.asciidoctor/diagram/FIA_UIA_EXT.png.cache
rename to Archive/cPP/.asciidoctor/diagram/FIA_UIA_EXT.png.cache
diff --git a/cPP/.asciidoctor/diagram/FIA_X509_EXT.png.cache b/Archive/cPP/.asciidoctor/diagram/FIA_X509_EXT.png.cache
similarity index 100%
rename from cPP/.asciidoctor/diagram/FIA_X509_EXT.png.cache
rename to Archive/cPP/.asciidoctor/diagram/FIA_X509_EXT.png.cache
diff --git a/cPP/.asciidoctor/diagram/FMT_CFG_EXT.png.cache b/Archive/cPP/.asciidoctor/diagram/FMT_CFG_EXT.png.cache
similarity index 100%
rename from cPP/.asciidoctor/diagram/FMT_CFG_EXT.png.cache
rename to Archive/cPP/.asciidoctor/diagram/FMT_CFG_EXT.png.cache
diff --git a/cPP/.asciidoctor/diagram/FPT_AEX_EXT.png.cache b/Archive/cPP/.asciidoctor/diagram/FPT_AEX_EXT.png.cache
similarity index 100%
rename from cPP/.asciidoctor/diagram/FPT_AEX_EXT.png.cache
rename to Archive/cPP/.asciidoctor/diagram/FPT_AEX_EXT.png.cache
diff --git a/cPP/.asciidoctor/diagram/FPT_TUD_EXT.png.cache b/Archive/cPP/.asciidoctor/diagram/FPT_TUD_EXT.png.cache
similarity index 100%
rename from cPP/.asciidoctor/diagram/FPT_TUD_EXT.png.cache
rename to Archive/cPP/.asciidoctor/diagram/FPT_TUD_EXT.png.cache
diff --git a/cPP/.asciidoctor/diagram/FTP_DIT_EXT.png.cache b/Archive/cPP/.asciidoctor/diagram/FTP_DIT_EXT.png.cache
similarity index 100%
rename from cPP/.asciidoctor/diagram/FTP_DIT_EXT.png.cache
rename to Archive/cPP/.asciidoctor/diagram/FTP_DIT_EXT.png.cache
diff --git a/cPP/AppSW cPP allowed-with list.docx b/Archive/cPP/AppSW cPP allowed-with list.docx
similarity index 100%
rename from cPP/AppSW cPP allowed-with list.docx
rename to Archive/cPP/AppSW cPP allowed-with list.docx
diff --git a/cPP/SD_APP_SW.adoc b/Archive/cPP/SD_APP_SW.adoc
similarity index 100%
rename from cPP/SD_APP_SW.adoc
rename to Archive/cPP/SD_APP_SW.adoc
diff --git a/cPP/cPP_APP_SW.adoc b/Archive/cPP/cPP_APP_SW.adoc
similarity index 100%
rename from cPP/cPP_APP_SW.adoc
rename to Archive/cPP/cPP_APP_SW.adoc
diff --git a/cPP/images/FCS_CKM_EXT.png b/Archive/cPP/images/FCS_CKM_EXT.png
similarity index 100%
rename from cPP/images/FCS_CKM_EXT.png
rename to Archive/cPP/images/FCS_CKM_EXT.png
diff --git a/cPP/images/FCS_HTTPS_EXT.png b/Archive/cPP/images/FCS_HTTPS_EXT.png
similarity index 100%
rename from cPP/images/FCS_HTTPS_EXT.png
rename to Archive/cPP/images/FCS_HTTPS_EXT.png
diff --git a/cPP/images/FCS_RBG_EXT.png b/Archive/cPP/images/FCS_RBG_EXT.png
similarity index 100%
rename from cPP/images/FCS_RBG_EXT.png
rename to Archive/cPP/images/FCS_RBG_EXT.png
diff --git a/cPP/images/FCS_STO_EXT.png b/Archive/cPP/images/FCS_STO_EXT.png
similarity index 100%
rename from cPP/images/FCS_STO_EXT.png
rename to Archive/cPP/images/FCS_STO_EXT.png
diff --git a/cPP/images/FDP_NET_EXT.png b/Archive/cPP/images/FDP_NET_EXT.png
similarity index 100%
rename from cPP/images/FDP_NET_EXT.png
rename to Archive/cPP/images/FDP_NET_EXT.png
diff --git a/cPP/images/FIA_EIP_EXT.png b/Archive/cPP/images/FIA_EIP_EXT.png
similarity index 100%
rename from cPP/images/FIA_EIP_EXT.png
rename to Archive/cPP/images/FIA_EIP_EXT.png
diff --git a/cPP/images/FIA_UAU_EXT.png b/Archive/cPP/images/FIA_UAU_EXT.png
similarity index 100%
rename from cPP/images/FIA_UAU_EXT.png
rename to Archive/cPP/images/FIA_UAU_EXT.png
diff --git a/cPP/images/FIA_UIA_EXT.png b/Archive/cPP/images/FIA_UIA_EXT.png
similarity index 100%
rename from cPP/images/FIA_UIA_EXT.png
rename to Archive/cPP/images/FIA_UIA_EXT.png
diff --git a/cPP/images/FIA_X509_EXT.png b/Archive/cPP/images/FIA_X509_EXT.png
similarity index 100%
rename from cPP/images/FIA_X509_EXT.png
rename to Archive/cPP/images/FIA_X509_EXT.png
diff --git a/cPP/images/FMT_CFG_EXT.png b/Archive/cPP/images/FMT_CFG_EXT.png
similarity index 100%
rename from cPP/images/FMT_CFG_EXT.png
rename to Archive/cPP/images/FMT_CFG_EXT.png
diff --git a/cPP/images/FPT_AEX_EXT.png b/Archive/cPP/images/FPT_AEX_EXT.png
similarity index 100%
rename from cPP/images/FPT_AEX_EXT.png
rename to Archive/cPP/images/FPT_AEX_EXT.png
diff --git a/cPP/images/FPT_TUD_EXT.png b/Archive/cPP/images/FPT_TUD_EXT.png
similarity index 100%
rename from cPP/images/FPT_TUD_EXT.png
rename to Archive/cPP/images/FPT_TUD_EXT.png
diff --git a/cPP/images/FTP_DIT_EXT.png b/Archive/cPP/images/FTP_DIT_EXT.png
similarity index 100%
rename from cPP/images/FTP_DIT_EXT.png
rename to Archive/cPP/images/FTP_DIT_EXT.png
diff --git a/cPP/images/ccLogo.png b/Archive/cPP/images/ccLogo.png
similarity index 100%
rename from cPP/images/ccLogo.png
rename to Archive/cPP/images/ccLogo.png
diff --git a/cPP/images/toe.png b/Archive/cPP/images/toe.png
similarity index 100%
rename from cPP/images/toe.png
rename to Archive/cPP/images/toe.png
diff --git a/cPP/images/toeruntime.png b/Archive/cPP/images/toeruntime.png
similarity index 100%
rename from cPP/images/toeruntime.png
rename to Archive/cPP/images/toeruntime.png
diff --git a/cPP/v2/.github/workflows/quick_build.yml b/Archive/cPP/v2/.github/workflows/quick_build.yml
similarity index 100%
rename from cPP/v2/.github/workflows/quick_build.yml
rename to Archive/cPP/v2/.github/workflows/quick_build.yml
diff --git a/cPP/v2/.github/workflows/quick_build_pdf.yml b/Archive/cPP/v2/.github/workflows/quick_build_pdf.yml
similarity index 100%
rename from cPP/v2/.github/workflows/quick_build_pdf.yml
rename to Archive/cPP/v2/.github/workflows/quick_build_pdf.yml
diff --git a/Archive/cPP/v2/.github/workflows/validate.yml b/Archive/cPP/v2/.github/workflows/validate.yml
new file mode 100644
index 0000000..95e8d02
--- /dev/null
+++ b/Archive/cPP/v2/.github/workflows/validate.yml
@@ -0,0 +1,26 @@
+# This is a the Common Criteria build workflow that is triggered on push
+
+name: Validate
+
+# Controls when the action will run. Workflow runs when manually triggered using the UI
+# or API.
+on: [push, workflow_dispatch]
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+ build-project:
+
+ # The type of runner that the job will run on
+ runs-on: ubuntu-latest
+ # Steps represent a sequence of tasks that will be executed as part of the job
+ steps:
+ - name: Checkout project and transforms
+ uses: actions/checkout@v4
+ with:
+ submodules: true
+
+ - name: Install Jing
+ run: wget -O - https://github.com/relaxng/jing-trang/releases/download/V20181222/jing-20181222.zip | jar -x
+
+ - name: Schema Validation
+ run: JING_JAR=jing*/bin/jing.jar make validate
diff --git a/cPP/v2/.gitignore b/Archive/cPP/v2/.gitignore
similarity index 100%
rename from cPP/v2/.gitignore
rename to Archive/cPP/v2/.gitignore
diff --git a/cPP/v2/.gitmodules b/Archive/cPP/v2/.gitmodules
similarity index 100%
rename from cPP/v2/.gitmodules
rename to Archive/cPP/v2/.gitmodules
diff --git a/cPP/v2/Dictionary.txt b/Archive/cPP/v2/Dictionary.txt
similarity index 100%
rename from cPP/v2/Dictionary.txt
rename to Archive/cPP/v2/Dictionary.txt
diff --git a/cPP/v2/LICENSE b/Archive/cPP/v2/LICENSE
similarity index 100%
rename from cPP/v2/LICENSE
rename to Archive/cPP/v2/LICENSE
diff --git a/cPP/v2/Makefile b/Archive/cPP/v2/Makefile
similarity index 100%
rename from cPP/v2/Makefile
rename to Archive/cPP/v2/Makefile
diff --git a/cPP/v2/README.md b/Archive/cPP/v2/README.md
similarity index 100%
rename from cPP/v2/README.md
rename to Archive/cPP/v2/README.md
diff --git a/cPP/v2/Readme.adoc b/Archive/cPP/v2/Readme.adoc
similarity index 100%
rename from cPP/v2/Readme.adoc
rename to Archive/cPP/v2/Readme.adoc
diff --git a/cPP/v2/input/.gitignore b/Archive/cPP/v2/input/.gitignore
similarity index 100%
rename from cPP/v2/input/.gitignore
rename to Archive/cPP/v2/input/.gitignore
diff --git a/cPP/v2/input/application.xml b/Archive/cPP/v2/input/application.xml
similarity index 99%
rename from cPP/v2/input/application.xml
rename to Archive/cPP/v2/input/application.xml
index 38799a6..dee09bf 100644
--- a/cPP/v2/input/application.xml
+++ b/Archive/cPP/v2/input/application.xml
@@ -191,6 +191,11 @@
+
+ A TOE may consist of multiple separately deployed application components that collectively provide the TOE security functionality. Examples include server-agent products, clustered application deployments, and microservices-based applications composed of multiple application payloads. If a TOE is distributed across multiple TOE components, the ST shall identify each TOE component, describe the role of each TOE component, identify which components implement each claimed SFR, describe all communications between TOE components, and distinguish TOE components from operational environment components.
+ For containerized or microservices TOEs, the TOE consists of the application payloads and TOE-provided application components identified in the ST. The container orchestration platform, container runtime, operating system, service mesh infrastructure, ingress infrastructure, cluster networking, and platform-provided secret or configuration stores are part of the operational environment unless explicitly included in the TOE boundary. The PP does not require these operational environment components to be included in the TOE boundary solely because the TOE depends on them for execution, scheduling, networking, isolation, credential storage, configuration storage, or time services.
+ When the TOE relies on operational environment components to provide services used by the TOE, the ST shall identify the dependency and the guidance shall describe the required environmental configuration. Inter-component communication between TOE parts shall be identified in the ST. Where the TOE claims conformance to a PP-Configuration that includes Server and Agent application modules, the ST shall use the module requirements to address authorization or registration of TOE components before communication is permitted and protection of security-relevant data transmitted between TOE components. The ST shall provide an SFR allocation rationale that identifies whether each claimed requirement is satisfied by all TOE components, by applicable TOE components that perform the relevant function, by at least one TOE component, by the TOE as a whole, or by an allowed operational environment dependency.
+