The TOE can invoke its platform to handle all cryptography. The selection for FCS_RBG.1.1 would still be invoke. However, the selections for FCS_RBG.1.2 and FCS_RBG.1.3 do not cover this configuration. The TOE in this case would not be interfacing with any noise source. It would be the platform interfacing with the noise source.
The FCS_RBG.1.1 EA for creating an EAR needs to be updated to make it only applicable when the TOE has the cryptographic module within the TOE.
The reference for this EA is not clear "Clarification to the Entropy Documentation and Assessment Annex" should be changed to the Appendix Name: "Appendix E - Entropy Documentation and Assessment"
Justification:
The TOE would essentially be an Application in this instance invoking its underlying platform. The above SFR and EA look to be an exact replication from the App PP. However, the App PP uses FCS_RBG_EXT.1.1 to prevent these issues because the FCS_RBG.1 would not be applicable for these TOE's using the App PP. Instead the App PP has "use no DRBG functionality" be selected for FCS_RBG_EXT.1.1.
This same SFR relationship could be used OR the FCS_RBG.1 be updated to also provide selections for this valid configuration. My recommendation would be the later because the distributed nature of an MDM TOE. Some components may have the cryptographic module within the TOE and others only rely on the platform.
The TOE can invoke its platform to handle all cryptography. The selection for FCS_RBG.1.1 would still be invoke. However, the selections for FCS_RBG.1.2 and FCS_RBG.1.3 do not cover this configuration. The TOE in this case would not be interfacing with any noise source. It would be the platform interfacing with the noise source.
The FCS_RBG.1.1 EA for creating an EAR needs to be updated to make it only applicable when the TOE has the cryptographic module within the TOE.
The reference for this EA is not clear "Clarification to the Entropy Documentation and Assessment Annex" should be changed to the Appendix Name: "Appendix E - Entropy Documentation and Assessment"
Justification:
The TOE would essentially be an Application in this instance invoking its underlying platform. The above SFR and EA look to be an exact replication from the App PP. However, the App PP uses FCS_RBG_EXT.1.1 to prevent these issues because the FCS_RBG.1 would not be applicable for these TOE's using the App PP. Instead the App PP has "use no DRBG functionality" be selected for FCS_RBG_EXT.1.1.
This same SFR relationship could be used OR the FCS_RBG.1 be updated to also provide selections for this valid configuration. My recommendation would be the later because the distributed nature of an MDM TOE. Some components may have the cryptographic module within the TOE and others only rely on the platform.