Given that BLE was released in 2012 with Bluetooth 4.0, is there really any specific reason to separate BR/EDR as mandatory and LE as a selection?
This may have made sense when a version of this SFR was create (I trace it back to v2.0, which was 2015)
FDP_UPC_EXT.1.1 The TSF provide a means for non-TSF applications executing on the
TOE to use TLS, HTTPS, Bluetooth BR/EDR, and [selection: DTLS, Bluetooth LE, no other
protocol] to provide a protected communication channel between the non-TSF application
and another IT product that is logically distinct from other communication channels, provides
assured identification of its end points, protects channel data from disclosure, and detects
modification of the channel data.
This is no longer the case and should be adjusted. I would actually just change this to something like "Bluetooth protocols" or just say "Bluetooth" here and leave the distinctions to the Bluetooth PP-Module. In the PP-Module I can maybe understand that laptops (for GPOS) may not all support newer chips (or that the laptops themselves are on the older side, maybe), but for mobile devices, I don't think this is a real issue.
While it is true that somethings like BLE Audio may not be supported everywhere, if the device supports BLE for somethings and not others, I would be unlikely to try and differentiate that because the list is likely to be complicated and convoluted, and not related to the security functionality that is being targeted for the evaluation.
In short, I think that a requirement for this that made sense in 2015, no longer makes sense in 2026.
Given that BLE was released in 2012 with Bluetooth 4.0, is there really any specific reason to separate BR/EDR as mandatory and LE as a selection?
This may have made sense when a version of this SFR was create (I trace it back to v2.0, which was 2015)
This is no longer the case and should be adjusted. I would actually just change this to something like "Bluetooth protocols" or just say "Bluetooth" here and leave the distinctions to the Bluetooth PP-Module. In the PP-Module I can maybe understand that laptops (for GPOS) may not all support newer chips (or that the laptops themselves are on the older side, maybe), but for mobile devices, I don't think this is a real issue.
While it is true that somethings like BLE Audio may not be supported everywhere, if the device supports BLE for somethings and not others, I would be unlikely to try and differentiate that because the list is likely to be complicated and convoluted, and not related to the security functionality that is being targeted for the evaluation.
In short, I think that a requirement for this that made sense in 2015, no longer makes sense in 2026.