This document seems to be ready and well written. The security considerations section seems reasonable.

However, I do agree with previous review that the requirements language boilerplate may be redundant.
There are only 2 capital SHOULD requirements in the document and they both appear in the security considerations section. None of them are referring to things that can be tested for compliance and they could both be downgraded to "should".