The second part of the conformance clause refers - and only - to section 4.2.1 that itself mentions the Authorization Services Component among others. That component seems to fall under those Trust Elevation components that are covered by section 4.2 (title). But in fact we find it defined under 4.3 "4.3 Other Related Architecture Components" - are we talking of the same component?
Same for the Risk-Based Engine Component. It is confusing: we don't know if these components fall under the conformance clause, as the primary sections that define them are not clearly referenced by the CC.
More generally, the CC does a poor job referring to the normative content in the spec body: the latter seems to be under-referenced (i.e. most of the specification seems to be irrelevant to conformance).