![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0146: Remote Administration and Cryptographic Functionality in the TFWPP
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2009-01-29 |
| Last Modified | 2009-01-29 |
Issue
The TFFW PP includes several statements that imply that remote administration is optional (not required) to be included in the scope of the Target of Evaluation (TOE). The specific language in the PP that implies this functionality is optional is as follows:
-
Application Note for FIA_UAU.4
Application Note: TOEs that do not provide capabilities for authorized administrators to access the TOE remotely from either an internal or external network (i.e., for remote administration) or for authorized external IT entities do not have to make such functionality available in order to satisfy this requirement. The intent of this requirement is not to require developers to provide such capabilities and their associated single-use authentication mechanisms. The requirement applies to those developers that do incorporate such functionality and intend for it to be evaluated.
-
Pg 15 discussion of FCS_COP.1
Component FCS_COP.1 is a conditional requirement. If the developer allows administration from a remote location outside the physically protected TOE, then evaluation against this Protection Profile shall require the TOE to meet this component. FCS_COP.1 defines a cryptographic algorithm as well as the key size that must be used. The cryptographic module must be FIPS PUB 140-2 compliant for the reasons stated in Section 3.
-
FMT_MOF K includes "if"
l) additionally, if the TSF supports remote administration from either an internal or external network:
* enable and disable remote administration from internal and external networks;
* restrict addresses from which remote administration can be performed;
Given the above references in the TFFW PP, it can definitely be concluded that the TOE need not offer remote administration to meet the PP.
Resolution
Remote administration may be excluded from the TOE and still claim compliance to the PP. In addition, excluding remote administration from the TOE will comply with Policy 13 if it is clearly stated in all applicable documents (Admin Guide, User Guide, ST, VR, VPL, etc) that remote administration is disabled by default in the evaluated configuration.
Support
Although CCEVS is writing a new crypto policy that will mandate FIPS for all crypto in the TOE, there is currently no such policy. Therefore, to allow remote login without FIPS certification may actually cause a greater security risk. Once the new crypto policy is issued, CCEVS will revisit this issue and the TFFW PP in particular.
Modification History:
- 2009-01-29:
- PD Created (December 2008 ODRB Agenda Item 3.a.v)
References:
- None
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0277