NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0005:  FPT_ITT Test 3 Resolution

Publication Date

Protection Profiles

Other References

Issue Description

In the NDPP Errata #2, they removed test 3 (channel data modification test) in the FPT_ITC and FPT_TRP, but not for FPT_ITT. I think this is an omission in the Errata. FPT_ITC and FPT_TRP are for external communications between the TOE and external entities. If test 3 is needed, it should be for these connections because they travel through the Internet and are more likely to be modified or tampered with. FPT_ITT is an internal, trusted connection (between TOE components). It is on the trusted management network; it is protected by the firewall; it is protected by the VLAN and switched environment. I don't see removing this test from the external communication but leaving this test for the internal communication is anything but an error in the Errata.

There are many difficulties in running this test. One would be to create a Man-in-the-Middle (MITM) tool to capture the packets and modify them before sending them out. This is a similar problem with test 4 in FCS_TLS_EXT.1 in which there is an official waiver for (see TD0004). I also believe this is why the test 3 was removed from FPT_ITC and FTP_TRP, external communications. The other difficulty is to install the MITM tool on the TOE components. FPT_ITT is for internal communication, TOE components communicating with each other, so we need to install the MITM tool on the TOE component itself. This is very hard because we don't have a compiler on the TOE. This is a STIG requirement. We would need to install a compiler, libraries, etc. to compile and install any program on the TOE itself to run this test. If this is an external communication test, we would do all of this (compiler, libraries, etc.) on the external entity. However, because it's an internal communication, both end is a TOE component which cannot have those things.


There is an oversight to have removed the test in assurance activities for FPT_ITC and not for FPT_ITT and, therefore, it is acceptable to not perform test 3 of the test assurance activity for FPT_ITT.  It should be noted, however, that this test was removed in FTP_ITC and FTP_TRP because it was covered (in Errata #2) directly in the protocols used to implement the trusted channel, so the appropriate protocol testing (e.g., FCS_IPSEC_EXT) will still need to be performed.

Site Map              Contact Us              Home