NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0019:  Testing Data Channel Modification for FTP_ITC.1 and FTP_TRP.1

Publication Date

Protection Profiles
PP_ND_V1.1, PP_ND_VPN_GW_EP_v1.1

Other References

Issue Description

In the ND PP V1.1, the testing assurance activities for FTP_ITC.1 and FTP_TRP.1 specified a test requiring the evaluator to ensure, for each communication channel with an authorized IT entity and method of remote administration respectively, modification of the channel data is detected by the TOE. In ND PP Errata #2, these tests are removed, since (as explained in Section 2.1 of ND PP Errata #2), “…the integrity algorithms actually used by the TOE are identified, and then the evaluator confirms that these algorithms are actually capable of being used through testing. This can be done by observing the protocol negotiation of the algorithms through packet captures to ensure the allowed algorithms are agreed upon”. Subsequently, this change has been extended to FPT_ITT.1 (TD0005) and to the testing of FTP_ITC.1, FTP_TRP.1 and FPT_ITT.1 in WLAN AS PP (TD0016).

An issue has arisen for a TOE during Evaluation Consistency Review, since the TOE claims conformance to ND PP V1.1and VPN GW EP but not to ND PP Errata #2 (the Check-in Package for the TOE was submitted prior to the publication of ND PP Errata #2). All testing specified in ND PP V1.1 and VPN GW EP has been performed, with the exception of modification of channel data for FTP_ITC.1 and FTP_TRP.1, following the common practice across evaluations since publication of ND PP Errata #2.

In keeping with current practice and in the spirit of consistency across evaluations, the tests associated with FTP_ITC.1, FTP_TRP.1 and FPT_ITT.1 requiring the evaluator to ensure modification of channel data is detected by the TOE, should be waived for any evaluation claiming conformance to any PP in which those requirements and the associated tests are specified.


For TOEs claiming conformance to both the ND PP V1.1 (without Errata #2) and the VPN Gateway EP V1.1, the FTP_ITC.1 and FTP_TRP.1 requirements in ND PP V.1.1 can be updated by removing the data channel modification tests, along with the removal of the specified test requirements in FPT_ITT.1.  The result is the elimination of the following tests from ND PP V1.1:

  • FTP_ITC.1: Test 4
  • FTP_TRP.1: Test 4
  • FPT_ITT.1: Test 3



The assurance resulting from the modifications listed in the resolution is consistent with the testing mandated for TOEs with similar requirements, such as those compliant with the WLAN AS PP (as supplemented with TD0016).

Site Map              Contact Us              Home