NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0024:  Application Settings Clarification for FMT_MEC_EXT.1

Publication Date
2014.11.26

Protection Profiles
PP_APP_v1.1

Other References
PP_APP_V1.1, requirement FMT_MEC_EXT.1

Issue Description

In FMT_MEC_EXT.1, the stated assurance activity on Linux indicate /etc must be used for system-specific changes and the user's home directory for user-specific configuration.  The Windows assurance-activity specifies the use of the Windows registry. The focus is on security-related settings, but more clarification is needed on what are the security-related settings.

Resolution

The Assurance Activity for this requirement should be revised to state “The evaluator shall review the TSS to identify the application's configuration options (e.g. settings) and determine whether these are stored and set using the mechanisms supported by the platform. At a minimum the TSS shall list settings related to any SFRs and any settings that are mandated in the operational guidance in response to an SFR.”

The next update of the App PP will reflect the TD.

Justification

The Assurance Activity needed to be rewritten to clarify the intent, which is that the TSS should define the security-related settings based on the platform and that these settings must include settings related to any of the SFRs and the operational guidance.

 
 
Site Map              Contact Us              Home