Archived TD0056: Revision to FCS_RBG_EXT.1 Requirement in VPN GW EP v1.1
The FCS_RBG_EXT.1 SFR in the VPN GW EP v1.1 requires at least one hardware source of entropy. Other instances of this requirement allow for a selection of either a hardware or software noise source. For consistency with the other current PPs and EPs (including the cPPs), modification of FCS_RBG_EXT.1 is needed to allow either type of noise source.
The requirement is being revised to allow for a hardware or software based noise source. The revised requirement is below.
22.214.171.124 FCS_RBG_EXT.1 Extended: Cryptographic operation (Random Bit Generation)
FCS_RBG_EXT.1.1 The TSF shall perform all random bit generation (RBG) services in accordance with [selection, choose one of: NIST Special Publication 800-90 using [selection: Hash_DRBG (any), HMAC_DRBG (any), CTR_DRBG (AES), Dual_EC_DRBG (any)]; FIPS Pub 140-2 Appendix C; X9.31 Appendix 2.4 using AES] seeded by an entropy source that accumulates entropy from [selection: [assignment: number] TSF hardware based noise source(s), [assignment: number] TSF software-based noise source(s),].
Application Note: This EP allows the ST Author to choose whether the noise source is software based or hardware based.
Regardless of the noise source selected, sufficient entropy must be obtained as defined in FCS_RBG_EXT.1.2.
The FCS_RBG_EXT.1 requirement is being revised to allow for the selevction of one or more hardware or software based noise sources for consistency with other PPs and EPs.