Archived TD0084: P-256 is Optional in MDM v2.0
PP_MDM_V2.0, FCS_CKM.1.1, FCS_COP.1.1(3)
Based on NSA/IAD guidance on Commercial National Security Algorithm Suite and Quantum Computing from January 2016, the inclusion of P-256 should no longer be mandatory in the MDM PP. This Technical Decision is moving P-256 to an optional selection.
Under FCS_CKM.1.1, the second bullet for ECC schemes is being revised to read:
FCS_CKM.1.1 Refinement: The [selection: TSF, TOE platform] shall generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm [selection:
Under FCS_COP.1.1(3), the second bullet for ECDSA schemes is being revised to read:
FCS_COP.1.1(3) Refinement: The [selection: TSF, TOE platform] shall perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm [selection:
P-256 is moving to an optional selection based on new IA guidance.