Archived TD0090: NIT Technical Decision for FMT_SMF.1.1 Requirement in NDcPP
The Network Interpretations Team (NIT) has issued a technical decision regarding the FMT_SMF.1.1 requirement in the NDcPP v1.0 and FW cPP v1.0. The FMT_SMF.1.1 requirement mandates the use of digital signatures for updates. However, FPT_TUD_EXT.1.3 includes a selection of digital signatures OR published hash, thus making the two requirements inconsistent.
To align with the NIT interpretation #16, the FMT_SMF.1.1 requirement has been modified as written below. For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI16.pdf
FMT_SMF.1.1 The TSF shall be capable of performing the following management functions:
o Ability to configure audit behavior;
o Ability to configure the list of TOE-provided services available before an entity is
o identified and authenticated, as specified in FIA_UIA_EXT.1;
o Ability to configure the cryptographic functionality;
o No other capabilities.]
See issue description.