The Network Interpretations Team (NIT) has issued a technical decision regarding testing and trusted updates in the NDcPP v1.0 and FW cPP v1.0.

To align with the NIT interpretation #27, NIAP supports the interpretation written below.  For further information, please see the NIT interpretation at:

https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI27.pdf.

RFI#26 explicitly disallows automatic installation for an update that solely uses published hashes.

The lab and vendor should work to determine an appropriate testing strategy that demonstrates the TOE’s conformance to FPT_TUD_EXT.1. If operational behavior can be demonstrated in a non-production environment, that is sufficient.

See Issue Description.