NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0124:  Auditable Events in VPN IPSEC Client PP

Publication Date
2016.11.07

Protection Profiles
PP_VPN_IPSEC_CLIENT_V1.4

Other References
FAU_GEN.1.2

Issue Description

In FAU_GEN.1.2, Table 2 contained typos and omissions. 

Resolution

Table 2: Auditable Events is replaced with the following (updates in bold).

Table 2:  Auditable Events

Requirement

Auditable Events

Additional Audit Record Contents

FAU_GEN.1

None.

FAU_SEL.1

All modifications to the audit configuration that occur while the audit collection functions are operating.

None.

FCS_CKM.1(*)

Failure of the key generation activity.

None.

FCS_CKM_EXT.2

None.

None.

FCS_CKM_EXT.4

Failure of the key zeroization process.

Identity of object or entity being cleared.

FCS_COP.1(1)

Failure of encryption or decryption.

Cryptographic mode of operation, name/identifier of object being encrypted/decrypted.

FCS_COP.1(2)

Failure of cryptographic signature.

Cryptographic mode of operation, name/identifier of object being signed/verified.

FCS_COP.1(3)

Failure of hashing function.

Cryptographic mode of operation, name/identifier of object being hashed.

FCS_COP.1(4)

Failure in Cryptographic Hashing for Non-Data Integrity.

Cryptographic mode of operation, name/identifier of object being hashed.

FCS_IPSEC_EXT.1

Decisions to DISCARD, BYPASS, PROTECT network packets processed by the TOE.

 

Failure to establish an IPsec SA.

 

Establishment/Termination of an IPsec SA.

Presumed identity of source subject.

Identity of destination subject.

Transport layer protocol, if applicable.

Source subject service identifier, if applicable.

 

The entry in the SPD that applied to the decision.

 

Reason for failure.

 

Non-TOE endpoint of connection (IP address) for both successes and failures.

FCS_RBG_EXT.1

Failure of the randomization process.

None.

FDP_IFC_EXT.1

Failure to establish exclusive tunnel.

None.

FDP_RIP.2

None.

FIA_PSK_EXT.1

Failure of the randomization process.

None.

FIA_X509_EXT.1

Failure of the X.509 certificate validation.

Reason for failure of validation.

FIA_X509_EXT.2

[if one were required] Failure of the path validation of the X.509 certificate.

Reason for failure of path validation.

FMT_SMF.1

Success or failure of function.

None.

FPT_TUD_EXT.1

Initiation of the update.

Any failure to verify the integrity of the update.

No additional information.

FTP_ITC.1

All attempts to establish a trusted channel.

Detection of modification of channel data.

Identification of the non-TOE endpoint of the channel.

Justification

See issue description.

 
 
Site Map              Contact Us              Home