NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0137:  FIA_X509_EXT.2.1 - IPsec Optional Selection

Publication Date

Protection Profiles

Other References

Issue Description

During the review period of the draft ESC EP v1.0, numerous comments were submitted regarding the mandate of IPsec in the EP.  Based on these comments, IPsec was removed from the EP as a mandatory requirement and the protocol was moved as a selectable option in all other relevant requirements.


The TSF shall use X.509v3 certificates as defined by RFC 5280 to support authentication for [selection: IPsec, TLS, HTTPS, SSH, no other protocols], VVoIP endpoint registration, and [selection: code signing for system software updates, code signing for integrity verification, [assignment: other uses], no additional uses].

Application Note:  
The NDcPP requires the ST author to select the protocol(s) that certificate authentication is used for. Additional protocols may or may not be selected depending on the other functionality provided by the TSF.


IPsec should be an optional selection along with TLS, HTTPS, and SSH in FIA_X509_EXT.2.1.  IPSec was removed as a mandatory requirement and has been included as a selection in all other relevant requirements within the EP.

Site Map              Contact Us              Home