The NDcPP v1.0 does not address FPT_ITT.1 (communication between distributed TOE components).  The IPS EP v2.1 adds FPT_ITT.1 to support the notion of a distributed TOE (e.g., distributed intrusion sensors).  

In some cases, the TOE implements TLSS for a Web UI and TLSC w/X509 for its syslog connection.  Testing is performed with the NDcPP SFRs FCS_TLSS_EXT.1, FCS_TLS_EXT.2, and the FIA_X509 requirements using those interfaces. The connection between distributed TOE devices (manager and sensors) is also protected using TLS.

 The IPS EP v2.1 defines only 3 tests for FPT_ITT.1.  It needs to be clear that these are the only tests that must be performed to verify the protection of the communication channel between TOE components (i.e., the FPT_ITT.1 channel).

FPT_ITT.1.1

Application Note:

Based on the selections made here, a conformant ST will include one or more of the FCS_IPSEC_EXT.1, FCS_HTTPS_EXT.1, FCS_SSHC_EXT.1, FCS_SSHS_EXT.1, FCS_TLSC_EXT.1, FCS_TLSC_EXT.2, FCS_TLSS_EXT.1, and FCS_TLSS_EXT.2 selection-based SFRs that are defined in the base PPs. A conformant ST will also include the optional O.TRUSTED_COMMUNICATIONS objective.

The manager/host sensor architecture is an acceptable architecture.  When this architecture is used, the manager must comply with the NDcPP or FWcPP as a base, and the sensors must comply with the Application Software PP as a base.  The FPT_ITT requirements apply to sensor/management communications and would only need to be tested in that context.

The three tests for FPT_ITT.1 is sufficient to test the SFR in the distributed environment.