NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0149:  FPT_ITT.1.1 - Clarification of Tests

Publication Date

Protection Profiles

Other References

Issue Description

The NDcPP v1.0 does not address FPT_ITT.1 (communication between distributed TOE components).  The IPS EP v2.1 adds FPT_ITT.1 to support the notion of a distributed TOE (e.g., distributed intrusion sensors).  


In some cases, the TOE implements TLSS for a Web UI and TLSC w/X509 for its syslog connection.  Testing is performed with the NDcPP SFRs FCS_TLSS_EXT.1, FCS_TLS_EXT.2, and the FIA_X509 requirements using those interfaces. The connection between distributed TOE devices (manager and sensors) is also protected using TLS.

 The IPS EP v2.1 defines only 3 tests for FPT_ITT.1.  It needs to be clear that these are the only tests that must be performed to verify the protection of the communication channel between TOE components (i.e., the FPT_ITT.1 channel).



Application Note:

Based on the selections made here, a conformant ST will include one or more of the FCS_IPSEC_EXT.1, FCS_HTTPS_EXT.1, FCS_SSHC_EXT.1, FCS_SSHS_EXT.1, FCS_TLSC_EXT.1, FCS_TLSC_EXT.2, FCS_TLSS_EXT.1, and FCS_TLSS_EXT.2 selection-based SFRs that are defined in the base PPs. A conformant ST will also include the optional O.TRUSTED_COMMUNICATIONS objective.

The manager/host sensor architecture is an acceptable architecture.  When this architecture is used, the manager must comply with the NDcPP or FWcPP as a base, and the sensors must comply with the Application Software PP as a base.  The FPT_ITT requirements apply to sensor/management communications and would only need to be tested in that context.


The three tests for FPT_ITT.1 is sufficient to test the SFR in the distributed environment.

Site Map              Contact Us              Home