Archived TD0149: FPT_ITT.1.1 - Clarification of Tests
The NDcPP v1.0 does not address FPT_ITT.1 (communication between distributed TOE components). The IPS EP v2.1 adds FPT_ITT.1 to support the notion of a distributed TOE (e.g., distributed intrusion sensors).
In some cases, the TOE implements TLSS for a Web UI and TLSC w/X509 for its syslog connection. Testing is performed with the NDcPP SFRs FCS_TLSS_EXT.1, FCS_TLS_EXT.2, and the FIA_X509 requirements using those interfaces. The connection between distributed TOE devices (manager and sensors) is also protected using TLS.
The IPS EP v2.1 defines only 3 tests for FPT_ITT.1. It needs to be clear that these are the only tests that must be performed to verify the protection of the communication channel between TOE components (i.e., the FPT_ITT.1 channel).
Based on the selections made here, a conformant ST will include one or more of the FCS_IPSEC_EXT.1, FCS_HTTPS_EXT.1, FCS_SSHC_EXT.1, FCS_SSHS_EXT.1, FCS_TLSC_EXT.1, FCS_TLSC_EXT.2, FCS_TLSS_EXT.1, and FCS_TLSS_EXT.2 selection-based SFRs that are defined in the base PPs. A conformant ST will also include the optional O.TRUSTED_COMMUNICATIONS objective.
The manager/host sensor architecture is an acceptable architecture. When this architecture is used, the manager must comply with the NDcPP or FWcPP as a base, and the sensors must comply with the Application Software PP as a base. The FPT_ITT requirements apply to sensor/management communications and would only need to be tested in that context.
The three tests for FPT_ITT.1 is sufficient to test the SFR in the distributed environment.