Archived TD0154: NIT Technical Decision for Versions of TOE Software in the NDcPP v1.0 and FW cPP v1.0
The Network Interpretations Team (NIT) has issued a technical decision regarding Displaying active and installed version of TOE software in NDcPP v1.0 and FW cPP v1.0
To align with NIT interpretation # 201659, FPT_TUD_EXT.1.1 shall be changed as follows:
FPT_TUD_EXT.1.1: The TSF shall provide Security Administrators the ability to query the currently executing version of the TOE firmware/software and [selection: the most recently installed version of the TOE firmware/software; no other TOE firmware/software version].
Application Note 31 shall be modified as follows:
"If a trusted update can be installed on the TOE with a delayed activation the version of both the currently executing image and the installed but inactive image must be provided. In this case the option 'the most recently installed version of the TOE firmware/software' needs to be chosen from the selection in FPT_TUD_EXT.1.1 and the TSS needs to describe how and when the inactive version becomes active. If all trusted updates become active as part of the installation process, only the currently executing version needs to be provided. In this case the option 'no other TOE firmware/software version' shall be chosen from the selection in FPT_TUD_EXT.1.1."
Wording for SD (FPT_TUD_EXT.1, TSS section):
“If a trusted update can be installed on the TOE with a delayed activation, the TSS needs to describe how and when the inactive version becomes active. The evaluator shall verify this description.”
For further information, please see the NIT interpretation at:https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfi201659.pdf
See issue description.