NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0184:  NIT Technical Decision for Mandatory use of X.509 certificates

Publication Date

Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0

Other References
NDcPP V1.0, FWcPP V1.0, FIA_X509_EXT.1, FIA_X509_EXT.2, FIA_X509_EXT.3

Issue Description

The Network Interpretations Team (NIT) has issued a technical decision regarding Mandatory use of X.509 certificates.


To align with NIT interpretation # 201661, the following guidance is issued.

There are no SFRs in the NDcPP mandating X.509 based user authentication. Although the X.509 related extended components have been made part of the FIA class this does not imply that X.509 based user authentication is required.

Regarding the use of X.509 certificates for client/server authentication refer to the Technical Decision regarding RfI#201610.

If no protocols requiring X.509 certificates are selected for SSH, SSH does not need to use X.509. All other protocols selected for FPT_ITC.1 and FTP_TRP.1 need to support X.509 as specified in the SFRs.

For further information, please see the NIT interpretation at:


See issue description.

Site Map              Contact Us              Home