Archived TD0184: NIT Technical Decision for Mandatory use of X.509 certificates
NDcPP V1.0, FWcPP V1.0, FIA_X509_EXT.1, FIA_X509_EXT.2, FIA_X509_EXT.3
The Network Interpretations Team (NIT) has issued a technical decision regarding Mandatory use of X.509 certificates.
To align with NIT interpretation # 201661, the following guidance is issued.
There are no SFRs in the NDcPP mandating X.509 based user authentication. Although the X.509 related extended components have been made part of the FIA class this does not imply that X.509 based user authentication is required.
Regarding the use of X.509 certificates for client/server authentication refer to the Technical Decision regarding RfI#201610.
If no protocols requiring X.509 certificates are selected for SSH, SSH does not need to use X.509. All other protocols selected for FPT_ITC.1 and FTP_TRP.1 need to support X.509 as specified in the SFRs.
For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201661.pdf
See issue description.