NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0187:  NIT Technical Decision for Clarifying FIA_X509_EXT.1 test 1

Publication Date

Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0

Other References
NDcPP V1.0, FWcPP V1.0, ND SD v1.0, FIA_X509_EXT.1.1

Issue Description

The Network Interpretations Team (NIT) has issued a technical decision  clarifying FIA_X509_EXT.1.1 test 1.


To align with NIT interpretation # 201629, description for FIA_X509_EXT.1.1, Test 1 is replaced with the following:

a) Test 1a: The evaluator shall load a valid chain of certificates (terminating in a trusted CA certificate) as needed to validate the certificate to be used in the function, and shall use this chain to demonstrate that the function succeeds.

Test 1b: The evaluator shall then delete one of the certificates in the chain (i.e. the root CA certificate or other intermediate certificate, but not the end-entity certificate), and show that the function fails.  

For further information, please see the NIT interpretation at:


See issue description.

Site Map              Contact Us              Home