Archived TD0187: NIT Technical Decision for Clarifying FIA_X509_EXT.1 test 1
NDcPP V1.0, FWcPP V1.0, ND SD v1.0, FIA_X509_EXT.1.1
The Network Interpretations Team (NIT) has issued a technical decision clarifying FIA_X509_EXT.1.1 test 1.
To align with NIT interpretation # 201629, description for FIA_X509_EXT.1.1, Test 1 is replaced with the following:
a) Test 1a: The evaluator shall load a valid chain of certificates (terminating in a trusted CA certificate) as needed to validate the certificate to be used in the function, and shall use this chain to demonstrate that the function succeeds.
Test 1b: The evaluator shall then delete one of the certificates in the chain (i.e. the root CA certificate or other intermediate certificate, but not the end-entity certificate), and show that the function fails.
For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI29.pdf
See issue description.