Archived TD0192: Update to FCS_STO_EXT.1 Application Note
In PP_App_v1.2, the intent of FCS_STO_EXT.1 is to encourage vendors to use platform-provided functionality, regardless of whether that functionality is provided by software or hardware. The application note will be updated to clarify the intent.
The Application note for FCS_STO_EXT.1 is updated as follows:
Application Note: This requirement ensures that persistent credentials (secret keys, PKI private keys, passwords, etc) are stored securely, and never persisted in cleartext form. Application developers are encouraged to use platform mechanisms for the secure storage of credentials. Depending on the platform that may include hardware-backed protection for credential storage. Application developers must choose a selection, or multiple selections, based on all credentials that the application stores. If not store any credentials is selected then the application must not store any credentials. If invoke the functionality provided by the platform to securely store is selected then the Application developer must closely review the AA for their platform and provide documentation indicating which platform mechanisms are used to store credentials. If implement functionality to securely store credentials is selected, then the following components must be included in the ST: FCS_COP.1(1). If other cryptographic operations are used to implement the secure storage of credentials, the corresponding requirements must be included in the ST.
See issue description.