NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0207:  Audit generation of ephemeral keys

Publication Date

Protection Profiles

Other References

Issue Description

FCS_CKM.1 is written with no distinction made between ephemeral and static keys and therefore FAU_GEN.1 requires the audit of both. However, it is not the intent to require audit of the generation of ephemeral keys.


Section B.9, Auditable Events, the entries for FCS_CKM.1(1) and FCS_CKM.1(2) in Table 6 are modified as follows:


All occurrences of non-ephemeral and [selection: ephemeral, no other] key generation for TOE related functions.

Success:  public keys generated




All occurrences of non-ephemeral and [selection: ephemeral, no other] key generation for TOE related functions.

Success: public keys generated






Section B.2, Internal Audit Requirements, the TSS and Guidance activities in FAU_GEN.1 are modified as follows:



The evaluator shall ensure that the TSS describes every audit event type mandated by the PP and that the description of the fields contains the information required in FAU_GEN.1.2, and the additional information specified in Tables 4 through 6, depending on the characterization of the SFR associated with the particular event as mandatory, optional, or selection-based.

The evaluator shall also describe all cases where the generation of ephemeral key pairs is not audited for FCS_CKM.1.


The evaluator shall examine the operational guidance to ensure that it describes the audit mechanism, lists all of the auditable events and provides a format for audit records. Each audit record format type must be covered, along with a brief description of each field.

The evaluator shall also make a determination of the administrative actions that are relevant in the context of this PP. The evaluator shall examine the operational guidance and make a determination of which administrative commands, including subcommands, scripts, and configuration files, are related to the configuration (including enabling or disabling) of the mechanisms implemented in the TOE that are necessary to enforce the requirements specified in the PP. The evaluator shall document the methodology or approach taken while determining which actions in the operational guidance are security relevant with respect to this PP. The evaluator may perform this activity as part of the activities associated with ensuring the operational guidance satisfies the requirements in accordance with AGD_OPE.

The evaluator shall check that audit review tools are described in the operational guidance and conform to the requirements of FAU_SAR.1.

When the Operational Environment is selected in FAU_GEN.1.1 or FAU_GEN.1.2, the evaluator shall examine the operational guidance to ensure the configuration of the Operational Environment necessary to generate the required elements, and instructions on how to examine the various audit records is provided.


See issue description.

Site Map              Contact Us              Home