NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0208:  Remote Users in OSPP

Publication Date
2017.06.09

Protection Profiles
PP_OS_V4.1

Other References
FTP_TRP.1.1

Issue Description

FTP_TRP.1.1 implies that the TOE support remote users but does not account for implementations where no unprotected traffic is sent to remote users.  The intent is to ensure ANY remote admiinstrative actions are protected.

Resolution

FTP_TRP.1 in PP_OS_V4.1  is replaced as follows:

FTP_TRP.1.1

The OS shall provide a communication path between itself and [selection: remote, local] users that is logically distinct from other communication paths and provides assured identification of its endpoints and protection of the communicated data from modification and disclosure.

The application note is replaced as follows:

Application Note: This requirement ensures that all remote administrative actions are protected. Authorized remote administrators must initiate all communication with the OS via a trusted path and all communication with the OS by remote administrators must be performed over this path. The data passed in this trusted communication channel is encrypted as defined in FTP_ITC_EXT.1.  If local users access is selected and no unprotected traffic is sent to remote users, then this requirement is met.  If remote users access is selected, the ST author must include the security functional requirements for the trusted channel protocol selected in FTP_ITC_EXT.1 in the main body of the ST.  The assurance activities for this requirement also test requirements FTP_TRP.1.1 and FTP_TRP.1.2.

Justification

There was no intention to create an implicit requirement that the TOE support remote users.

 
 
Site Map              Contact Us              Home