NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0212:  FCS_HTTPS_EXT.1.3 - TLS Mutual Authentication Update

Publication Date

Protection Profiles
PP_MDM_V2.0, PP_MDM_V3.0

Other References

Issue Description

FCS_HTTPS_EXT.1.3 in MDM PP v2.0 and v3.0 may improperly imply that clients must always authenticate to the MDM Server's TLS server using TLS client certificate authentication. Authentication of remote administrators is often implemented using password-based authentication over HTTPS rather than using a TLS client certificate


Exclude FCS_HTTPS_EXT.1.3 from MDM PP v2.0 and v3.0.


TLS client certificate authentication is not required for remote administration. TLS client certificate authentication is required for MDM Agents connecting to the MDM Server after initial enrollment, but FCS_TLSS_EXT.1.3 and FCS_TLSS_EXT.1.4 already suffice to ensure that MDM Server implementations support client certificate authentication.

Site Map              Contact Us              Home