Archived TD0291: NIT technical decision for DH14 and FCS_CKM.1
CPP_FW_V1.0, CPP_FW_v2.0, CPP_FW_V2.0E, CPP_ND_V1.0, CPP_ND_V2.0, CPP_ND_V2.0E
FCS_CKM.1.1, ND SD V1.0, ND SD V2.0
The Network Interpretations Team (NIT) has issued a technical decision regarding DH14 and FCS_CKM.1.
Updated 3/7/2018 to include FWcPP 1.0 and FWcPP 2.0.
To align with NIT interpretation #201723rev2 the following changes shall be implemented:
FCS_CKM.1.1 The TSF shall generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm: [selection:
· RSA schemes using cryptographic key sizes of 2048-bit or greater that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.3;
· ECC schemes using “NIST curves” [selection: P-256, P-384, P-521] that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4;
· FFC schemes using cryptographic key sizes of 2048-bit or greater that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.1
· FFC Schemes using Diffie-Hellman group 14 that meet the following: RFC 3526, Section 3
For the test activities for FCS_CKM.1.1 in the supporting document the following text shall be added:
"Testing for FFC Schemes using Diffie-Hellman group 14 is done as part of testing in CKM.2.1."
Note that for ND SD V1.0 RfI#201702b needs to be applied as well.
For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfi201723rev2.pdf.
See issue description.