Archived TD0317: FMT_MOF.1/Services and FMT_MTD.1/CryptoKeys
FMT_MOF.1/AdminAct and FMT_MTD.1/AdminAct no longer exist in NDcPPv2.0. VPN GW 2.1 mandates them.
FMT_MOF.1/AdminAct and FMT_MTD.1/AdminAct were replaced in NDcPP 2.0 and replaced with FMT_MOF.1/Services and FMT_MTD.1/CryptoKeys. As a result the following modifications are made to VPN GW V2.1 EP.
O.TOE_ADMINISTRATION, in Secton 4.1 is modified as follows:
Compliant TOEs will provide the functions necessary for an administrator to configure the packet filtering rules, as well as the cryptographic aspects of the IPsec protocol that are enforced by the TOE.
Addressed by: FIA_AFL.1, FMT_MOF.1/Services, FMT_MTD.1/CryptoKeys, FMT_SMF.1
FMT_MOF.1/AdminAct, in Section 5.1.3, is replaced with FMT_MOF.1/Services as follows:
FMT_MOF.1/Services Management of Security Functions Behavior
This SFR is defined in the NDcPP as optional but is mandated for inclusion in this EP. Note that while the text of the SFR is unchanged from its definition in the NDcPP, its inclusion in an ST that is conformant with this EP means that “TOE Security Functions” should be understood to include the functionality specified in this EP as well as any relevant functionality that is defined by the base PP.
FMT_MTD.1/AdminAct, in Section 5.1.3, is replaced with FMT_MTD.1/CryptoKeys as follows:
FMT_MTD.1/CryptoKeys Management of TSF Data
FMT_MTD.1.1/CryptoKeys The TSF shall restrict the ability to manage the cryptographic keys and certificates used for VPN operation to Security Administrators.
Application Note: This SFR is defined in the NDcPP as optional is mandated for inclusion in this EP. Note also that it is refined to refer specifically to keys and certificates used for VPN operation.
FMT_MOF.1/AdminAct and FMT_MTD.1/AdminAct were replaced in NDcPP 2.0 and replaced with FMT_MOF.1/Services and FMT_MTD.1/CryptoKeys.