Archived TD0360: AD Server configuration in FMT_MOF_EXT.1
EP_CV_V1.0, EP_SV_V1.0, PP_BASE_VIRTUALIZATION_V1.0
If a TOE does not require directory services for operation in the evaluated configuration, the ability to configure name/address of directory server to bind with should not be mandatory for an administrator in FMT_MOF_EXT.1.2 [Table 1, line 17].
FMT_MOF_EXT.1.2 is modified as follows in both the Extended Package for Server Virtualization (EP_SV_V1.0) and the Extended Package Client Virtualization (EP_CV_V1.0):
In Table 1, for Function 17:
In Administrator column, change the “X” to “S”.
In the Notes column, add “Must be selected if "directory-based" is selected anywhere in FIA_UAU.5.1 in the Base Virtualization PP."
FIA_UAU.5.1 is modified as follows in the Virtualization PP (PP_BASE_VIRTUALIZATION_V1.0):
FIA_UAU.5.1 The TSF shall provide the following authentication mechanisms: [selection:
- [selection: local, directory-based] authentication based on username and password,
- authentication based on username and a PIN that releases an asymmetric key stored in OE-protected storage,
- [selection: local, directory-based] authentication based on X.509 certificates,
- [selection: local, directory-based] authentication based on an SSH public key credential]
to support Administrator authentication.
The application note and assurance activities remain unchanged.
See issue description.