NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0423:  NIT Technical Decision for Clarification about application of RfI#201726rev2

Publication Date

Protection Profiles

Other References
ND SD V2.0E, FW SD V2.0E, ND SD V2.1

Issue Description

The NIT has issued a technical decision for Clarification about application of RfI#201726rev2


The use of ‘endpoint’ and ‘external IT entities’ terms in RFI201726rev2 were not intended to restrict the statements applicability to machine-to-machine connections. The RfI explicitly refers to the requirements for TLS Servers. A TLS Server is expected to be capable of authenticating itself to external IT entities using X.509 certificates – independently whether mutual authentication is supported (FCS_TLSS_EXT.2) or not (FCS_TLSS_EXT.1) and independently whether the communication takes place over a trusted channel, a trusted path or Inter-TOE communication (distributed TOEs). Therefore a TLS Server shall also be capable of generating Certificate Requests which implies that FIA_X509_EXT.3 needs to be claimed.

The following paragraph shall be added to the general text for chapter B3.1.3 (NDcPPv2.0e, FWcPPv2.0e)/B.4.1.3 (NDcPPv2.1)

This element must be included in the ST if X.509 certificates are used as part of FTP_ITC.1, FTP_TRP.1/Admin, or FPT_ITT.1 where the TOE authenticating itself to external IT entities, administrators, or distributed components.

For further information, please see the NIT interpretation at:


See issue description

Site Map              Contact Us              Home