NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0423:  NIT Technical Decision for Clarification about application of RfI#201726rev2

Publication Date
2019.05.31

Protection Profiles
CPP_FW_V2.0E, CPP_ND_V2.0E, CPP_ND_V2.1

Other References
ND SD V2.0E, FW SD V2.0E, ND SD V2.1

Issue Description

The NIT has issued a technical decision for Clarification about application of RfI#201726rev2

Resolution

The use of ‘endpoint’ and ‘external IT entities’ terms in RFI201726rev2 were not intended to restrict the statements applicability to machine-to-machine connections. The RfI explicitly refers to the requirements for TLS Servers. A TLS Server is expected to be capable of authenticating itself to external IT entities using X.509 certificates – independently whether mutual authentication is supported (FCS_TLSS_EXT.2) or not (FCS_TLSS_EXT.1) and independently whether the communication takes place over a trusted channel, a trusted path or Inter-TOE communication (distributed TOEs). Therefore a TLS Server shall also be capable of generating Certificate Requests which implies that FIA_X509_EXT.3 needs to be claimed.


The following paragraph shall be added to the general text for chapter B3.1.3 (NDcPPv2.0e, FWcPPv2.0e)/B.4.1.3 (NDcPPv2.1)

This element must be included in the ST if X.509 certificates are used as part of FTP_ITC.1, FTP_TRP.1/Admin, or FPT_ITT.1 where the TOE authenticating itself to external IT entities, administrators, or distributed components.

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201840.pdf

Justification

See issue description

 
 
Site Map              Contact Us              Home