TD0438: TST and TUD on the MDM Agent
Table 1 in the MDM PP v4.0 serves to qualify the requirements so that the MDM requirements only apply in certain cases. Of note, FPT_TST_EXT.1 and FPT_TUD_EXT.1 must be fulfilled by ALL components.
FPT_TST_EXT.1 and FPT_TUD_EXT.1 were previously omitted from the MDM Agent EP since they cannot be usually practically met by an Agent operating as an app inside a mobile phone. In particular it is unclear how an Agent/App might checks its own integrity before executing and it is also unclear how an agent/app might checks its signature prior to being installed. It is also unclear why an agent should be required to be able to query the MDM server version and present that information to the administrator.
The following modifications are made to the MDM PP v4.0:
Section 3.2, Table 1: Entry for FPT_TST_EXT.1 is changed to the following:
FPT_TST_EXT.1 Functionality Testing All (except for Agent components)
Section 6.2.6, FPT_TST_EXT.1 Functionality Testing: The wording of the Application Note is modified as follows:
Application Note: While the TOE is typically a software package running in the IT
For distributed TOEs all TOE components (except the Agent components) have to perform self-tests. This does not
Section 6.2.6, FPT_TUD_EXT.1 Trusted Update: The wording of FPT_TUD_EXT.1.1 is modified as follows:
FPT_TUD_EXT.1.1 The TSF shall provide Authorized Administrators the ability to query the current version of the MDM Server software.
Application Note: For a distributed TOE, the method of determining the installed versions on each component of the TOE is described in the operational guidance. In the requirement, "software" refers to the component of the distributed TOE to which the requirement is being applied.
See issue description.