NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0438:  TST and TUD on the MDM Agent

Publication Date

Protection Profiles

Other References

Issue Description

Table 1 in the MDM PP v4.0 serves to qualify the requirements so that the MDM requirements only apply in certain cases.  Of note, FPT_TST_EXT.1 and FPT_TUD_EXT.1 must be fulfilled by ALL components.

FPT_TST_EXT.1 and FPT_TUD_EXT.1 were previously omitted from the MDM Agent EP since they cannot be usually practically met by an Agent operating as an app inside a mobile phone.  In particular it is unclear how an Agent/App might checks its own integrity before executing and it is also unclear how an agent/app might checks its signature prior to being installed.  It is also unclear why an agent should be required to be able to query the MDM server version and present that information to the administrator.


The following modifications are made to the MDM PP v4.0:

Section 3.2, Table 1: Entry for FPT_TST_EXT.1 is changed to the following:

FPT_TST_EXT.1             Functionality Testing               All (except for Agent components)

Section 6.2.6, FPT_TST_EXT.1 Functionality Testing: The wording of the Application Note is modified as follows:

Application Note: While the TOE is typically a software package running in the IT
Environment, it is still capable of performing the self-test activities required above. It should
be understood, however, that there is a significant dependency on the host environment in
assessing the assurance provided by the tests mentioned above (meaning that if the host
environment is compromised, the self-tests will not be meaningful).

For distributed TOEs all TOE components (except the Agent components) have to perform self-tests. This does not
necessarily mean that each TOE component has to carry out the same self-tests: the ST
describes the applicability of the selection (i.e. when self-tests are run) and the final
assignment (i.e. which self-tests are carried out) to each TOE component.

Section 6.2.6, FPT_TUD_EXT.1 Trusted Update: The wording of FPT_TUD_EXT.1.1 is modified as follows:

FPT_TUD_EXT.1.1 The TSF shall provide Authorized Administrators the ability to query the current version of the MDM Server software.

Application Note: For a distributed TOE, the method of determining the installed versions on each component of the TOE is described in the operational guidance. In the requirement, "software" refers to the component of the distributed TOE to which the requirement is being applied.


See issue description.

Site Map              Contact Us              Home