Archived TD0449: NIT Technical Decision for Identification of usage of cryptographic schemes
FCS_CKM.2, ND SD v2.1
The NIT has issued a technical decision for Identification of usage of cryptographic schemes
The TSS guidance shall be modified as the following.
The evaluator shall ensure that the supported key establishment schemes correspond to the key generation schemes identified in FCS_CKM.1.1. If the ST specifies more than one scheme, the evaluator shall examine the TSS to verify that it identifies the usage for each scheme. It is sufficient to provide the scheme, SFR, and service in the TSS.
If Diffie-Hellman group 14 is selected from FCS_CKM.2.1, the TSS shall claim the TOE meets RFC 3526 Section 3.
The intent of this activity is to be able to identify the scheme being used by each service. This would mean, for example, one way to document scheme usage could be:
The information provided in the example above does not necessarily have to be included as a table but can be presented in other ways as long as the necessary data is available.
For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRFI201904.pdf
See issue description