NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0449:  NIT Technical Decision for Identification of usage of cryptographic schemes

Publication Date
2019.09.16

Protection Profiles
CPP_ND_V2.1

Other References
FCS_CKM.2, ND SD v2.1

Issue Description

The NIT has issued a technical decision for Identification of usage of cryptographic schemes

Resolution

The TSS guidance shall be modified as the following.

The evaluator shall ensure that the supported key establishment schemes correspond to the key generation schemes identified in FCS_CKM.1.1. If the ST specifies more than one scheme, the evaluator shall examine the TSS to verify that it identifies the usage for each scheme. It is sufficient to provide the scheme, SFR, and service in the TSS.

If Diffie-Hellman group 14 is selected from FCS_CKM.2.1, the TSS shall claim the TOE meets RFC 3526 Section 3.

The intent of this activity is to be able to identify the scheme being used by each service. This would mean, for example, one way to document scheme usage could be:

 

Scheme

SFR

Service

RSA

FCS_TLSS_EXT.1

Administration

ECDH

FCS_SSHC_EXT.1

Audit Server

Diffie- Hellman (Group 14)

FCS_SSHC_EXT.1

Backup Server

ECDH

FCS_IPSEC_EXT.1

Authentication Server

 

The information provided in the example above does not necessarily have to be included as a table but can be presented in other ways as long as the necessary data is available.

 

 

 

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRFI201904.pdf

 

Justification

See issue description

 
 
Site Map              Contact Us              Home