Archived
TD0482: NIT Technical Decision for Identification of usage of cryptographic schemes
This TD supersedes TD 449 and TD 448
The TSS guidance shall be modified as the following.
The evaluator shall ensure that the supported key establishment schemes correspond to the key generation schemes identified in FCS_CKM.1.1. If the ST specifies more than one scheme, the evaluator shall examine the TSS to verify that it identifies the usage for each scheme. It is sufficient to provide the scheme, SFR, and service in the TSS.
If Diffie-Hellman group 14 is selected from FCS_CKM.2.1, the TSS shall affirm that the TOE implements RFC 3526 Section 3.
The intent of this activity is to be able to identify the scheme being used by each service. This would mean, for example, one way to document scheme usage could be:
|
Scheme
|
SFR
|
Service
|
|
RSA
|
FCS_TLSS_EXT.1
|
Administration
|
|
ECDH
|
FCS_SSHC_EXT.1
|
Audit Server
|
|
Diffie- Hellman (Group 14)
|
FCS_SSHC_EXT.1
|
Backup Server
|
|
ECDH
|
FCS_IPSEC_EXT.1
|
Authentication Server
|
The information provided in the example above does not necessarily have to be included as a table but can be presented in other ways as long as the necessary data is available.
For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRFI201904rev3.pdf
