NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0486:  Removal of PP-Module for VPN Clients from allowed with list

Publication Date
2019.12.17

Protection Profiles
PP_APP_v1.3

Other References
Section 2, FDP_DAR_EXT.1

Issue Description

The PP for Application Software, Version 1.3 no longer allows for a PP-Configuration that includes the VPN Client PP-Module.  Only PP-Module for File Encryption, Version 1.0 and PP-Module for File Encryption Enterprise Mangement, Version 1.0 are allowed to be specified in a PP-Configuration with the App PPv1.3 at this time.

Resolution

 

 

This TD supersedes TD0471.

The text for 2 Conformance Claims is replaced as follows:

 

An ST must claim exact conformance to this PP, as defined in the CC and CEM addenda for Exact Conformance, Selection-Based SFRs, and Optional SFRs (dated May 2017).

 

This PP is conformant to Parts 2 (extended) and 3 (extended) of Common Criteria Version 3.1, Revision 5.

 

This PP does not claim conformance to any other Protection Profile.

 

The following PPs and PP-Modules are allowed to be specified in a PP-Configuration with this PP.

 

                PP-Module for File Encryption, Version 1.0

 

                PP-Module for File Encryption Enterprise Management, Version 1.0 

 

This PP is TLS Package Version 1.1 Conformant.

 

 

 

FDP_DAR_EXT.1 in Section 5.2.1 is updated as follows:

 

FDP_DAR_EXT.1 Encryption Of Sensitive Application Data

 

FDP_DAR_EXT.1.1 The application shall [selection:

 

·         leverage platform-provided functionality to encrypt sensitive data,

 

·         implement functionality to encrypt sensitive data as defined in the PP-Module for File Encryption,

 

·         protect sensitive data in accordance with FCS_STO_EXT.1,

 

·         not store any sensitive data

 

] in non-volatile memory.

 

Application Note: If "implement functionality to encrypt sensitive data as defined in the PP-Module for File Encryption " is selected, the TSF must claim conformance to a PP-Configuration that includes the File Encryption PP-Module.

 

Any file that may potentially contain sensitive data (to include temporary files) shall be protected. The only exception is if the user intentionally exports the sensitive data to non-protected files. ST authors should select protect sensitive data in accordance with FCS_STO_EXT.1 for the sensitive data that is covered by the FCS_STO_EXT.1 SFR.

 

The evaluation activity remains unchanged.

Justification

See issue description and TD0485.

 
 
Site Map              Contact Us              Home