NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0520:  VPN Gateway SFR Rationale

Publication Date
2020.06.19

Protection Profiles
MOD_VPNGW_v1.0

Other References
Sections 5.3 and 5.4

Issue Description

To comply with CC, the PP needs to include an SFR Rationale.

Resolution

 

The current Section 5.3 TOE Security Assurance Requirements is changed to Section 5.4 TOE Security Assurance Requirements.

A new Section 5.3 is added as follows:

Section 5.3 TOE Security Requirements Rationale

 

The following rationale provides justification for each security objective for the TOE, showing that the SFRs are suitable to meet and achieve the security objectives:

Table  SFR-Objective Rationale

Objective

Addressed By

Rationale

O.ADDRESS_FILTERING

FPF_RUL_EXT.1

This SFR supports the objective by requiring the TSF to filter network traffic based on network address information.

FTA_VCM_EXT.1 (optional)

This SFR supports the objective by optionally allowing the TOE to assign a private IP address to a VPN client so that traffic bound for an alternative address can be flagged as invalid.

O.AUTHENTICATION

FCS_IPSEC_EXT.1 (refined from Base-PP)

This SFR supports the objective by requiring the TOE to implement the IPsec protocol as a method of authenticating external entities.

FIA_X509_EXT.1/Rev (from Base-PP)

This SFR supports the objective by requiring the TOE to implement X.509 validation functions so that it can authenticate remote entities that assert their identity using X.509 certificates.

FIA_X509_EXT.2 (refined from Base-PP)

This SFR supports the objective by requiring the TOE to implement X.509 authentication functions so that it can authenticate remote entities that assert their identity using X.509 certificates.

FIA_X509_EXT.3 (from Base-PP)

This SFR supports the objective by requiring the TOE to have the ability to generate a certificate request so that it can be issued an X.509 certificate that allows the TSF to offer proof of its own authenticity to external entities.

FTP_ITC.1/VPN

This SFR supports the objective by requiring the TOE to use an IPsec trusted channel to communicate with external entities so that these entities may be authenticated.

FTA_SSL.3/VPN (optional)

This SFR supports the objective by optionally allowing the TSF to terminate inactive VPN sessions so that an unattended session cannot be used to bypass authentication mechanisms.

FTA_TSE.1 (optional)

This SFR supports the objective by optionally defining alternative mechanisms to determine the validity of a subject to reject unauthorized or impersonated authentication attempts.

FIA_PSK_EXT.1 (selection-based)

This SFR supports the objective by defining requirements for the use of pre-shared keys for IPsec authentication when the TOE supports this authentication method.

O.CRYPTOGRAPHIC_FUNCTIONS

FCS_COP.1/DataEncryption (refined from Base-PP)

This SFR supports the objective by requiring the TOE to implement AES in a specified manner.

FCS_IPSEC_EXT.1 (refined from Base-PP)

This SFR supports the objective by requiring the TOE to implement the IPsec protocol in a specified manner.

FCS_CKM.1/IKE

This SFR supports the objective by requiring the TOE to generate cryptographic keys used for IKE in a specified manner.

FIA_PSK_EXT.1 (selection-based)

This SFR supports the objective by requiring the TOE to generate pre-shared keys used for IPsec in a specified manner if the TSF supports this authentication mechanism.

O.FAIL_SECURE

FPT_TST_EXT.1 (refined from Base-PP)

This SFR supports the objective by requiring the TOE to execute self-tests that allow the TSF to determine if it is in a failed state.

FPT_TUD_EXT.1 (refined from Base-PP)

This SFR supports the objective by requiring the TOE to validate software updates before applying them to reduce the risk of the TOE entering a failed state.

FPT_FLS.1/SelfTest

This SFR supports the objective by requiring the TOE to preserve a secure state if a self-test failure is detected.

FPT_TST_EXT.3

This SFR supports the objective by requiring the TOE to verify the integrity of its executable code to ensure that it will operate in a known state.

O.PORT_FILTERING

FPF_RUL_EXT.1

This SFR supports the objective by requiring the TSF to filter network traffic based on port information.

O.SYSTEM_MONITORING

FAU_GEN.1 (refined from Base-PP)

This SFR supports the objective by specifying the auditable events required by the TOE, which includes auditing of VPN behavior.

FPF_RUL_EXT.1

This SFR supports the objective by requiring the TOE to have the ability to log network traffic that matches certain characteristics.

O.TOE_ADMINISTRATION

FMT_MTD.1/CryptoKeys (refined from Base-PP)

This SFR supports the objective by requiring the TOE to implement a key management function and ensure that only authorized users can use it.

FMT_SMF.1 (refined from Base-PP)

This SFR supports the objective by refining the Base-PP requirement to mandate the inclusion of certain optional management functions that are needed to support VPN gateway functionality. It also specifies the management functions required specifically for VPN gateway functionality.

 

Justification

See issue description.

 
 
Site Map              Contact Us              Home