NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0591:  NIT Technical Decision for Virtual TOEs and hypervisors

Publication Date
2021.05.21

Protection Profiles
CPP_ND_V2.2E

Other References
A.LIMITED_FUNCTIONALITY, ACRONYMS

Issue Description

The NIT has issued a technical decision for Virtual TOEs and hypervisors.

Resolution

NDcPPv2.2e Section 1.2 describes two cases applicable to evaluating virtual TOEs. In Case 1 the virtual TOE is represented by the vND alone. In Case 2 the virtual TOE evaluated as a pND (physical network device), where the VS (virtualization system) is considered part of the TOE. The restriction on allowing other guest VMs is only applicable to Case 2.

To further clarify this point, the following changes shall be made:

The second paragraph of A.LIMITED_FUNCTIONALITY is replaced as follows:

If a virtual TOE evaluated as a pND, following Case 2 vNDs as specified in Section 1.2, the VS is considered part of the TOE with only one vND instance for each physical hardware platform. The exception being where components of a distributed TOE run inside more than one virtual machine (VM) on a single VS. In Case 2 vND, no non-TOE guest VMs are allowed on the platform.

In the Acronyms section of NDcPP, the entry for TSF shall be replaced as follows:

TOE Security Functionality

TSF = TOE for pND or Case 1 vND according to section 1.2

TSF = TOE + VS for Case 2 vND (vND evaluated as a pND) according to section 1.2

For further information, please see NIT Interpreation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRFI202100.pdf

Justification

See issue description. 

 
 
Site Map              Contact Us              Home