NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0632:  NIT Technical Decision for Consistency with Time Data for vNDs

Publication Date
2022.03.21

Protection Profiles
CPP_ND_V2.2E

Other References
ND SD2.2, FPT_STM_EXT.1.2

Issue Description

The NIT has issued a technical decision consistency with Time Data for vNDs.

Resolution

FTP_STM_EXT.1.2 shall be modified as follows:

FPT_STM_EXT.1.2 The TSF shall [selection: allow the Security Administrator to set the time, synchronise time with an NTP server, obtain time from the underlying virtualization system].

Application Note 35 paragraph 3 shall be modified as follows:

For a Case 1 vND, the virtualization system can be used as an external time source. For a Case 2 vND, the virtualization system is part of the TOE, so the time must be set by a security administrator or synchronized with an NTP server.

The following shall be appended to the TSS requirements for FPT_STM_EXT.1:

If “obtain time from the underlying virtualization system” is selected, the evaluator shall examine the TSS to ensure that it identifies the VS interface the TOE uses to obtain time. If there is a delay between updates to the time on the VS and updating the time on the TOE, the TSS shall identify the maximum possible delay. 

The following shall be appended to the Guidance Documentation requirements for FPT_STM_EXT.1:

If the TOE supports obtaining time from the underlying VS, the evaluator shall verify the Guidance Documentation specifies any configuration steps necessary. If no configuration is necessary, no statement is necessary in the Guidance Documentation. If there is a delay between updates to the time on the VS and updating the time on the TOE, the evaluator shall ensure the Guidance Documentation informs the administrator of the maximum possible delay.

The following test shall be added for FPT_STM_EXT.1:

c) Test 3: [conditional] If the TOE obtains time from the underlying VS, the evaluator shall record the time on the TOE, modify the time on the underlying VS, and verify the modified time is reflected by the TOE. If there is a delay between the setting the time on the VS and when the time is reflected on the TOE, the evaluator shall ensure this delay is consistent with the TSS and Guidance.

For further information, please see NIT Interpretation at:  https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRFI202117.pdf

Justification

See issue description.

 
 
Site Map              Contact Us              Home