TD0649: Conformance claims for OS PP v4.2.1
Section 2, FDP_IFC_EXT.1, FIA_UAU.5.1, FTP_ITC_EXT.1.1,
The Extended Package for Secure Shell (SSH) has sunset and been replaced with the Functional Package for Secure Shell (SSH). Additionally, the VPN Client PP-Module that was added to the conformance claims in TD0496 has subsequently been sunset and replaced with two newer versions, and a PP-Module for Bluetooth has been created that a GPOS TOE is permitted to include in its conformance claims. TD0496 is replaced by this TD, and TD0600 will be updated to remove the GPOS portions.
This TD supercedes TD0496.
GPOS v4.2.1 is updated as follows:
Section 2 Conformance Claims is replaced as follows:
An ST must claim exact conformance to this PP, as defined in the CC and CEM addenda for Exact Conformance, Selection-Based SFRs, and Optional SFRs (dated May 2017).
PP-Module for VPN Client, Version 2.3
PP-Module for VPN Client, Version 2.4
PP-Module for Bluetooth, Version 1.0
This PP is SSH Package Version 1.0 Conformant
FIA_UAU.5.1 is updated as follows, with strikethroughs denoting deletions and highlight denoting additions:
FIA_UAU.5.1 The OS shall provide the following authentication mechanisms: [selection:
· authentication based on user name and password,
· authentication based on user name and a PIN that releases an asymmetric key stored in OE-protected storage,
· authentication based on X.509 certificates,
· for use in SSH only, SSH public key-based authentication as specified by the EPFunctional Package for Secure Shell,
] to support user authentication.
Application Note: The "for use in SSH only, SSH public key-based authentication as specified by the EPFunctional Package for Secure Shell" selection can only be included, and must be included, if FTP_ITC_EXT.1.1 selects "SSH as conforming to the EPFunctional Package for Secure Shell."
FTP_ITC_EXT.1.1 is updated as follows, with strikethroughs denoting deletions and highlight denoting additions:
FTP_ITC_EXT.1.1 The OS shall use [selection:
· TLS as conforming to FCS_TLSC_EXT.1,
· DTLS as conforming to FCS_DTLS_EXT.1,
· IPsec as conforming to the EPPP-Module for IPsec VPN Clients,
· SSH as conforming to the EPFunctional Package for Secure Shell
] to provide a trusted communication channel between itself and authorized IT entities supporting the following capabilities: [selection: audit server, authentication server, management server, [assignment: other capabilities]] that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detection of modification of the channel data.
Application Note: If the ST author selects IPsec, the TSF must be validated against the EPPP-Module for
The Application Note for FDP_IFC_EXT.1.1 is updated as follows, with strikethroughs denoting deletions and highlight denoting additions:
Application Note: Typically, the traffic required to establish the VPN connection is referred to as "Control Plane" traffic, whereas the IP traffic protected by the IPsec VPN is referred to as "Data Plane" traffic. All Data Plane traffic must flow through the VPN connection and the VPN must not split-tunnel.
If no native IPsec client is validated or third-party VPN clients may also implement the required Information Flow Control, the first option shallmust be selected. In these cases, the TOE provides an API to third-party VPN clients that allows them to configure the TOE's network stack to perform the required Information Flow Control.
The ST author shallmust select the second option if the TSF implements a native VPN client (IPsec is selected in FTP_ITC_EXT.1). If the native VPN client is to be validated (IPsec is selected in FTP_ITC_EXT.1 and the TSF is validated against the EPPP-Module for Virtual Private Network (VPN) Clients), the ST author shallmust also include FDP_IFC_EXT.1 from this package. In the future, this requirement may also make a distinction between the current requirement (which requires that when the IPsec trusted channel is enabled, all traffic from the TSF is routed through that channel) and having an option to force the establishment of an IPsec trusted channel to allow any communication by the TSF.
See issue description.