NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0685:  BT missing multiple SFR-to-Obj mappings

Publication Date
2022.12.14

Protection Profiles
MOD_BT_V1.0

Other References
Section 4.1 & 5.4

Issue Description

The PP-Configuration for GPOS-BT_V1.0 allows OSPP v4.2.1 and MOD_BT_v1.0 to be combined. OSPP and the PP-Configuration require ASE_REQ.2, but BT v1.0 is missing multiple SFR-to-Objective mappings and rationale needed to satisfy ASE_REQ.2. Specifically, BT v1.0 is missing mappings and rationale for:
    FAU_GEN.1/BT
    FCS_CKM_EXT.8
    FIA_BLT_EXT.7
    FMT_MOF_EXT.1/BT
    FMT_SMF_EXT.1/BT
    FTP_BLT_EXT.3/BR
    FTP_BLT_EXT.3/LE

In addition, the PP-Configuration for MDF-BT-V1.0 allows MDF 3.2 and MOD_BT_v1.0 to be combined. The PP-Configuration will be updated to require ASE_REQ.2; therefore, SFR-to-Objective mappings and rationale are needed for it as well.

Resolution

Section 4.1 in MOD_BT_V1.0 is updated as follows, with underlines denoting additions:

This PP-Module defines no additional TOE security objectives beyond those defined in the base PPs. Note

however that the SFRs defined in this PP-Module will assist in the achievement of the following objectives

defined in the base PP:

 

O.ACCOUNTABILITY

O.MANAGEMENT

O.PROTECTED_COMMS

See MDF PP, Section 4.1 and GPOS PP, Section 4.1.

 

O.CONFIG

O.INTEGRITY

O.PROTECTED_COMMS

 

See MDF PP, Section 4.1.

Section 5.4, Table 3 in MOD_BT_V1.0 is updated as follows, with underlines denoting additions:

 

OBJECTIVE

ADDRESSED

BY

RATIONALE

O.ACCOUNTABILITY

(GPOS PP only)

FAU_GEN.1/BT

FAU_GEN.1/BT supports the objective by requiring the TSF to specify the Bluetooth-related auditable events for which it will generate audit records.

O.MANAGEMENT

(GPOS PP only)

FMT_MOF_EXT.1/BT

FMT_MOF_EXT.1/BT supports the objective by restricting the ability to perform Blue-tooth-related management functions to the Administrator.

 

FMT_SMF_EXT.1/BT

FMT_SMF_EXT.1/BT supports the objective by specifying the Bluetooth-related management functions that the TSF must perform.

O.CONFIG

(MDF PP only)

FMT_MOF_EXT.1/BT

FMT_MOF_EXT.1/BT supports the objective by restricting the ability to perform Blue-tooth-related management functions to the Administrator.

 

FMT_SMF_EXT.1/BT

FMT_SMF_EXT.1/BT supports the objective by specifying the Bluetooth-related management functions that the TSF must perform.

O.INTEGRITY

(MDF PP only)

FAU_GEN.1/BT

FAU_GEN.1/BT supports the objective by requiring the TSF to specify the Bluetooth-related auditable events for which it will generate audit records.

O.PROTECTED_COMMS

FCS_CKM_EXT.8

FCS_CKM_EXT.8 supports the objective by requiring the TSF to specify how ECDH key pairs will be refreshed.

 

FIA_BLT_EXT.1

FIA_BLT_EXT.1 supports the objective by ensuring that Bluetooth communications are not initiated without user approval.

 

FIA_BLT_EXT.2

FIA_BLT_EXT.2 supports the objective by requiring the TSF to implement Bluetooth mutual authentication.

 

FIA_BLT_EXT.3

FIA_BLT_EXT.3 supports the objective by preventing Bluetooth

spoofing by rejecting connections with duplicate device

addresses.

 

FIA_BLT_EXT.4

FIA_BLT_EXT.4 supports the objective by defining the TSF's

implementation of Bluetooth Secure Simple Pairing.

 

FIA_BLT_EXT.5

FIA_BLT_EXT.5 supports the objective by requiring the TSF to

support Secure Connections Only mode for the supported

Bluetooth communication channels.

 

FIA_BLT_EXT.6

FIA_BLT_EXT.6 supports the objective by requiring the TSF to

specify the Bluetooth profiles that it requires explicit user

authorization to grant access to for trusted devices.

 

FIA_BLT_EXT.7

FIA_BLT_EXT.7 supports the objective by requiring the TSF to specify the Bluetooth profiles that it requires explicit user authorization to grant access to for untrusted devices.

 

FTP_BLT_EXT.1

FTP_BLT_EXT.1 supports the objective by requiring the TSF to

implement encryption to protect Bluetooth communications.

 

FTP_BLT_EXT.2

FTP_BLT_EXT.2 supports the objective by requiring the TSF to

prevent data transmission over Bluetooth if the paired device

is not using encryption.

 

FTP_BLT_EXT.3/BR

FTP_BLT_EXT.3/BR support the objective by requiring the TSF to implement a minimum encryption key size for Bluetooth BR/EDR.

 

FTP_BLT_EXT.3/LE

(selection-based)

FTP_BLT_EXT.3/LE support the objective by requiring the TSF to implement a minimum encryption key size for Bluetooth LE.
Justification

See issue description.

 
 
Site Map              Contact Us              Home