NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0727:  Update to FCS_COP.1/SIGN for CNSA 1.0 compliance

Publication Date

Protection Profiles

Other References

Issue Description

GPOS PP 4.3 FCS_COP.1/SIGN allows support for RSA signatures of 2048-bit and greater. If the goal is for GPOS PP 4.3 to be CNSA 1.0 compliant, the RSA minimum signature key size should be 3072-bit.


FCS_COP.1/SIGN in Section 5.1.1 of PP_OS_4.3 is modified as follows, with strikethrough in red highlighting denoting deletion and underline in green highlighting denoting addition:


The OS shall perform [cryptographic signature services (generation and

verification)] in accordance with a specified cryptographic algorithm [selection:

- RSA schemes using cryptographic key sizes of 20483072-bit or greater

   that meet the following: FIPS PUB 186-4, "Digital Signature

   Standard (DSS)", Section 4

- ECDSA schemes using "NIST curves" P-384 and [selection: P-521, no

   other curves ] that meet the following: FIPS PUB 186-4, "Digital

Signature Standard (DSS)", Section 5

] and cryptographic key sizes [assignment: cryptographic algorithm] that meet

the following: [assignment: list of standards].


See issue description.

Site Map              Contact Us              Home