NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0727:  Update to FCS_COP.1/SIGN for CNSA 1.0 compliance

Publication Date
2023.03.31

Protection Profiles
PP_OS_V4.3

Other References
FCS_COP.1/SIGN

Issue Description

GPOS PP 4.3 FCS_COP.1/SIGN allows support for RSA signatures of 2048-bit and greater. If the goal is for GPOS PP 4.3 to be CNSA 1.0 compliant, the RSA minimum signature key size should be 3072-bit.

Resolution

This TD has been superseded by TD0809 on 12/8/2023 and is now archived.

 

FCS_COP.1/SIGN in Section 5.1.1 of PP_OS_4.3 is modified as follows, with strikethrough in red highlighting denoting deletion and underline in green highlighting denoting addition:

FCS_COP.1.1/SIGN

The OS shall perform [cryptographic signature services (generation and

verification)] in accordance with a specified cryptographic algorithm [selection:

- RSA schemes using cryptographic key sizes of 20483072-bit or greater

   that meet the following: FIPS PUB 186-4, "Digital Signature

   Standard (DSS)", Section 4

- ECDSA schemes using "NIST curves" P-384 and [selection: P-521, no

   other curves ] that meet the following: FIPS PUB 186-4, "Digital

Signature Standard (DSS)", Section 5

] and cryptographic key sizes [assignment: cryptographic algorithm] that meet

the following: [assignment: list of standards].

Justification

See issue description.

 
 
Site Map              Contact Us              Home