NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0187:  NIT Technical Decision for Clarifying FIA_X509_EXT.1 test 1

Publication Date
2017.04.10

Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0

Other References
NDcPP V1.0, FWcPP V1.0, ND SD v1.0, FIA_X509_EXT.1.1

Issue Description

The Network Interpretations Team (NIT) has issued a technical decision  clarifying FIA_X509_EXT.1.1 test 1.

Resolution

To align with NIT interpretation # 201629, description for FIA_X509_EXT.1.1, Test 1 is replaced with the following:

a) Test 1a: The evaluator shall load a valid chain of certificates (terminating in a trusted CA certificate) as needed to validate the certificate to be used in the function, and shall use this chain to demonstrate that the function succeeds.

Test 1b: The evaluator shall then delete one of the certificates in the chain (i.e. the root CA certificate or other intermediate certificate, but not the end-entity certificate), and show that the function fails.  

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI29.pdf

Justification

See issue description.

 
 
Site Map              Contact Us              Home