If a TOE does not require directory services for operation in the evaluated configuration, the ability to configure name/address of directory server to bind with should not be mandatory for an administrator in FMT_MOF_EXT.1.2 [Table 1, line 17].

FMT_MOF_EXT.1.2 is modified as follows in both the Extended Package for Server Virtualization (EP_SV_V1.0) and the Extended Package Client Virtualization (EP_CV_V1.0):

In Table 1, for Function 17:

In Administrator column, change the “X” to “S”.

In the Notes column, add “Must be selected if "directory-based" is selected anywhere in FIA_UAU.5.1 in the Base Virtualization PP."

FIA_UAU.5.1 is modified as follows in the Virtualization PP (PP_BASE_VIRTUALIZATION_V1.0):

FIA_UAU.5.1                      The TSF shall provide the following authentication mechanisms: [selection:

-    [selection: local, directory-based] authentication based on username and password,

-   authentication based on username and a PIN that releases an asymmetric key stored in OE-protected storage,

-    [selection: local, directory-based] authentication based on X.509 certificates,

-    [selection: local, directory-based] authentication based on an SSH public key credential]

to support Administrator authentication.

The application note and assurance activities remain unchanged.

See issue description.