NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0401:  NIT Technical Decision for Reliance on external servers to meet SFRs

Publication Date
2019.02.24

Protection Profiles
CPP_ND_V2.0E, CPP_ND_V2.1

Other References
FTP_ITC.1

Issue Description

The NIT issued a technical decision for reliance on external servers to meet SFRs.

Resolution

Updated 3/13/2019 to also apply to NDcPP V2.1

 

The NDcPP does not allow for an Authentication Server to satisfy any FIA requirements.

The TOE shall be capable of independently implementing all TSF, including FIA requirements, without relying on external IT entities. For example, the TOE is expected to be able to maintain the system clock without having to synchronize it with an external NTP server. This way, if the external NTP server becomes unavailable, the TOE can still maintain time. Another example: the TOE is expected to be able to maintain a local user database, allowing local administrators to log in without reliance on external authentication components. This way, if an external authentication server becomes unavailable, the TOE can still be accessed by local administrators.

This does not preclude secure integration with an external IT server to duplicate some of the existing TSF functionality. The TOE may optionally integrate with an external authentication server that in turn enforces its own distinct password complexity and authentication failure lockout policies. In such cases, there is no expectation that the TOE would impose or enforce its own policies on external IT entities.

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201823.pdf

Justification

A TOE must meet all the applicable SFRs in the cPP.

 
 
Site Map              Contact Us              Home