NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0056:  Revision to FCS_RBG_EXT.1 Requirement in VPN GW EP v1.1

Publication Date
2015.08.03

Protection Profiles
PP_ND_VPN_GW_EP_v1.1

Other References
PP_ND_VPN_GW_EP_v1.1

Issue Description

The FCS_RBG_EXT.1 SFR in the VPN GW EP v1.1 requires at least one hardware source of entropy.  Other instances of this requirement allow for a selection of either a hardware or software noise source.  For consistency with the other current PPs and EPs (including the cPPs), modification of FCS_RBG_EXT.1 is needed to allow either type of noise source.

Resolution

The requirement is being revised to allow for a hardware or software based noise source. The revised requirement is below.

 

4.2.1.4 FCS_RBG_EXT.1 Extended: Cryptographic operation (Random Bit Generation)

FCS_RBG_EXT.1.1 The TSF shall perform all random bit generation (RBG) services in accordance with [selection, choose one of: NIST Special Publication 800-90 using [selection: Hash_DRBG (any), HMAC_DRBG (any), CTR_DRBG (AES), Dual_EC_DRBG (any)]; FIPS Pub 140-2 Appendix C; X9.31 Appendix 2.4 using AES] seeded by an entropy source that accumulates entropy from [selection: [assignment: number] TSF hardware based noise source(s), [assignment: number] TSF software-based noise source(s),].

Application Note: This EP allows the ST Author to choose whether the noise source is software based or hardware based.

Regardless of the noise source selected, sufficient entropy must be obtained as defined in FCS_RBG_EXT.1.2.

Justification

The FCS_RBG_EXT.1 requirement is being revised to allow for the selevction of one or more hardware or software based noise sources for consistency with other PPs and EPs.

 
 
Site Map              Contact Us              Home