NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0113:  NIT Technical Decision for testing and trusted updates in the NDcPP v1.0 and FW cPP v1.0

Publication Date
2016.10.06

Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0

Other References
FPT_TUD_EXT.1

Issue Description

The Network Interpretations Team (NIT) has issued a technical decision regarding testing and trusted updates in the NDcPP v1.0 and FW cPP v1.0.

Resolution

To align with the NIT interpretation #27, NIAP supports the interpretation written below.  For further information, please see the NIT interpretation at:

https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI27.pdf.

 

RFI#26 explicitly disallows automatic installation for an update that solely uses published hashes.

The lab and vendor should work to determine an appropriate testing strategy that demonstrates the TOE’s conformance to FPT_TUD_EXT.1. If operational behavior can be demonstrated in a non-production environment, that is sufficient.

Justification

See Issue Description.

 
 
Site Map              Contact Us              Home