NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0122:  FMT_SMF.1.1 Assignments moved to Selections

Publication Date
2016.11.04

Protection Profiles
PP_APP_SWFE_EP_v1.0, PP_APP_v1.2

Other References
FMT_SMF.1.1, PP_APP_SWFE_EP_V1.0, PP_APP_v1.2

Issue Description

The selection and assigment in FMT_SMF.1.1 seem incorrect in the intent of the requirement.

Resolution

The FMT_SMF.1.1 SFR within the SWFE EP v1.0 is modified as follows:


FMT_SMF.1.1:

The TSF shall be capable of performing the following management functions:
[selection:
no other function;
configure password/passphrase complexity setting;
configure cyrptographic functionatily;
change password/passphrase authentication credential;
disable key recovery functionality;
[assignment:  other management functions provided by the TSF]
].

As the Application Software PP already includes FMT_SMF.1, the ST author should combine the selections (and assignment, if performed) with those in the FMT_SMF.1 requirement in the Application Software PP to form a single FMT_SMF.1 SFR in the ST. The intent of this requirement is to express the management capabilities that may be included in the TOE. Several common options are given:
•    If password or passphrase authorization factors are implemented by the TOE, then the appropriate “change” selection must be included, along with FIA_FCT_EXT.1(2) from Appendix C.
•    If the TOE provides for a password/passphrase complexity setting, then “configure password/passphrase complexity setting” will be included, and the specifics of the functionality offered can either be written from the requirement as bullets points, or included in the TSS.
•    If the TOE provides configurability of the cryptographic functions (for example, key size of the FEK)—even if the configuration is the form of parameters that may be passed to cryptographic functionality implement on the TOE platform--then “configure cryptographic functionality” will be included, and the specifics of the functionality offered can either be written in this requirement as bullet points, or included in the TSS.
•    If the TOE does include a key recovery function, the TOE must provide the capability for the user to turn this functionality off so that no recovery key is generated and no keys are permitted to be exported.
•    If “other management functions” are assigned, a validation authority must be consulted to ensure the assurance activities and other functionality requirements that may be needed are appropriately specified so that the ST can claim conformance to this EP.

The Assurance Activites remain the same.

Justification

The assignments for "no other function; configure password/passphrase complexity setting; configure cryptographic functionality" were meant to be additional selection items, and only other management functions provided by the TSF is meant to be within the assignment operation.

TD HAS BEEN ARCHIVED. SEE TD221 FOR UPDATES.

 
 
Site Map              Contact Us              Home