NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0137:  FIA_X509_EXT.2.1 - IPsec Optional Selection

Publication Date
2016.12.22

Protection Profiles
EP_ESC_V1.0

Other References
FIA_X509_EXT.2.1;

Issue Description

During the review period of the draft ESC EP v1.0, numerous comments were submitted regarding the mandate of IPsec in the EP.  Based on these comments, IPsec was removed from the EP as a mandatory requirement and the protocol was moved as a selectable option in all other relevant requirements.

Resolution

FIA_X509_EXT.2.1  
The TSF shall use X.509v3 certificates as defined by RFC 5280 to support authentication for [selection: IPsec, TLS, HTTPS, SSH, no other protocols], VVoIP endpoint registration, and [selection: code signing for system software updates, code signing for integrity verification, [assignment: other uses], no additional uses].

Application Note:  
The NDcPP requires the ST author to select the protocol(s) that certificate authentication is used for. Additional protocols may or may not be selected depending on the other functionality provided by the TSF.

Justification

IPsec should be an optional selection along with TLS, HTTPS, and SSH in FIA_X509_EXT.2.1.  IPSec was removed as a mandatory requirement and has been included as a selection in all other relevant requirements within the EP.

 
 
Site Map              Contact Us              Home