NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0180:  Update to audit of FDP_DAR_EXT.1

Publication Date
2017.04.10

Protection Profiles
PP_MD_v3.0

Other References
FDP_DAR_EXT.1, FAU_GEN.1.2

Issue Description

PP_MD_v3.0 requires auditing of FDP_DAR_EXT.1 for failure to encrypt/decrypt data. However if the TOE utilizes whole volume encryption for protected memory, it is not feasible to audit when the encryption/decryption fails. This requirement should be selected if the TOE utilizes file-based encryption for protected data and audits when this encryption/decryption fails.

Resolution

 

 

 

FAU_GEN.1.2 is modified as follows:

 

Modify the Table 1 Application Note as follows:

 

Table 1 Application Note: FPT_TST_EXT.1 – Audit of self-tests is required only at initial start-up. Since the TOE “transitions to non-operational mode” upon failure of a self-test, per FPT_NOT_EXT.1, this is considered equivalent evidence to an audit record for the failure of a self-test.

 

FDP_DAR_EXT.1 "None" shall be selected, if the TOE utilizes whole volume encryption for protected memory, since it is not feasible to audit when the encryption/decryption fails. If the TOE utilizes file-based encryption for protected data and audits when this encryption/decryption fails, then that auditable event shall be selected

 

 

Modify the FDP_DAR_EXT.1 requirement in Table 1 as follows:

 

 

             Requirement

 

 

           Auditable Events

 

 

Additional Audit Record Contents

 

        FDP_DAR_EXT.1

[selection: Failure to encrypt/decrypt data, None].  

No additional information.   

 

Justification

 

See issue description.

 
 
Site Map              Contact Us              Home