NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0182:  NIT Technical Decision for Handling of X.509 certificates related to ssh-rsa and remote comms.

Publication Date
2017.04.10

Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0

Other References
NDcPP V1.0, FWcPP V1.0, FIA_X509_EXT.1, FIA_X509_EXT.2, FIA_X509_EXT.3

Issue Description

The Network Interpretations Team (NIT) has issued a technical decision regarding handling of X.509 certificates when ssh-rsa is used for all remote communication in NDcPP v1.0 and FW cPP v1.0.

Specifically, if all remote communication (both with remote servers and remote administrators) use SSH with "ssh-rsa" and the TOE does not use digital certificates for trusted updates then the FIA_X509_EXT.1, FIA_X509_EXT.2, FIA_X509_EXT.3 requirements are not applicable to any required services provided by the TOE. In this scenario, it does not make sense for the FIA_X509_EXT.1, FIA_X509_EXT.2, FIA_X509_EXT.3 requirements to be mandatory.

Resolution

To align with NIT interpretation # 201610, the FIA_X509_EXT SFRs are moved to Annex B and are now selection-based requirements.

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfi10.pdf

Justification

See issue description.

 
 
Site Map              Contact Us              Home