NIAP: View Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0192:  Update to FCS_STO_EXT.1 Application Note
Publication Date
  04/11/2017
References
PP_APP_v1.2, FCS_STO_EXT.1
Issue Description

In PP_App_v1.2, the intent of FCS_STO_EXT.1 is to encourage vendors to use platform-provided functionality, regardless of whether that functionality is provided by software or hardware. The application note will be updated to clarify the intent.

Resolution

 PP_APP_v1.2

The Application note for FCS_STO_EXT.1 is updated as follows:

 

Application Note: This requirement ensures that persistent credentials (secret keys, PKI private keys, passwords, etc) are stored securely, and never persisted in cleartext form. Application developers are encouraged to use platform mechanisms for the secure storage of credentials. Depending on the platform that may include hardware-backed protection for credential storage. Application developers must choose a selection, or multiple selections, based on all credentials that the application stores. If not store any credentials is selected then the application must not store any credentials. If invoke the functionality provided by the platform to securely store is selected then the Application developer must closely review the AA for their platform and provide documentation indicating which platform mechanisms are used to store credentials. If implement functionality to securely store credentials is selected, then the following components must be included in the STFCS_COP.1(1). If other cryptographic operations are used to implement the secure storage of credentials, the corresponding requirements must be included in the ST.

Justification

See issue description.



 
Site Map              Contact Us              Home