NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0200:  NIT Technical Decision for Password authentication for SSH clients

Publication Date
2017.05.01

Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0

Other References
ND SD v1.0, FCS_SSHC_EXT.1.2

Issue Description

The NIT has issued a Technical Decision for password authentication for SSH clients.

Resolution

To align with NIT interpretation # 201612rev2, FCS_SSHC_EXT.1.2 shall therefore be modified as follows:

FCS_SSHC_EXT.1.2 The TSF shall ensure that the SSH protocol implementation supports the following authentication methods as described in RFC 4252: public key-based, [selection: password-based, no other method].

The TSS section in the Supporting Document for FCS_SSHC_EXT.1.2 shall be replaced by the following:

The evaluator shall check to ensure that the TSS contains a description of the public key algorithms that are acceptable for use for authentication and that this list conforms to FCS_SSHC_EXT.1.5. and ensure that if password-based authentication methods have been selected in the ST then these are also described.

Test 1 in the Tests section in the Supporting Document for FCS_SSHC_EXT.1.2 remains unchanged.

Test 2 in the Tests section in the Supporting Document for FCS_SSHC_EXT.1.2 shall be replaced by the following:

Test 2: This test is only applicable if password-based authentication has been selected in FCS_SSHC_EXT.1.2 in the ST. Otherwise this test shall be omitted. Using the guidance documentation, the evaluator shall configure the TOE to perform password-based authentication to an SSH server, and demonstrate that a user can be successfully authenticated by the TOE to an SSH server using a password as an authenticator.

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201612rev2.pdf

Justification

See issue description.

 
 
Site Map              Contact Us              Home