NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0212:  FCS_HTTPS_EXT.1.3 - TLS Mutual Authentication Update

Publication Date
2017.09.21

Protection Profiles
PP_MDM_V2.0, PP_MDM_V3.0

Other References
FCS_HTTPS_EXT.1.3

Issue Description

FCS_HTTPS_EXT.1.3 in MDM PP v2.0 and v3.0 may improperly imply that clients must always authenticate to the MDM Server's TLS server using TLS client certificate authentication. Authentication of remote administrators is often implemented using password-based authentication over HTTPS rather than using a TLS client certificate

Resolution

Exclude FCS_HTTPS_EXT.1.3 from MDM PP v2.0 and v3.0.

Justification

TLS client certificate authentication is not required for remote administration. TLS client certificate authentication is required for MDM Agents connecting to the MDM Server after initial enrollment, but FCS_TLSS_EXT.1.3 and FCS_TLSS_EXT.1.4 already suffice to ensure that MDM Server implementations support client certificate authentication.

 
 
Site Map              Contact Us              Home