NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0213:  Corrections to App Note references to FCS_TLS, FCS_IPSEC, and FTP_ITC

Publication Date
2017.07.19

Protection Profiles
PP_BASE_VIRTUALIZATION_V1.0

Other References
FCS_TLSS_EXT.1, FCS_TLSS_EXT.2,

Issue Description

Application notes for FCS_TLSS_EXT.1.1, FCS_TLSS_EXT.2.1, and FCS_TLSS_EXT.2.3 have references that point to missing or incorrect elements.  FMT_SMR was removed in SV PP v1.1 but is still listed in audit table.

Resolution

Make the following corrections:

 

1.       FCS_TLSS_EXT.1.1 – change 3rd paragraph in app note to following:

 ·        (Current)If any ciphersuites are selected using ECDHE, then FCS_TLSS_EXT.1.5 is required.

·         (New)If any ciphersuites are selected using ECDHE, then FCS_TLSS_EXT.1.3 is required.

2.       FCS_TLSS_EXT.2.1 – change 3rd paragraph in app note to following:

(Current) If any ciphersuites are selected using ECDHE, then FCS_TLSS_EXT.1.5 is required.

(New) If any ciphersuites are selected using ECDHE, then FCS_TLSS_EXT.2.3 is required.

3.       FCS_TLSS_EXT.2.3 – change app note to following:

·         (Current) If the ST lists a DHE or ECDHE ciphersuite in FCS_TLSS_EXT.1.1, the ST must include the Diffie-Hellman or NIST curves selection in the requirement.  FMT_SMF.1 requires the configuration of the key agreement parameters in order to establish the security strength of the TLS connection.

·         (New) If the ST lists a DHE or ECDHE ciphersuite in FCS_TLSS_EXT.2.1, the ST must include the Diffie-Hellman or NIST curves selection in the requirement. FMT_MOF_EXT.1.2 in the selected EP addresses  the "Ability to configure the cryptographic functionality" which allows for the configuration of the key agreement parameters in order to establish the security strength of the TLS connection. 

     4. FCS_TLSS_EXT.1.3 - change app note to following:

(Current) If the ST lists a DHE or ECDHE ciphersuite in FCS_TLSS_EXT.1.1, the ST must include the Diffie-Hellman or NIST curves selection in the requirement.  FMT_SMF.1 requires the configuration of the key agreement parameters in order to establish the security strength of the TLS connection.

     (New) If the ST lists a DHE or ECDHE ciphersuite in FCS_TLSS_EXT.1.1, the ST must include the Diffie-Hellman or NIST curves selection in the requirement.  FMT_MOF_EXT.1.2 in the selected EP addresses the "Ability to configure the cryptographic functionality" which allows for the configuration of the key agreement parameters in order to establish the security strength of the TLS connection.

     5. FCS_IPSEC_EXT.1.15 - change 3rd paragraph in app note to following:

(Current) The configuration of the peer reference identifier is addressed by FMT_SMF.1.1.

(New) The configuration of the peer reference identifier is addressed by FMT_MOF_EXT.1.2 in the selected EP.

6. FTP_ITC_EXT.1.1 - in first bullet, add FCS_TLSC_EXT.2 as a selection

(Current) TLS as conforming to [selection:FCS_TLSC_EXT.1,FCS_TLSS_EXT.1,FCS_TLSS_EXT.2]

(New) TLS as conforming to [selection:FCS_TLSC_EXT.1, FCS_TLSC_EXT.2, FCS_TLSS_EXT.1, FCS_TLSS_EXT.2]

7. In Table 1: Auditable Events - remove the FMT_SMR.2 row.

8. In Table 4: Auditable Events - add the following rows for FCS_TLSC_EXT.2 and FCS_TLSS_EXT.1:

Requirement

Auditable Events

Additional Audit Record Contents

FCS_TLSC_EXT.2

Failure to establish a TLS Session.
Establishment/Termination of a TLS session.

 Reason for failure.
Non-TOE endpoint of connection (IP address).

FCS_TLSS_EXT.1

Failure to establish a TLS Session.
Establishment/Termination of a TLS session.

 Reason for failure.
Non-TOE endpoint of connection (IP address).

 

 

4. 

 

4

 

Justification

Corrections made to ensure references in app notes pointed to correct SFR elements.  In some cases, the elements referred to were not in the PP.  An SFR in the audit table was removed since the SFR was no longer in the PP after an earlier revision.   

 
 
Site Map              Contact Us              Home