NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0234:  Appendix H - TLS Mapping Table

Publication Date
2017.09.08

Protection Profiles
PP_MDM_V2.0, PP_MDM_V3.0

Other References
Annex H

Issue Description

Currently, if TLS is selected in any of the mandatory SFRs, then FCS_TLSS_EXT.1.1 – 1.6 (contained in Appendix B) shall be included in the ST. There are application notes for FCS_TLSS_EXT.1 that state that specific SFRs are only required for communications between the server and agent post enrollment. However, it's unclear which elements from FCS_TLSS_EXT.1 shall be included in the ST depending on which SFR TLS is selected from.  Note that FCS_TLSS_EXT.1.7-1.9 are objective SFRs and will remain objective.

Resolution

For MDM v3.0:

H.  TLS Mapping Table

SFR TLS is selected from

FCS_TLSS_EXT.1 elements that shall be included in the ST

FTP_ITC.1.1(1)

FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.3

FCS_TLSS_EXT.1.4

FCS_TLSS_EXT.1.5

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

 

FTP_TRP.1.1(1)

FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

 

FTP_TRP.1.1(2)

FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

 

FPT_ITT.1.1

FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.3

FCS_TLSS_EXT.1.4

FCS_TLSS_EXT.1.5

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

FTP_ITC.1.1(2)

FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.3

FCS_TLSS_EXT.1.4

FCS_TLSS_EXT.1.5

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

FTP_ITC.1.1(3)

FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.3

FCS_TLSS_EXT.1.4

FCS_TLSS_EXT.1.5

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

FAU_CRP_EXT.1.1

FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.3

FCS_TLSS_EXT.1.4

FCS_TLSS_EXT.1.5

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

 

For MDM v2.0:

H.  TLS Mapping Table

SFR TLS is selected from in MDM v2.0

FCS_TLSS_EXT.1 elements that shall be included in the ST

FAU_STG_EXT.1.1(1)

 FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.3

FCS_TLSS_EXT.1.4

FCS_TLSS_EXT.1.5

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

FTP_ITC.1.1(1)

FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.3

FCS_TLSS_EXT.1.4

FCS_TLSS_EXT.1.5

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

FTP_TRP.1.1(1)

FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

FTP_TRP.1.1(2)

FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

FPT_ITT.1.1(1)

FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.3

FCS_TLSS_EXT.1.4

FCS_TLSS_EXT.1.5

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

FPT_ITT.1.1(2)

FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.3

FCS_TLSS_EXT.1.4

FCS_TLSS_EXT.1.5

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

FPT_ITT.1.1(3)

FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.3

FCS_TLSS_EXT.1.4

FCS_TLSS_EXT.1.5

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

FTP_ITC.1.1(2)

FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.3

FCS_TLSS_EXT.1.4

FCS_TLSS_EXT.1.5

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

FTP_ITC.1.1(3)

FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.3

FCS_TLSS_EXT.1.4

FCS_TLSS_EXT.1.5

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

FAU_STG_EXT.1.1(2)

FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.3

FCS_TLSS_EXT.1.4

FCS_TLSS_EXT.1.5

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

FAU_CRP_EXT.1.1

FCS_TLSS_EXT.1.1

FCS_TLSS_EXT.1.2

FCS_TLSS_EXT.1.3

FCS_TLSS_EXT.1.4

FCS_TLSS_EXT.1.5

FCS_TLSS_EXT.1.6 (if ECDHE cipher suites are selected in 1.1)

Justification

Provides clarity for when the TLS protocol is selected.

 
 
Site Map              Contact Us              Home