FTP_ITC_EXT.1 does not allow ST authors to choose the channels of communication to which FTP_ITC.1 is applicable when communicating with external IT entities.

FTP_ITC_EXT.1.1 will be changed as follows:

The TSF shall use [selection:

•     TLS as conforming to [selection: FCS_TLSC_EXT.1, FCS_TLSC_EXT.2, FCS_TLSS_EXT.1, FCS_TLSS_EXT.2],
•     TLS/HTTPS as conforming to FCS_HTTPS_EXT.1,
•     IPsec as conforming to FCS_IPSEC_EXT.1,
•     SSH as conforming to the Extended Package for Secure Shell]

to provide a trusted communication channel between itself and:

•     audit servers (as required by FAU_STG_EXT.1), and
•     [selection:
• remote administrators (as required by FTP_TRP.1.1 if selected in FMT_MOF_EXT.1.1 in the selected EP),
• separation of management and operational networks (if selected in FMT_SMO_EXT.1),
• [assignment: other capabilities],
• no other capabilities]

that is logically distinct from other communication paths and provides assured identification of its endpoints and protection of the communicated data from disclosure and detection of modification of the communicated data.

See issue description.