Archived
TD0300: Sensitive Data in FDP_DAR_EXT.1
Publication Date
2018.03.16
Protection Profiles
PP_APP_v1.2
Other References
FDP_DAR_EXT.1
Issue Description
In section 1.2.2 Technology Terms, Sensitive Data is defined, and a statement made that "Sensitive data shall be identified in the application’s TSS by the ST author." However, the FDP_DAR_EXT.1 requirement (which addresses the protection of sensitive data) and its Assurance Activities currently do not require the TSS to identify the sensitive data. Resolution
Updated 04/05/2018: moved "The evaluator shall examine the TSS to ensure that it describes the sensitive data processed by the application. The evaluator shall then ensure that the following activities cover all of the sensitive data identified in the TSS. Assurance activities (after the identification of the sensitive data) are to be performed on all sensitive data listed that are not covered by FCS_STO_EXT.1." to the beginning of the Assurance Activity as it was intended.
FDP_DAR_EXT.1 Encryption Of Sensitive Application Data is modified as follows:The application shall [selection: leverage platform-provided functionality to encrypt sensitive data, implement functionality to encrypt sensitive data, protect sensitive data in accordance with FCS_STO_EXT.1 not store any sensitive data ] in non-volatile memory. Application Note: If implement functionality to encrypt sensitive data is selected, then evaluation is required against the Application Software Protection Profile Extended Package: File Encryption.
Any file that may potentially contain sensitive data (to include temporary files) shall be protected. The only exception is if the user intentionally exports the sensitive data to non-protected files. ST authors should select "protect sensitive data in accordance with FCS_STO_EXT.1" for the sensitive data that are covered by the FCS_STO_EXT.1
The evaluator shall examine the TSS to ensure that it describes the sensitive data processed by the application. The evaluator shall then ensure that the following activities cover all of the sensitive data identified in the TSS. Assurance activities (after the identification of the sensitive data) are to be performed on all sensitive data listed that are not covered by FCS_STO_EXT.1.
The evaluator shall inventory the filesystem locations where the application may write data. The evaluator shall run the application and attempt to store sensitive data. The evaluator shall then inspect those areas of the filesystem to note where data was stored (if any), and determine whether it has been encrypted. If not store any sensitive data is selected, the evaluator shall inspect the TSS and ensure that it describes how sensitive data cannot be written to non-volatile memory. The evaluator shall also ensure that this is consistent with the filesystem test above. If implement functionality to encrypt sensitive data is selected, then evaluation is required against the Application Software Protection Profile Extended Package: File Encryption. The evaluator shall ensure that such evaluation is underway. If leverage platform-provided functionality is selected, the evaluation activities will be performed as stated in the following requirements, which vary on a per-platform basis:
For BlackBerry: The evaluator shall inspect the TSS and ensure that it describes how the application uses the Advanced Data at Rest Protection API and how the application uses the appropriate domain to store and protect each data file.
For Android: The evaluator shall inspect the TSS and verify that it describes how files containing sensitive data are stored with the
MODE_PRIVATE flag set.For Windows: The Windows platform currently does not provide data-at-rest encryption services which depend upon invocation by application developers. The evaluator shall verify that the Operational User Guidance makes the need to activate platform encryption, such as BitLocker or Encrypting File System (EFS), clear to the end user.
For iOS: The evaluator shall inspect the TSS and ensure that it describes how the application uses the Complete Protection, Protected Unless Open, or Protected Until First User Authentication Data Protection Class for each data file stored locally.
For Linux: The Linux platform currently does not provide data-at-rest encryption services which depend upon invocation by application developers. The evaluator shall verify that the Operational User Guidance makes the need to activate platform encryption clear to the end user.
For Solaris: The Solaris platform currently does not provide data-at-rest encryption services which depend upon invocation by application developers. The evaluator shall verify that the Operational User Guidance makes the need to activate platform encryption clear to the end user.
For Mac OS X: The Mac OS X platform currently does not provide data-at-rest encryption services which depend upon invocation by application developers. The evaluator shall verify that the Operational User Guidance makes the need to activate platform encryption clear to the end user.
Justification
Ensures requirement defined in glossary fits SFR. |