NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0312:  FIT Technical Decision for Key and Key Material Protection

Publication Date
2018.04.17

Protection Profiles
CPP_FDE_AA_V2.0, CPP_FDE_EE_V2.0

Other References
FPT_KYP_EXT.1.1

Issue Description

The FIT has issued a Technical Decision for Key and Key Material Protection.

Resolution

The FPT_KYP_EXT.1.1 in the FDE EE cPP requirement is modified as follows:

FPT_KYP_EXT.1.1 The TSF shall [selection:

  • not store keys in non-volatile memory
  • only store keys in non-volatile memory when wrapped, as specified in FCS_COP.1(d) or encrypted, as specified in FCS_COP.1(g) or FCS_COP.1(e)
  • only store plaintext keys that meet any one of the following criteria [selection:
    • The plaintext key is not part of the key chain as specified in FCS_KYC_EXT.2,
    • The plaintext key will no longer provide access to the encrypted data after initial provisioning,
    • The plaintext key is a key split that is combined as specified in FCS_SMC_EXT.1, and the other half of the key split is [selection:
      • wrapped as specified in FCS_COP.1(d),
      • encrypted as specified in FCS_COP.1(g) or FCS_COP.1(e),
      • derived and not stored in non-volatile memory].
    • The non-volatile memory the key is stored on is located in an external storage device for use as an authorization factor,
    • The plaintext key is [selection:
      • used to wrap a key as specified in FCS_COP.1(d),
      • used to encrypt a key as specified in FCS_COP.1(g) or FCS_COP.1(e)]

      that is already [selection:

        • wrapped as specified in FCS_COP.1(d),
        • encrypted as specified in FCS_COP.1(g) or FCS_COP.1(e)]]].

The FPT_KYP_EXT.1.1 in the FDE AA cPP requirement is modified as follows:

FPT_KYP_EXT.1.1 The TSF shall [selection:

 

  • not store keys in non-volatile memory
  • only store keys in non-volatile memory when wrapped, as specified in FCS_COP.1(d) or encrypted, as specified in FCS_COP.1(g) or FCS_COP.1(e)
  • only store plaintext keys that meet any one of the following criteria [selection:
    • The plaintext key is not part of the key chain as specified in FCS_KYC_EXT.1,
    • The plaintext key will no longer provide access to the encrypted data after initial provisioning,
    • The plaintext key is a key split that is combined as specified in FCS_SMC_EXT.1, and the other half of the key split is [selection:
      • wrapped as specified in FCS_COP.1(d),
      • encrypted as specified in FCS_COP.1(g) or FCS_COP.1(e),
      • derived and not stored in non-volatile memory].
    • The non-volatile memory the key is stored on is located in an external storage device for use as an authorization factor,
    • The plaintext key is [selection:
      • used to wrap a key as specified in FCS_COP.1(d),
      • used to encrypt a key as specified in FCS_COP.1(g) or FCS_COP.1(e)]

     that is already [selection:

        • wrapped as specified in FCS_COP.1(d),
        • encrypted as specified in FCS_COP.1(g) or FCS_COP.1(e)]]].

For further information, please see the FIT interpretation here: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/FITDecision201804.pdf

Justification

See issue description.

 
 
Site Map              Contact Us              Home