NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0319:  Updates to FMT_SMF.1 in VPN Gateway EP

Publication Date
2018.04.23

Protection Profiles
EP_VPN_GW_V2.1

Other References
FMT_SMF.1

Issue Description

FMT_SMF.1.1 in the VPN Gateway EP does not account for the changes made in NDcPP2.0E and FWcPP2.0E.

Resolution

1.       In Section 5.1.3, FMT_SMF.1 is replaced as follows:

FMT_SMF.1 Specification of Management Functions

FMT_SMF.1.1                    The TSF shall be capable of performing the following management functions:

·         Ability to administer the TOE locally and remotely;

·         Ability to configure the access banner;

·         Ability to configure the session inactivity time before session termination or locking;

·         Ability to update the TOE, and to verify the updates using digital signature and [selection: hash comparison, no other] capability prior to installing those updates;

·         Ability to configure the authentication failure parameters for FIA_AFL.1;

·         Ability to configure the cryptographic functionality;

·         Ability to configure the lifetime for IPsec SAs;

·         Ability to import X.509v3 certificates;

·         Ability to enable, disable, determine and modify the behavior of all the security functions of the TOE identified in this EP to the Administrator;

·         Ability to configure all security management functions identified in other sections of this EP;

[selection:

o   Ability to configure audit behavior;

o   Ability to configure the list of TOE-provided services available before an entity is identified and authenticated, as specified in FIA_UIA_EXT.1;

o   Ability to configure thresholds for SSH rekeying;

o   Ability to configure the interaction between TOE components;

o   Ability to re-enable an Administrator account;

o   Ability to set time which is used for time-stamps;

o   Ability to configure the reference identifier for the peer;

o   No other capabilities].

Application Note:            In addition to defining some new management functions that are specific to VPN Gateway products, this PP-Module mandates the inclusion of selections that are already in the NDcPP that relate to this functionality.

 

2.        In Section 5.2.1, FMT_SMF.1 is replaced as follows:

FMT_SMF.1 Specification of Management Functions

FMT_SMF.1.1                    The TSF shall be capable of performing the following management functions:

·         Ability to administer the TOE locally and remotely;

·         Ability to configure the access banner;

·         Ability to configure the session inactivity time before session termination or locking;

·         Ability to update the TOE, and to verify the updates using digital signature and [selection: hash comparison, no other] capability prior to installing those updates;

·         Ability to configure the authentication failure parameters for FIA_AFL.1;

·         Ability to configure firewall rules;

·         Ability to configure the cryptographic functionality;

·         Ability to configure the lifetime for IPsec SAs;

·         Ability to import X.509v3 certificates;

·         Ability to enable, disable, determine and modify the behavior of all the security functions of the TOE identified in this EP to the Administrator;

·         Ability to configure all security management functions identified in other sections of this EP;

[selection:

o   Ability to configure audit behavior;

o   Ability to configure the list of TOE-provided services available before an entity is identified and authenticated, as specified in FIA_UIA_EXT.1;

o   Ability to configure thresholds for SSH rekeying;

o   Ability to configure the interaction between TOE components;

o   Ability to re-enable an Administrator account;

o   Ability to set the time which is used for time-stamps;

o   Ability to configure the reference identifier for the peer;

o   No other capabilities].

Application Note:            In order to prevent redundancy, an ST claiming conformance to this PP-Module should not select “Ability to configure the cryptographic functionality” as defined in the FWcPP when completing FMT_SMF.1 since it is already mandated by this PP-Module.

 

The following assurance activity is to be performed in addition to the assurance activities specified by the NDcPP Supporting Documents for this SFR.

Assurance Activity

TSS

The evaluator shall verify that the TSS describes how the traffic filter rules for VPN traffic can be configured. Note that this activity can be addressed in parallel with the TSS assurance activities for FPF_RUL_EXT.1.

Guidance

The evaluator shall verify that the operational guidance describes how to configure the traffic filter rules, including how to set any configurable defaults and how to configure each of the applicable rule attributes, actions, and associated interfaces. The evaluator must ensure that the operational guidance also provides instruction that would allow an administrator to ensure that configured rules are properly ordered. Note that this activity should have been addressed with the Guidance assurance activities for FPF_RUL_EXT.1.

Test

The evaluator shall devise tests that demonstrate that the functions used to configure the TSF yield expected changes in the rules and that they are correctly enforced. A number of rule combination and ordering scenarios need to be configured and tested by attempting to pass both valid and invalid network traffic through the TOE. Note that this activity should have been addressed with a combination of the Test assurance activities for FPF_RUL_EXT.1

 

Justification

See issue description. This TD supersedes TD0179.

 
 
Site Map              Contact Us              Home