NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0360:  AD Server configuration in FMT_MOF_EXT.1

Publication Date
2018.09.28

Protection Profiles
EP_CV_V1.0, EP_SV_V1.0, PP_BASE_VIRTUALIZATION_V1.0

Other References
FMT_MOF_EXT.1.2, FIA_UAU.5.1

Issue Description

If a TOE does not require directory services for operation in the evaluated configuration, the ability to configure name/address of directory server to bind with should not be mandatory for an administrator in FMT_MOF_EXT.1.2 [Table 1, line 17].

Resolution

FMT_MOF_EXT.1.2 is modified as follows in both the Extended Package for Server Virtualization (EP_SV_V1.0) and the Extended Package Client Virtualization (EP_CV_V1.0):

In Table 1, for Function 17:

In Administrator column, change the “X” to “S”.

In the Notes column, add “Must be selected if "directory-based" is selected anywhere in FIA_UAU.5.1 in the Base Virtualization PP."

 

FIA_UAU.5.1 is modified as follows in the Virtualization PP (PP_BASE_VIRTUALIZATION_V1.0):

FIA_UAU.5.1                      The TSF shall provide the following authentication mechanisms: [selection:

-    [selection: local, directory-based] authentication based on username and password,

-   authentication based on username and a PIN that releases an asymmetric key stored in OE-protected storage,

-    [selection: local, directory-based] authentication based on X.509 certificates,

-    [selection: local, directory-based] authentication based on an SSH public key credential]

to support Administrator authentication.

The application note and assurance activities remain unchanged.

Justification

See issue description.

 
 
Site Map              Contact Us              Home