NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0378:  TOE/TOE Platform Selection in FCS_IPSEC_EXT.1 SFRs

Publication Date
2018.12.13

Protection Profiles
MOD_VPN_CLI_V2.1

Other References
FCS_IPSEC_EXT.1.12, FCS_IPSEC_EXT.1.13

Issue Description

FCS_IPSEC_EXT.1.12 and FCS_IPSEC_EXT.1.13 in MOD_VPN_CLI_V2.1 state “The TSF shall” and do not provide the capability to be provided by the TOE Platform.  The Assurance Activities for these two elements state: “Assurance Activities for this element are tested through Assurance Activities for FCS_IPSEC_EXT.1.11. However, FCS_IPSEC_EXT.1.11 provides the selection  [selection: TOE, TOE platform].

Resolution

FCS_IPSEC_EXT.1.12 shall be modified as follows:

FCS_IPSEC_EXT.1.12    The [selection: TOE, TOE platform] shall not establish an SA if the [selection: IP address, Fully Qualified Domain Name (FQDN), user FQDN, Distinguished Name (DN)] and [selection: no other reference identifier type, [assignment: other supported reference identifier types]] contained in a certificate does not match the expected value(s) for the entity attempting to establish a connection.

FCS_IPSEC_EXT.1.13 shall be modified as follows:

FCS_IPSEC_EXT.1.13   The [selection: TOE, TOE platform] shall not establish an SA if the presented identifier does not match the configured reference identifier of the peer.

 

Justification

Other FCS_IPSEC_EXT.1 SFRs have this selection.

 
 
Site Map              Contact Us              Home