NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0054:  Clarification of FPT_API_EXT.1.1 Requirement in APP PP v1.1

Publication Date

Protection Profiles

Other References

Issue Description

Additional detail of the FPT_API_EXT.1.1 requirement is needed in order for an Application Software vendor to know where they are using capabilities or products that are inherently unreliable. These items should be identified and documented in the TSS to successfully meet the requirement.


Revised wording for the Application Note:

The definition of supported may vary depending upon whether the application is provided by a third party (who relies upon documented platform APIs) or by a platform vendor who may be able to guarantee support for platform APIs which are not externally documented. The use of undocumented API's by a 3rd party application, like a virus scanner for example, is acceptable when well thought-out and documented by the application developer.


Revised wording for the Assurance Activity:

The evaluator shall verify that the TSS lists the platform APIs used in the application. The evaluator shall then compare the list with the supported APIs (available through e.g. developer accounts, platform developer groups) and ensure that all APIs listed in the TSS are supported. If any unsupported API's should be discovered the evaluator should review the TSS and verify that unsupported API calls are clearly documented along with a developer justification for why they must be used.

Site Map              Contact Us              Home