NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0090:  NIT Technical Decision for FMT_SMF.1.1 Requirement in NDcPP

Publication Date
2016.06.07

Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0

Other References
FMT_SMF.1.1, FPT_TUD_EXT.1.3

Issue Description

The Network Interpretations Team (NIT) has issued a technical decision regarding the FMT_SMF.1.1 requirement in the NDcPP v1.0 and FW cPP v1.0. The FMT_SMF.1.1 requirement mandates the use of digital signatures for updates. However, FPT_TUD_EXT.1.3 includes a selection of digital signatures OR published hash, thus making the two requirements inconsistent.

Resolution

To align with the NIT interpretation #16, the FMT_SMF.1.1 requirement has been modified as written below. For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI16.pdf

FMT_SMF.1.1 The TSF shall be capable of performing the following management functions:

  • Ability to administer the TOE locally and remotely;
  • Ability to configure the access banner;
  • Ability to configure the session inactivity time before session termination or locking;
  • Ability to update the TOE, and to verify the updates using [selection: digital signature, hash
  • comparison] capability prior to installing those updates;
  • [selection:

o   Ability to configure audit behavior;

o   Ability to configure the list of TOE-provided services available before an entity is

o   identified and authenticated, as specified in FIA_UIA_EXT.1;

o   Ability to configure the cryptographic functionality;

o   No other capabilities.]

Justification

See issue description.

 
 
Site Map              Contact Us              Home