The Network Interpretations Team (NIT) has issued a technical decision regarding the FMT_SMF.1.1 requirement in the NDcPP v1.0 and FW cPP v1.0. The FMT_SMF.1.1 requirement mandates the use of digital signatures for updates. However, FPT_TUD_EXT.1.3 includes a selection of digital signatures OR published hash, thus making the two requirements inconsistent.

To align with the NIT interpretation #16, the FMT_SMF.1.1 requirement has been modified as written below. For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI16.pdf

FMT_SMF.1.1 The TSF shall be capable of performing the following management functions:

• Ability to administer the TOE locally and remotely;
• Ability to configure the access banner;
• Ability to configure the session inactivity time before session termination or locking;
• Ability to update the TOE, and to verify the updates using [selection: digital signature, hash
• comparison] capability prior to installing those updates;
• [selection:

o   Ability to configure audit behavior;

o   Ability to configure the list of TOE-provided services available before an entity is

o   identified and authenticated, as specified in FIA_UIA_EXT.1;

o   Ability to configure the cryptographic functionality;

o   No other capabilities.]

See issue description.