NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0095:  NIT Technical Interpretations regarding audit, random bit generation, and entropy in NDcPP

Publication Date
2016.07.16

Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0

Other References
FCS_RBG_EXT, FCS_COP, FAU_STG_EXT, Annex D.4

Issue Description

The Network Interpretations Team (NIT) has issued technical interpetations regarding regarding audit, random bit generation, and entropy in the NDcPP v1.0 and FW cPP v1.0.

Resolution

To align with the NIT interpretations #1, #4, #5, & 6, NIAP supports the interpretations written below.  For further information, please see the NIT interpretations at:

 

https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI01.pdf

https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI04.pdf

https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI05.pdf

https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI06.pdf

 

FAU_STG_EXT.1 – Forwarding of audit information to external audit servers

1. Syslog is not mandated. No requirements are placed upon the format or underlying protocol of the audit being transferred. The only requirement is that it is transferred over an ITC transport.

2. The TOE must be capable of being configured to transfer audit data to an external IT entity without administrator intervention. Manual transfer would not meet the requirements. Transmission could be done in real-time or periodically. In case the transmission would not be done in real-time the TSS has to provide details about the possible as well as acceptable frequency for the transfer of audit data.

3. If the audit server is not part of the TOE, there are no requirements on it except the capabilities for ITC transport for audit data.

 

FCS_COP.1 – Using CTR-DBRG for random bit generation

Explicit claim of AES in CTR mode is not required to satisfy DRBG requirements as long as ST includes at least one AES claim of the same key size.

 

FCS_RBG_EXT.1.1 – Using /dev/random as a third party source of entropy

No, /dev/random is not considered a third party entropy source. There is substantial public documentation regarding /dev/random and it is expected that a vendor understand the source they are using to provide the basic security of their device.

 

Annex D.4 – Health testing for entropy sources

Mandating specific tests for health testing in the ND cPP or FW cPP might interfere with other existing requirements from standards, scheme requirements or national regulations. From NIT's perspective there is no need at present to mandate specific health tests in ND cPP or FW cPP. Section D.4 shall remain unchanged.

Justification

See issue description.

 
 
Site Map              Contact Us              Home