NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0096:  NIT Technical Interpretation regarding Virtualization

Publication Date
2016.07.16

Protection Profiles
CPP_ND_V1.0

Other References

Issue Description

The Network Interpretations Team (NIT) has issued a technical interpretation regarding NDcPP and SIP Server with virtualization.

Resolution

To align with the NIT interpretation #23, NIAP supports the interpretation written below.  For further information, please see the NIT interpretation at:

https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI23.pdf.

vNDs are software implementations of network device functionality that run inside virtual machines. NDcPP v1 expressly excludes evaluation of vNDs, but our position is that vNDs can be evaluated against NDcPPv1 if the product meets all the requirements and assumptions of a physical ND as required in NDcPPv1.


This means:
-- The virtualization layer (or hypervisor or VMM) is considered part of the ND's software stack, and thus is part of the TOE. vNDs that can run on multiple VMMs must be tested on each claimed VMM unless the vendor can successfully argue equivalence.
-- The physical hardware is likewise included in the TOE (like in the example included above). vNDs must be tested for each claimed hardware platform unless the vendor can successfully argue equivalence.
-- There is only one vND instance for each physical hardware platform.
-- There are no other guest VMs on the physical platform providing non-network device functionality.

Justification

See issue description.

 
 
Site Map              Contact Us              Home