Archived
TD0031: ANSI X9.31 Reference in FCS_CKM.1(2) in VPN GW EP
Publication Date
2015.01.12
Protection Profiles
PP_ND_V1.1
Other References
PP_ND_VPN_GW_EP_V.1.1, requirement FCS_CKM.1(2) , PP_ND_V1.1
Issue Description
The FCS_CKM.1 (2) SFR states: The TSF shall generate asymmetric cryptographic keys used for IKE peer authentication in accordance with a: ANSI X9.31-1998, Appendix A.2.4 requires the use of what is commonly known as the “ANSI X9.31 RNG.” The ANSI X9.31 RNG is a general-purpose random number generator that requires the use of DES and is not an allowed selection in FCS_RBG_EXT.1. Resolution
Change the reference for ANSI X9.31-1998 in the selection from "Appendix A.2.4" to "Section 4.1." Justification
This reference was corrected in FCS_CKM.1(1) in the MDF PP 2.0; for the ANSI X9.31-1998 option in the selection, "Appendix A.2.4" was replaced with "Section 4.1". |