Archived
TD0082: Removal of Auditing of SSH Rekey in FAU_GEN.1(1)
Publication Date
2016.02.25
Protection Profiles
PP_MDM_V2.0
Other References
PP_MDM_V2.0
Issue Description
In FAU_GEN.1(1) there is a requirement to audit successful SSH re-key. FCS_SSHS_EXT.1 requires rekey after 2^28 packets. While rekeying after 2^28 packets is an SSH RFC requirement and is valid and can be tested, auditing of SSH rekeys is not required in the RFC and is pretty low-level compared to SSH session establishment or termination. Resolution
In Table 1, "Successful SSH re-key." should be removed from the Auditable Events column for FCS_SSHS_EXT.1. Justification
This level of auditing is not deemed necessary, and the most popular SSH implementation does not support it. |