Archived
TD0085: FMT_SMF.1 Specification of Management Functions in MACsec EP
Publication Date
2016.03.08
Protection Profiles
PP_NDCPP_MACSEC_EP_V1.0
Other References
PP_NDCPP_MACSEC_EP_V1.0
Issue Description
The FMT_SMF.1 Specification of Management Functions requirement requires the ability to manage the Key Server using specific implementation solutions such as using MIB objects. The specific management functions and the testing activities reference the use of MIBs to manage the TOE as well as in performing the tests. MIBs are a direct association with SNMPv3 (a selection-based requirement) for remote management of the TOE. If SSH is selected in FTP_TRP.1 the supported CLI does not support MIB access or capabilities. SSH does however offer equivalent commands for management of the MKA. This is also an issue if IPsec, TLS and HTTPS are selected in FTP_TRP.1 Trusted Path for remote administration of the TOE. Resolution
The revised SFRs, Application Notes, and Assurance Activities for FMT_SMF.1 are noted below. These replace the text in the PPs, effective immediately. FMT_SMF.1 Specification of Management Functions
There are additional management functions that serve to extend the FMT_SMF.1 SFR found in the NDcPP. The following functions should be combined with those of the NDcPP in the context of a conforming Security Target:
Ability of a Security Administrator to:
[selection:
Application Note: IEEE 802.1X specifies MIB objects for management functionality but configuration of management functions via other approved methods is acceptable. The ST author should select either the MIB object or provide the function used to achieve this management functionality.
Justification
The MACsec EP should define the requirement, not how the requirement is met, as well as how to test the requirement based on selections within the SFR. |