Archived
TD0090: NIT Technical Decision for FMT_SMF.1.1 Requirement in NDcPP
Publication Date
2016.06.07
Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0
Other References
FMT_SMF.1.1, FPT_TUD_EXT.1.3
Issue Description
The Network Interpretations Team (NIT) has issued a technical decision regarding the FMT_SMF.1.1 requirement in the NDcPP v1.0 and FW cPP v1.0. The FMT_SMF.1.1 requirement mandates the use of digital signatures for updates. However, FPT_TUD_EXT.1.3 includes a selection of digital signatures OR published hash, thus making the two requirements inconsistent. Resolution
To align with the NIT interpretation #16, the FMT_SMF.1.1 requirement has been modified as written below. For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI16.pdf FMT_SMF.1.1 The TSF shall be capable of performing the following management functions:
o Ability to configure audit behavior; o Ability to configure the list of TOE-provided services available before an entity is o identified and authenticated, as specified in FIA_UIA_EXT.1; o Ability to configure the cryptographic functionality; o No other capabilities.] Justification
See issue description. |