Archived
TD0100: Password Management in SVPP
Publication Date
2016.09.02
Protection Profiles
PP_SV_V1.1
Other References
PP_SV_v1.1, FIA_PMG_EXT.1 , FMT_MOF_EXT.1.1
Issue Description
FIA_PMG_EXT.1 and management function #3 in FMT_MOF_EXT.1.1 imply that using passwords is mandatory. However, it is allowable for a product to disable password functionality and use other authentication methods as described in FIA_UIA_EXT.1. Resolution
Modify FMT_MOF_EXT.1.1, item 12 (the selection) to include the bullet: * Ability to enable/disable password authentication Modify the FMT_MOF_EXT.1 Application Note to include the following: While password authentication (and the associated password management functionality) must be supported by the TOE, it is acceptable to disable that functionality and force administrators to use an alternate authentication mechanisms, as specified in FIA_UAU_EXT.2. If this capability is included, the ST author selects "Ability to enable/disable password authentication" in item 12.
Add the following SFR to the SV PP: FIA_UAU_EXT.2 Password-based Authentication Mechanism FIA_UAU_EXT.2.1The TSF shall provide a local password-based authentication mechanism, [selection: [assignment: other authentication mechanism(s)], none]to perform administrative user authentication. Application Note The assignment should be used to identify any additional local authentication mechanisms supported. Local authentication mechanisms are defined as those that occur through the local console; remote administrative sessions (and their associated authentication mechanisms) are specified in FTP_TRP.1.
Justification
This change shows that password functionality may be disabled if other allowable authentication methods are used instead. |