Archived
TD0180: Update to audit of FDP_DAR_EXT.1
Publication Date
2017.04.10
Protection Profiles
PP_MD_v3.0
Other References
FDP_DAR_EXT.1, FAU_GEN.1.2
Issue Description
PP_MD_v3.0 requires auditing of FDP_DAR_EXT.1 for failure to encrypt/decrypt data. However if the TOE utilizes whole volume encryption for protected memory, it is not feasible to audit when the encryption/decryption fails. This requirement should be selected if the TOE utilizes file-based encryption for protected data and audits when this encryption/decryption fails. Resolution
FAU_GEN.1.2 is modified as follows:
Modify the Table 1 Application Note as follows:
Table 1 Application Note: FPT_TST_EXT.1 – Audit of self-tests is required only at initial start-up. Since the TOE “transitions to non-operational mode” upon failure of a self-test, per FPT_NOT_EXT.1, this is considered equivalent evidence to an audit record for the failure of a self-test.
FDP_DAR_EXT.1 –"None" shall be selected, if the TOE utilizes whole volume encryption for protected memory, since it is not feasible to audit when the encryption/decryption fails. If the TOE utilizes file-based encryption for protected data and audits when this encryption/decryption fails, then that auditable event shall be selected
Modify the FDP_DAR_EXT.1 requirement in Table 1 as follows:
Justification
See issue description. |