Archived
TD0212: FCS_HTTPS_EXT.1.3 - TLS Mutual Authentication Update
Publication Date
2017.09.21
Protection Profiles
PP_MDM_V2.0, PP_MDM_V3.0
Other References
FCS_HTTPS_EXT.1.3
Issue Description
FCS_HTTPS_EXT.1.3 in MDM PP v2.0 and v3.0 may improperly imply that clients must always authenticate to the MDM Server's TLS server using TLS client certificate authentication. Authentication of remote administrators is often implemented using password-based authentication over HTTPS rather than using a TLS client certificate Resolution
Exclude FCS_HTTPS_EXT.1.3 from MDM PP v2.0 and v3.0. Justification
TLS client certificate authentication is not required for remote administration. TLS client certificate authentication is required for MDM Agents connecting to the MDM Server after initial enrollment, but FCS_TLSS_EXT.1.3 and FCS_TLSS_EXT.1.4 already suffice to ensure that MDM Server implementations support client certificate authentication. |