Archived
TD0360: AD Server configuration in FMT_MOF_EXT.1
Publication Date
2018.09.28
Protection Profiles
EP_CV_V1.0, EP_SV_V1.0, PP_BASE_VIRTUALIZATION_V1.0
Other References
FMT_MOF_EXT.1.2, FIA_UAU.5.1
Issue Description
If a TOE does not require directory services for operation in the evaluated configuration, the ability to configure name/address of directory server to bind with should not be mandatory for an administrator in FMT_MOF_EXT.1.2 [Table 1, line 17]. Resolution
FMT_MOF_EXT.1.2 is modified as follows in both the Extended Package for Server Virtualization (EP_SV_V1.0) and the Extended Package Client Virtualization (EP_CV_V1.0): In Table 1, for Function 17: In Administrator column, change the “X” to “S”. In the Notes column, add “Must be selected if "directory-based" is selected anywhere in FIA_UAU.5.1 in the Base Virtualization PP."
FIA_UAU.5.1 is modified as follows in the Virtualization PP (PP_BASE_VIRTUALIZATION_V1.0): FIA_UAU.5.1 The TSF shall provide the following authentication mechanisms: [selection: - [selection: local, directory-based] authentication based on username and password, - authentication based on username and a PIN that releases an asymmetric key stored in OE-protected storage, - [selection: local, directory-based] authentication based on X.509 certificates, - [selection: local, directory-based] authentication based on an SSH public key credential] to support Administrator authentication. The application note and assurance activities remain unchanged. Justification
See issue description. |