Archived
TD0582: PP-Configuration for Application Software and Virtual Private Network (VPN) Clients now allowed
Publication Date
2021.04.16
Protection Profiles
PP_APP_v1.3
Other References
Section 2, FDP_DAR_EXT.1
Issue Description
VPN Client PP-Module Version 2.2 is published but the PP for Application Software, Version 1.3 does not allow for a PP-Configuration that includes the VPN Client PP-Module. In addition, references to the File Encyption EP need to be changed to PP-Module for File Encryption. Resolution
This TD supersedes TD0486. The text for Section 2, Conformance Claims is replaced as follows:
An ST must claim exact conformance to this PP, as defined in the CC and CEM addenda for Exact Conformance, Selection-Based SFRs, and Optional SFRs (dated May 2017). This PP is conformant to Parts 2 (extended) and 3 (extended) of Common Criteria Version 3.1, Revision 5. This PP does not claim conformance to any other Protection Profile. The following PPs and PP-Modules are allowed to be specified in a PP-Configuration with this PP. PP-Module for File Encryption, Version 1.0 PP-Module for File Encryption Enterprise Management, Version 1.0 PP-Module for VPN Clients, Version 2.2 This PP is TLS Package Version 1.1 Conformant.
FDP_DAR_EXT.1 in Section 5.2.1 is also updated as follows:
FDP_DAR_EXT.1 Encryption Of Sensitive Application Data
FDP_DAR_EXT.1.1 The application shall [selection:
· leverage platform-provided functionality to encrypt sensitive data,
· implement functionality to encrypt sensitive data as defined in the PP-Module for File Encryption,
· protect sensitive data in accordance with FCS_STO_EXT.1,
· not store any sensitive data
] in non-volatile memory.
Application Note: If "implement functionality to encrypt sensitive data as defined in the PP-Module for File Encryption " is selected, the TSF must claim conformance to a PP-Configuration that includes the File Encryption PP-Module.
Any file that may potentially contain sensitive data (to include temporary files) shall be protected. The only exception is if the user intentionally exports the sensitive data to non-protected files. ST authors should select protect sensitive data in accordance with FCS_STO_EXT.1 for the sensitive data that is covered by the FCS_STO_EXT.1 SFR.
The evaluation activity remains unchanged. Justification
See issue description. |