TD0632: NIT Technical Decision for Consistency with Time Data for vNDs
Publication Date
2022.03.21
Protection Profiles
CPP_ND_V2.2E
Other References
ND SD2.2, FPT_STM_EXT.1.2
Issue Description
The NIT has issued a technical decision consistency with Time Data for vNDs. Resolution
FTP_STM_EXT.1.2 shall be modified as follows: FPT_STM_EXT.1.2 The TSF shall [selection: allow the Security Administrator to set the time, synchronise time with an NTP server, obtain time from the underlying virtualization system]. Application Note 35 paragraph 3 shall be modified as follows: For a Case 1 vND, the virtualization system can be used as an external time source. For a Case 2 vND, the virtualization system is part of the TOE, so the time must be set by a security administrator or synchronized with an NTP server. The following shall be appended to the TSS requirements for FPT_STM_EXT.1: If “obtain time from the underlying virtualization system” is selected, the evaluator shall examine the TSS to ensure that it identifies the VS interface the TOE uses to obtain time. If there is a delay between updates to the time on the VS and updating the time on the TOE, the TSS shall identify the maximum possible delay. The following shall be appended to the Guidance Documentation requirements for FPT_STM_EXT.1: If the TOE supports obtaining time from the underlying VS, the evaluator shall verify the Guidance Documentation specifies any configuration steps necessary. If no configuration is necessary, no statement is necessary in the Guidance Documentation. If there is a delay between updates to the time on the VS and updating the time on the TOE, the evaluator shall ensure the Guidance Documentation informs the administrator of the maximum possible delay. The following test shall be added for FPT_STM_EXT.1: c) Test 3: [conditional] If the TOE obtains time from the underlying VS, the evaluator shall record the time on the TOE, modify the time on the underlying VS, and verify the modified time is reflected by the TOE. If there is a delay between the setting the time on the VS and when the time is reflected on the TOE, the evaluator shall ensure this delay is consistent with the TSS and Guidance. For further information, please see NIT Interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRFI202117.pdf Justification
See issue description. |