TD0665: Corrections to MOD_ESC_v1.0 SFRs
Publication Date
2022.10.26
Protection Profiles
MOD_ESC_V1.0
Other References
FAU_GEN.1.2/CDR, FAU_GEN.1.2/Log, FAU_STG.1.2/CDR, FMT_SMF.1/ESC, FPT_TUD_EXT.1.1/VVoIP, FPT_TUD_EXT.1.3/VVoIP
Issue Description
MOD_ESC_v1.0 has formatting issues as well as minor wording changes needed to correspond to NDcPP within multiple SFRs. Resolution
PP-Module for Enterprise Session Controller v1.0 is modified as below, with the first 4 SFRs below being formatting changes only (i.e., adding bold, italics and brackets). FPT_TUD_EXT.1.1/VVoIP includes an update to the selection from the ECD in the NDcPP. FPT_TUD_EXT.1.3/VVoIP has removed one word (see strikethrough) to correspond with NDcPP. FAU_GEN.1.2/CDR is modified as follows, with bullets italicized to indicate a completed assignment. The TSF shall record within each CDR at least the following information: [ • calling party number (i.e. call originator) • called party number (i.e. call receiver or terminating number) • unique transaction sequence number • call disposition (e.g. call connected, call terminated, call transferred) • call type (e.g. voice only, voice and video, text) • call start time • call end time • call duration • unique identifier of the TOE • call routing into TOE • call routing out of TOE • time zone • call release cause, if applicable (i.e. reason for termination of call) • fault condition(s), if applicable].
FAU_GEN.1.2/Log is modified as follows, with bold denoting refinement. The TSF shall record within each system log record at least the following information: a) Date and time of the event, type of event, subject identity (if applicable), and the outcome (success or failure of the event); and b) For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, [event details described in System Log Events table].
FAU_STG.1.2/CDR is modified as follows with italics and brackets indicating selections. The TSF shall be able to [prevent] unauthorized modifications to the stored call detail records.
FMT_SMF.1.1/ESC is modified as follows, with italics and brackets indicating completion of an assignment. The TSF shall be capable of performing the following management functions: [ • Ability to display the real-time connection status of all VVoIP endpoints (hardware and software) and telecommunications devices; • Ability to clear all TSF data stored on disk; • [selection: o Ability to configure the password policy; o Ability to specify the set of audited events; o Ability to configure the behavior of the TOE in response to a self-test failure; o Ability to enable/disable voice and video recordings for any registered VVoIP endpoint; o Ability to specify criteria for retention of voice and video recordings; o No other capabilities] ].
FPT_TUD_EXT.1.1/VVoIP is modified as follows with an update to the VVoiP selection to align with the ECD in the NDcPP. The TSF shall provide [Security Administrators] the ability to query the currently executing version of the registered VVoIP endpoint firmware/software and [the most recently installed version of the registered VVoIP endpoint firmware/software].
FPT_TUD_EXT.1.3/VVoIP is modified to align with NDcPP as follows, with strikethroughs denoting deletions: The TSF shall provide means to authenticate firmware/software updates to the registered VVoIP endpoint using a [selection: X.509 certificate, digital signature
Justification
See issue description. |