TD0725: Correction to FCS_CKM_EXT.2/4 selections
Publication Date
2023.03.17
Protection Profiles
MOD_VPNC_V2.4
Other References
FCS_CKM_EXT.2, FCS_CKM_EXT.4
Issue Description
In VPNC MOD 2.4, for both FCS_CKM_EXT.2 (under GPOS and APP) and FCS_CKM_EXT.4 (under APP), the SFRs indicate that the selection is a "choose one of". However, the Application Notes for both instances of FCS_CKM_EXT.2 indicate that both selections can be specified. For FCS_CKM_EXT.4, the Application Note specifies an instance where both selections must be selected. Resolution
FCS_CKM_EXT.2.1 in Section 5.1.2.1 of MOD_VPN_CLI_v2.4 is modified as follows, with strikethrough in red highlighting denoting deletion: FCS_CKM_EXT.2.1 The [selection, choose one of: VPN client, OS] shall store persistent secrets and private keys when not in use in OS-provided key storage. FCS_CKM_EXT.2.1 in Section 5.3.2.1 of MOD_VPN_CLI_v2.4 is modified as follows, with strikethrough in red highlighting denoting deletion: FCS_CKM_EXT.2.1 The [selection, choose one of: TOE, TOE platform] shall store persistent secrets and private keys when not in use in platform-provided key storage. FCS_CKM_EXT.4.1 in Section 5.3.2.1 of MOD_VPN_CLI_v2.4 is modified as follows, with strikethrough in red highlighting denoting deletion: FCS_CKM_EXT.4.1 The [selection, choose one of: TOE, TOE platform] shall zeroize all plaintext secret and private cryptographic keys and CSPs when no longer required. FCS_CKM_EXT.2 and FCS_CKM_EXT.4 extended component definitions in Section C.2.1.1 of MOD_VPN_CLI_v2.4 are modified as follows, with strikethrough in red highlighting denoting deletion: FCS_CKM_EXT.2.1 The [selection, choose one of: VPN client, OS] shall store persistent secrets and private keys when not in use in OS-provided key storage. ... FCS_CKM_EXT.4.1 The [selection, choose one of: TOE, TOE platform] shall zeroize all plaintext secret and private cryptographic keys and CSPs when no longer required. Justification
See issue description. |