TD0772: TLS FP 2.0 selections in audit records table
Publication Date
2023.07.19
Protection Profiles
PKG_TLS_v2.0
Other References
Section B.1, Table 2
Issue Description
In TLS FP 2.0, in table 2 section B.1, the table permits ST authors to select auditable records which they do or do not support. For those that they do not support, there is the ability to select "None" as an option. However, when "None" is selected for the "Auditable Events" column of Table 2, the audit record details are still required to be claimed in the ST; there is not a corresponding selection in the "Additional Audit Record Contents" column. Also, the entry for FCS_DTLSS_EXT.1 includes an option for "Failure to establish a TLS session". This should be "Failure to establish a DTLS session"
Resolution
TD0716 is archived and replaced with the following. The introductory paragraph in Section B.1 of PKG_TLS_V2.0 is modified as follows, with highlighted green underlines denoting additions: The auditable events in the table below are included in a Security Target if both the associated requirement is included and the incorporating PP or PP-Module supports audit event reporting through FAU_GEN.1 and any other criteria in the incorporating PP or PP-Module are met. Note that, if "None" is not selected in the "Auditable Events" column, it should not be selected in the "Additional Audit Record Contents" column. Likewise, if "None" is selected in the "Auditable Events" column, it should also be selected in the "Additional Audit Record Contents" column. Entries with selections in Table 2 in PKG_TLS_V2.0 are modified as follows, with highlighted green underlines denoting additions:
Justification
For row entries with a selection in column 2 (Auditable Events), there should be a selection in column 3 (Additional Audit Record Content) that allows the ST author to select "None" if "None" is selected in column 2. |