TD0835: Aligning MOD_ESC 1.0 with NDcPP 3.0E
Publication Date
2024.04.25
Protection Profiles
MOD_ESC_V1.0
Other References
Section 1.1, MOD_ESC_V1.0-SD
Issue Description
MOD_ESC_V1.0 must be updated for compatibility with CPP_ND_V3.0E. Resolution
The following is added to the bulleted list of Base-PPs in Section 1.1 Overview of MOD_ESC_V1.0 is modified as follows, with green highlighted underlines denoting addition:
· collaborative Protection Profile for Network Devices (NDcPP), Version 3.0e
The following is added to the bulleted list of Base-PPs in Section 1.1 Technology Area and Scope of Supporting Document of MOD_ESC_V1.0-SD is modified as follows, with green highlighted underlines denoting addition:
The Application Note for FCS_DTLSS_EXT.1.1 in Section 5.1.1 of MOD_ESC_V1.0 is modified as follows, with green highlighted underlines denoting additions:
Application Note: This SFR is selection-based in the NDcPP and remains selection-based in this PP-Module because DTLS may be used to secure transmitted media. In this case, it must be claimed if ‘DTLS’ is selected in FTP_ITC.1.1/ESC in addition to the applicable selection triggers in the Base-PP. This SFR is also refined from its definition in the Base-PP by requiring the use of DTLS 1.2 if this function is claimed. When CPP_ND_V3.0E is the Base-PP, the element in Section 5.1.2.1 should be used, instead.
The Application Note for FCS_TLSC_EXT.1.1 in Section 5.1.1 of MOD_ESC_V1.0 is modified as follows, with green highlighted underlines denoting additions:
Application Note: This SFR is selection-based in the NDcPP but is mandated by this PP-Module because Transport Layer Security (TLS) is used to secure SIP and H.323 communications. Additionally, this PP-Module mandates the use of TLS 1.2. When CPP_ND_V3.0E is the Base-PP, the element in Section 5.1.2.1 should be used, instead.
The Application Note for FCS_TLSS_EXT.1.1 in Section 5.1.1 of MOD_ESC_V1.0 is modified as follows, with green highlighted underlines denoting additions:
Application Note: This SFR is selection-based in the NDcPP but is mandated by this PP-Module because TLS is used to secure SIP and H.323 communications. Additionally, this PP-Module mandates the use of TLS 1.2. When CPP_ND_V3.0E is the Base-PP, the element in Section 5.1.2.1 should be used, instead.
Section 5.1.2 Further Modified SFRs and its associated subsections are added to MOD_ESC_V1.0 as follows:
5.1.2 Further Modified SFRs The SFRs listed in this section are defined in the NDcPP V3.0E and relevant to the secure operation of the TOE. SFRs in this section must be used in lieu of their counterparts in Section 5.1.1 when CPP_ND_V3.0E is used as the Base PP. When not further refined in this section, SFRs listed in section 5.1.1 should be used as-is. 5.1.2.1 Cryptographic Support (FCS)
FCS_DTLSS_EXT.1 DTLS Server Protocol FCS_DTLSS_EXT.1.1 [selection: • Select supported ciphersuites for DTLS 1.2 from List 1 in the NDcPP • Select supported ciphersuites for DTLS 1.3 from List 2 in the NDcPP ] and no other ciphersuites.
FCS_TLSC_EXT.1 TLS Client Protocol FCS_TLSC_EXT.1.1 [selection: • Select supported ciphersuites for TLS 1.2 from List 1 in the NDcPP • Select supported ciphersuites for TLS 1.3 from List 2 in the NDcPP ] and no other ciphersuites.
FCS_TLSS_EXT.1 TLS Server Protocol FCS_TLSS_EXT.1.1 [selection: • Select supported ciphersuites for TLS 1.2 from List 1 in the NDcPP • Select supported ciphersuites for TLS 1.3 from List 2 in the NDcPP ] and no other ciphersuites.
Justification
See Issue Description. |