TD0836: NIT Technical Decision: Redundant Requirements in FPT_TST_EXT.1
Publication Date
2024.04.25
Protection Profiles
CPP_ND_V3.0E
Other References
FPT_TST_EXT.1, CPP_ND_V3.0E-SD, Section 4.1.5
Issue Description
The NIT has published a Technical Decision for FPT_TST_EXT.1. Resolution
FPT_TST_EXT.1.1 in CPP_ND_V3.0E has been modified as follows, with green-highlighted underlines indicating additions and red-highlighted strikethroughs indicating deletions:
FPT_TST_EXT.1.1 The TSF shall run a suite of the following self-tests • During initial start-up (on power on) to verify the integrity of the TOE firmware and software; • • [selection: no other, start-up, on-demand, continuous, at the conditions [assignment: conditions under which self-tests should occur]] self-tests [assignment: to demonstrate the correct operation of the TSF.
Application Note 27
Non-distributed TOEs may internally consist of several components that contribute to enforcing SFRs. Self-testing shall cover all components that contribute to enforcing SFRs and verification of integrity shall cover all software that contributes to enforcing SFRs on all components. For distributed TOEs all TOE components have to perform self-tests. This does not necessarily mean that each TOE component has to carry out the same self-tests.
An Application Note is added for FPT_TST_EXT1.2: For all failed self-tests related to enforcing SFRs as defined in FPT_TST_EXT1.1 the reaction of the TOE to the failure needs to be specified. On the one hand, FPT_TST_EXT.1.2 allows to model TOEs that react to all failures of self-tests related to enforcing SFRs the same way be selecting 'all failures' in the first selection and selection of the corresponding reaction of the two in the second selection. On the other hand, it allows to model TOEs that react differently to different failures of self-tests to enforcing SFRs by specifying the list of failures in the first selection and the corresponding reaction of the TOE in the second selection. In the latter case, it shall be clear which failure of a self-test causes which behavior of the TOE.
Section 4.1.5. Device Failure is updated as follows, with green-highlighted underlines indicating additions and red-highlighted strikethroughs indicating deletions:
4.1.5. Device Failure Security mechanisms of the Network Device generally build up from roots of trust to more complex sets of mechanisms. Failures could result in a compromise to the security functionality of the device. A Network Device self-testing its security critical components
The TSS activity for FPT_TST_EXT.1 in Section 2.5.3.1, item 187 of CPP_ND_V3.0E-SD is modified as follows, with green-highlighted underlines indicating additions and red-highlighted strikethroughs indicating deletions:
The evaluator shall examine the TSS to ensure that it details each of the self-tests that are
The Test for FPT_TST_EXT.1 in Section 2.5.3.3, item 193 of CPP_ND_V3.0E-SD is modified as follows, with green-highlighted underlines indicating additions and red-highlighted strikethroughs indicating deletions:
The evaluator shall Justification
For more information, please see the NIT Decision. |