TD0839: Clarification for Local Administration in FTP_TRP.1.3
Publication Date
2024.05.29
Protection Profiles
PP_OS_V4.3
Other References
FTP_TRP.1.3
Issue Description
FTP_TRP.1.3 is written with the implicit assumption that all TOEs will have remote administration and cannot support a TOE with local-only administration, as written. Resolution
FTP_TRP.1.3 in PP_OS_V4.3 is modified as follows, with green-highlighted underlines indicating additions and red-highlighted strikethroughs indicating deletions: FTP_TRP.1.3
The OS shall require use of the trusted path for [selection: initial user authentication, [all remote administrative actions]].
Application Note: This requirement ensures that authorized remote administrators initiate all communication with the OS via a trusted path, and that all communication with the OS by remote administrators is performed over this path. The data passed in this trusted communication channel is encrypted as defined in FTP_ITC_EXT.1. If “remote” is selected in FTP_TRP.1.1, “[all remote administrative actions]” must be selected in FTP_TRP.1.3.
If "local" is selected in FTP_TRP.1.1, then "initial user authentication" must be selected in FTP_TRP.1.3. Evaluation Activities The evaluator will examine the TSS to determine that the methods of remote or local OS administration are indicated, along with how those communications are protected. (Conditional: if “remote” is selected in FTP_TRP1.1) The evaluator will also confirm that all protocols listed in the TSS in support of OS administration are consistent with those specified in the requirement, and are included in the requirements in the ST.
Guidance The evaluator will confirm that the operational guidance contains instructions for establishing the remote administrative sessions or initial user authentication for each supported method.
Tests The evaluator will also perform the following tests:
Justification
See Issue Description. |