|
484 | 484 | USB devices (recognized or not recognized).<h:br/><h:br/> |
485 | 485 | Perform this test for an unauthorized device presenting itself as a composite device, a USB camera, a USB |
486 | 486 | audio headset, a USB printer, a USB keyboard, a USB wireless dongle, and any device listed on the PSD UA |
487 | | - blacklist.<h:br/><h:br/> |
| 487 | + denylist.<h:br/><h:br/> |
488 | 488 | Repeat this for each user authentication TOE peripheral interface.<h:ol> |
489 | 489 | <h:li>Ensure the TOE is powered off and connected to a computer. Run USB analyzer software and open |
490 | 490 | the real‐time hardware console on the connected computer, and connect a USB sniffer to the |
|
504 | 504 | This test verifies that the TOE ports do not reject authorized devices and devices with authorized protocols |
505 | 505 | as per the Peripheral Device Connection Policy.<h:br/><h:br/> |
506 | 506 | Perform this test for a USB device identified as User Authentication and any device listed on the PSD UA |
507 | | - whitelist: |
| 507 | + allowlist: |
508 | 508 | <h:ol> |
509 | 509 | <h:li>Ensure the TOE is powered off.</h:li> |
510 | 510 | <h:li>Connect the authorized device to the TOE peripheral interface.</h:li> |
|
637 | 637 | </consistecny-rationale> |
638 | 638 |
|
639 | 639 | <comp-lev>requires the TSF to specify the method of device filtering used for |
640 | | - peripheral interfaces and defines requirements for handling whitelists and blacklists.</comp-lev> |
| 640 | + peripheral interfaces and defines requirements for handling allowlists and denylists.</comp-lev> |
641 | 641 | <management>The following actions could be considered for the management functions in |
642 | 642 | FMT:<h:ul> |
643 | | - <h:li>Ability to configure whitelist/blacklist members</h:li> |
| 643 | + <h:li>Ability to configure allowlist and denylist members</h:li> |
644 | 644 | </h:ul> |
645 | 645 | </management> |
646 | 646 | <audit>The following actions should be auditable if FAU_GEN Security audit data generation |
|
715 | 715 | The evaluator shall examine the TSS and verify that it describes whether the PSD has configurable or fixed |
716 | 716 | device filtering.<h:br/><h:br/> |
717 | 717 | [Conditional – If “configurable” is selected in FDP_FIL_EXT.1.1/UA, then:] The evaluator shall examine the |
718 | | - TSS and verify that it describes the process of configuring the TOE for whitelisting and blacklisting UA |
| 718 | + TSS and verify that it describes the process of configuring the TOE for allowlisting and denylisting UA |
719 | 719 | peripheral devices, including information on how this function is restricted to administrators. |
720 | 720 | </TSS> |
721 | 721 | <Guidance> |
722 | 722 | [Conditional – If “configurable” is selected in FDP_FIL_EXT.1.1/UA, then:] the evaluator shall examine the |
723 | | - guidance documentation and verify that it describes the process of configuring the TOE for whitelisting |
724 | | - and blacklisting UA peripheral devices and the administrative privileges required to do this. |
| 723 | + guidance documentation and verify that it describes the process of configuring the TOE for allowlisting |
| 724 | + and denylisting UA peripheral devices and the administrative privileges required to do this. |
725 | 725 | </Guidance> |
726 | 726 | <Tests> |
727 | 727 | <testlist> |
|
734 | 734 | [Conditional: Perform this only if “configurable” is selected in FDP_FIL_EXT.1.1/UA]<h:br/><h:br/> |
735 | 735 | In the following steps the evaluator shall verify that allowlisted and denylisted devices are treated |
736 | 736 | correctly.<h:ol> |
737 | | - <h:li>Configure the TOE UA CDF to whitelist an authorized user authentication device, connect it to the |
| 737 | + <h:li>Configure the TOE UA CDF to allowlist an authorized user authentication device, connect it to the |
738 | 738 | TOE UA peripheral device interface, and verify that the device is accepted through real‐time device |
739 | 739 | console and USB sniffer capture.</h:li> |
740 | | - <h:li>Configure the TOE UA CDF to blacklist the device and verify that the device is rejected through |
| 740 | + <h:li>Configure the TOE UA CDF to denylist the device and verify that the device is rejected through |
741 | 741 | real‐time device console and USB sniffer capture.</h:li> |
742 | | - <h:li>Attempt to configure the TOE UA CDF to both whitelist and blacklist the device and verify that the |
| 742 | + <h:li>Attempt to configure the TOE UA CDF to both allowlist and denylist the device and verify that the |
743 | 743 | device is rejected through real‐time device console and USB sniffer capture.</h:li> |
744 | 744 | </h:ol> |
745 | 745 | </test> |
|
1163 | 1163 | </section> |
1164 | 1164 |
|
1165 | 1165 | <section title="Unauthorized Peripheral Devices"> |
1166 | | - The following are unauthorized devices and device classes:<h:ul> |
1167 | | - <h:li>USB audio input device connected to a KM peripheral interface</h:li> |
1168 | | - <h:li>USB audio output device connected to a KM peripheral interface</h:li> |
| 1166 | + The following are unauthorized devices:<h:ul> |
| 1167 | + <h:li>USB device that is denylisted</h:li> |
| 1168 | + <h:li>USB audio input device connected to a user authentication peripheral interface</h:li> |
| 1169 | + <h:li>USB audio output device connected to a user authentication peripheral interface</h:li> |
1169 | 1170 | <h:li>USB camera</h:li> |
| 1171 | + <h:li>USB keyboard connected to a user authentication peripheral interface</h:li> |
1170 | 1172 | <h:li>USB printer</h:li> |
1171 | | - <h:li>USB user authentication device connected to a TOE keyboard/mouse peripheral interface</h:li> |
1172 | 1173 | <h:li>USB wireless LAN dongle</h:li> |
1173 | | - <h:li>Non‐HID device classes of a composite device connected to a TOE KM peripheral interface</h:li> |
1174 | | - <h:li>Any other device not specifically authorized</h:li> |
1175 | | - <h:li>Any other device class not specifically authorized</h:li> |
| 1174 | + <h:li>Any unauthorized device that presents itself to the PSD as a composite device and is |
| 1175 | + connected to a user authentication peripheral interface</h:li> |
| 1176 | + <h:li>Any device not specifically authorized</h:li> |
1176 | 1177 | </h:ul> |
1177 | 1178 | </section> |
1178 | 1179 |
|
|
1183 | 1184 | </section> |
1184 | 1185 | <section title="Authorized Peripheral Devices"> |
1185 | 1186 | The following are authorized devices and functions:<h:ul> |
1186 | | - <h:li>Barcode reader</h:li> |
1187 | | - <h:li>Keyboard or keypad</h:li> |
1188 | | - <h:li>Mouse, touchscreen, trackball, or trackpad</h:li> |
1189 | | - <h:li>PS/2 to USB adapter</h:li> |
1190 | | - <h:li>USB device identified as HID class</h:li> |
1191 | | - <h:li>USB hub</h:li> |
1192 | | - <h:li>HID functions of a composite device connected to a TOE KM peripheral interface</h:li> |
| 1187 | + <h:li>USB device identified as User Authentication</h:li> |
| 1188 | + <h:li>USB device that is allowlisted</h:li> |
| 1189 | + <h:li>Internal authentication device</h:li> |
1193 | 1190 | </h:ul> |
1194 | 1191 | </section> |
1195 | 1192 |
|
|
1208 | 1205 | per FDP_PDC_EXT.1.<h:br/><h:br/> |
1209 | 1206 | Authorized devices identified in both PP‐Modules are considered authorized devices for the TOE as per |
1210 | 1207 | the claimed iterations of FDP_PDC_EXT.2.<h:br/><h:br/> |
1211 | | - Power events at a KM interface for one connected computer cannot impact power events at an analog |
1212 | | - audio output interface for another connected computer and vice versa, as per FDP_APC_EXT.1. This |
1213 | | - evaluation activity is tested in Test 3‐AO in the Supporting Document for Audio Output.<h:br/><h:br/> |
| 1208 | + Power events at a user authentication interface for one connected computer cannot impact power events |
| 1209 | + at an analog audio output interface for another connected computer and vice versa, as per |
| 1210 | + FDP_APC_EXT.1. This evaluation activity is tested in Test 3‐AO in the Supporting Document for Audio |
| 1211 | + Output.<h:br/><h:br/> |
1214 | 1212 | Both PP‐Modules modify the Base‐PP SFR FDP_APC_EXT.1 in ways that are specific to their respective |
1215 | | - peripheral types. The ST author should make two iterations of this SFR, FDP_APC_EXT.1/KM and |
| 1213 | + peripheral types. The ST author should make two iterations of this SFR, FDP_APC_EXT.1/UA and |
1216 | 1214 | FDP_APC_EXT.1/AO, to show the different modifications made for each specific peripheral type. |
1217 | 1215 | </section> |
1218 | | - <section title="PP-Module for User Authentication Devices"> |
| 1216 | + <section title="PP-Module for Keyboard/Mouse Devices"> |
1219 | 1217 | Unauthorized devices identified in both PP‐Modules are considered unauthorized devices for the TOE as |
1220 | 1218 | per FDP_PDC_EXT.1.<h:br/><h:br/> |
1221 | 1219 | Authorized devices identified in both PP‐Modules are considered authorized devices for the TOE as per |
1222 | 1220 | the claimed iterations of FDP_PDC_EXT.2.<h:br/><h:br/> |
1223 | | - KM functionality must be isolated from user authentication functionality and vice versa as per |
| 1221 | + User authentication functionality must be isolated from KM functionality and vice versa as per |
1224 | 1222 | FDP_UAI_EXT.1.<h:br/><h:br/> |
1225 | 1223 | Both PP‐Modules modify the Base‐PP SFR FDP_APC_EXT.1 in ways that are specific to their respective |
1226 | | - peripheral types. The ST author should make two iterations of this SFR, FDP_APC_EXT.1/KM and |
1227 | | - FDP_APC_EXT.1/UA, to show the different modifications made for each specific peripheral type. |
| 1224 | + peripheral types. The ST author should make two iterations of this SFR, FDP_APC_EXT.1/UA and |
| 1225 | + FDP_APC_EXT.1/KM, to show the different modifications made for each specific peripheral type. |
1228 | 1226 | </section> |
1229 | 1227 | <section title="PP-Module for Video/Display Devices"> |
1230 | 1228 | Unauthorized devices identified in both PP‐Modules are considered unauthorized devices for the TOE as |
1231 | 1229 | per FDP_PDC_EXT.1.<h:br/><h:br/> |
1232 | 1230 | Authorized devices identified in both PP‐Modules are considered authorized devices for the TOE as per |
1233 | 1231 | the claimed iterations of FDP_PDC_EXT.2.<h:br/><h:br/> |
1234 | | - Video devices with an interface for USB Type‐C with DisplayPort as alternate function may not be |
1235 | | - connected to a KM interface, and KM devices may not be connected to a video interface for USB Type‐C |
1236 | | - with DisplayPort as alternate function, even though both devices are authorized devices.<h:br/><h:br/> |
1237 | | - Video devices with an interface for USB Type‐C with DisplayPort as alternate function may not be used in |
1238 | | - conjunction with a touchscreen peripheral device, as per FDP_PDC_EXT.2/KM and FDP_PDC_EXT.3.1/Vid.<h:br/><h:br/> |
1239 | | - KM devices may be used with a guard in conjunction with multiple video devices, as per FDP_CDS_EXT.1 |
1240 | | - and FDP_SWI_EXT.2.<h:br/><h:br/> |
| 1232 | + Any USB‐C functionality that is supported by the TOE must be isolated from user authentication |
| 1233 | + functionality and vice versa as per FDP_UAI_EXT.1.<h:br/><h:br/> |
1241 | 1234 | Both PP‐Modules modify the Base‐PP SFR FDP_APC_EXT.1 in ways that are specific to their respective |
1242 | | - peripheral types. The ST author should make two iterations of this SFR, FDP_APC_EXT.1/KM and |
| 1235 | + peripheral types. The ST author should make two iterations of this SFR, FDP_APC_EXT.1/UA and |
1243 | 1236 | FDP_APC_EXT.1/VI, to show the different modifications made for each specific peripheral type. |
1244 | 1237 | </section> |
1245 | 1238 | </appendix> |
|
0 commit comments