|
990 | 990 | for Objective requirements</selectable> |
991 | 991 | <selectable>Specifically defined auditable event in <xref g="t-audit-sel-based"/> |
992 | 992 | for Selection-based requirements</selectable> |
993 | | - <selectable>Additional information defined in the audit table for the <xref to="pkg-tls"/></selectable> |
994 | | - <selectable>Additional information defined in the audit table for the <xref to="pkg-ssh"/></selectable> |
| 993 | + <selectable>Additional information defined in the audit table for the <xref to="tls"/></selectable> |
| 994 | + <selectable>Additional information defined in the audit table for the <xref to="ssh"/></selectable> |
| 995 | + <selectable>Additional information defined in the audit table for the <xref to="X509"/></selectable> |
995 | 996 | <selectable exclusive="yes">no additional auditable events</selectable> |
996 | 997 | </selectables>.</h:li> |
997 | 998 | </h:ol> |
|
1009 | 1010 | <selectable>Additional information defined in <xref g="t-audit-optional"/> for Strictly Optional SFRs</selectable> |
1010 | 1011 | <selectable>Additional information defined in <xref g="t-audit-objective"/> for Objective SFRs</selectable> |
1011 | 1012 | <selectable>Additional information defined in <xref g="t-audit-sel-based"/> for Selection-Based SFRs</selectable> |
1012 | | - <selectable>Additional information defined in the audit table for the <xref to="pkg-tls"/></selectable> |
1013 | | - <selectable>Additional information defined in the audit table for the <xref to="pkg-ssh"/></selectable> |
| 1013 | + <selectable>Additional information defined in the audit table for the <xref to="tls"/></selectable> |
| 1014 | + <selectable>Additional information defined in the audit table for the <xref to="ssh"/></selectable> |
| 1015 | + <selectable>Additional information defined in the audit table for the <xref to="X509"/></selectable> |
1014 | 1016 | <selectable exclusive="yes">no other information</selectable> |
1015 | 1017 | </selectables>.</refinement></h:li> |
1016 | 1018 | </h:ol> |
|
5384 | 5386 | <note role="application"> |
5385 | 5387 | This SFR is included in the ST if the ST Author selects "<h:i>TLS/HTTPS</h:i>" in |
5386 | 5388 | FTP_ITC_EXT.1.1.<h:p/> |
5387 | | - If this SFR is included in the ST, then the <xref to="pkg-tls"/> |
| 5389 | + If this SFR is included in the ST, then the <xref to="tls"/> |
5388 | 5390 | must also be claimed. |
5389 | 5391 | </note> |
5390 | 5392 | </f-element> |
|
5890 | 5892 | the ST Author to reflect what is implemented. The ST Author also ensures that |
5891 | 5893 | appropriate FCS requirements reflecting the algorithms used (and key |
5892 | 5894 | generation capabilities, if provided) are listed to support those methods. |
5893 | | - Applicable claims from the <xref to="pkg-x509"/> are made to support X.509 |
| 5895 | + Applicable claims from the <xref to="X509"/> are made to support X.509 |
5894 | 5896 | validation functionality, most notably FIA_XCU_EXT.1 (mandatory requirement |
5895 | 5897 | defining the TOE's use of certificates), FIA_X509_EXT.1 (X.509 certificate validation) |
5896 | 5898 | and FIA_X509_EXT.2 (X.509 certificate authentication).<h:p/> |
|
5927 | 5929 | </Guidance> |
5928 | 5930 | <Tests> |
5929 | 5931 | For efficiency’s sake, the testing that is performed here has been combined with the testing for |
5930 | | - X.509 certificate validation defined by <xref to="pkg-x509"/>, |
| 5932 | + X.509 certificate validation defined by <xref to="X509"/>, |
5931 | 5933 | FCS_IPSEC_EXT.1.12, and FCS_IPSEC_EXT.1.13. The following tests shall be repeated for each peer |
5932 | 5934 | authentication protocol selected in the FCS_IPSEC_EXT.1.11 selection above:<h:p/> |
5933 | 5935 | <testlist> |
|
7296 | 7298 | authentication factor.<h:p/> |
7297 | 7299 | The Password Authentication Factor is configured according to FIA_PMG_EXT.1.<h:p/> |
7298 | 7300 | If "<h:i>X.509 certificate-based authentication</h:i>" is selected, then the ST must include |
7299 | | - FIA_X509_EXT.1 and FIA_X509_EXT.2 from <xref to="pkg-x509"/>.<h:p/> |
| 7301 | + FIA_X509_EXT.1 and FIA_X509_EXT.2 from <xref to="X509"/>.<h:p/> |
7300 | 7302 | If "<h:i>public key-based authentication</h:i>" is selected, then the ST must claim |
7301 | | - the <xref to="pkg-ssh"/>. |
| 7303 | + the <xref to="ssh"/>. |
7302 | 7304 | </note> |
7303 | 7305 | </f-element> |
7304 | 7306 | <f-element id="fia-uau-5e2"> |
|
7865 | 7867 | <O ref="A"/> |
7866 | 7868 | <X ref="U"/> |
7867 | 7869 | <app-note> |
7868 | | - This function must be claimed if FIA_X509_EXT.1 is claimed in the ST (i.e., the TOE claims conformance to <xref to="pkg-x509"/>. <h:p/> |
| 7870 | + This function must be claimed if FIA_X509_EXT.1 is claimed in the ST (i.e., the TOE claims conformance to <xref to="X509"/>. <h:p/> |
7869 | 7871 | If TOE does not support configuration of certificate revocation checking methods, |
7870 | 7872 | then the Administrator option should be denied. |
7871 | 7873 | </app-note> |
|
7882 | 7884 | <X ref="U"/> |
7883 | 7885 | <app-note> |
7884 | 7886 | This function must be claimed if FIA_X509_EXT.2 is claimed in the ST (i.e., the TOE claims conformance |
7885 | | - to <xref to="pkg-x509"/> and the claims made in the SFR indicate that the administrator is allowed to |
| 7887 | + to <xref to="X509"/> and the claims made in the SFR indicate that the administrator is allowed to |
7886 | 7888 | configure how the TSF treats a certificate with undetermined revocation status. |
7887 | 7889 | </app-note> |
7888 | 7890 | </management-function> |
|
9357 | 9359 | <f-element id="ftp-itc-ext-1e1"> |
9358 | 9360 | <title>The TSF shall use |
9359 | 9361 | <selectables linebreak="yes"> |
9360 | | - <selectable id="sel-itc-tls">TLS as conforming to the <xref to="pkg-tls"/></selectable> |
| 9362 | + <selectable id="sel-itc-tls">TLS as conforming to the <xref to="tls"/></selectable> |
9361 | 9363 | <selectable id="sel-itc-https">TLS/HTTPS as conforming to FCS_HTTPS_EXT.1</selectable> |
9362 | 9364 | <selectable id="sel-itc-ipsec">IPsec as conforming to FCS_IPSEC_EXT.1</selectable> |
9363 | 9365 | <selectable id="sel-itc-ssh">SSH as conforming to the |
9364 | | - <xref to="pkg-ssh"/></selectable> |
| 9366 | + <xref to="ssh"/></selectable> |
9365 | 9367 | </selectables> |
9366 | 9368 | protocols with |
9367 | 9369 | <selectables linebreak="yes" onlyone="yes"> |
|
9398 | 9400 | Functional Package for TLS. This PP does not mandate that a product implement TLS with mutual authentication, |
9399 | 9401 | but if the product includes the capability to perform TLS with mutual authentication, then |
9400 | 9402 | mutual authentication must be included within the TOE boundary.<h:p/> |
9401 | | - If the ST Author selects "<h:i>SSH</h:i>," the TOE must conform to <xref to="pkg-ssh"/>.<h:p/> |
9402 | | - If the ST Author selects "<h:i>certificate-based authentication of the remote peer</h:i>," then the TOE must conform to <xref to="pkg-x509"/>.<h:p/> |
| 9403 | + If the ST Author selects "<h:i>SSH</h:i>," the TOE must conform to <xref to="ssh"/>.<h:p/> |
| 9404 | + If the ST Author selects "<h:i>certificate-based authentication of the remote peer</h:i>," then the TOE must conform to <xref to="X509"/>.<h:p/> |
9403 | 9405 | Claims from this package are only required to the extent that they are needed to support the functionality required by the trusted protocols that are claimed. |
9404 | 9406 | <h:p/> |
9405 | 9407 | If the TSF implements a protocol that requires the validation of a certificate presented by an |
|
0 commit comments