You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: input/stip.xml
+2-4Lines changed: 2 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -1157,8 +1157,8 @@ expected to enforce.<h:p/>
1157
1157
<consistency-rationale>The PP-Module partially completes selections and assignments in this SFR using the available options to specify external interfaces and trusted channels that all STIP products must support at minimum.</consistency-rationale>
1158
1158
<description>
1159
1159
<h:p>This SFR has been modified from its definition in the Base-PP to mandate the use of TLS. Other protocol options may be selected without restriction. Any element that is not present in this section is unchanged from its definition in the Base-PP.</h:p>
1160
-
<h:p>The text of the specified elements is replaced with:</h:p>
1161
-
<h:p><h:b>FTP_ITC.1.1: </h:b>The TSF shall be capable of using <h:b>TLS as defined in
1160
+
<h:p>The text of FTP_ITC.1.1 is replaced with:</h:p>
1161
+
<h:p><h:b>FTP_ITC.1.1 </h:b>The TSF shall be capable of using <h:b>TLS as defined in
1162
1162
the Functional Package for TLS and</h:b> [<h:b>selection: </h:b><h:i>IPsec, SSH as defined in the Functional Package for SSH, DTLS as defined in the Functional Package for TLS, HTTPS, <h:b>no other protocols</h:b></h:i>]
1163
1163
to provide a trusted communication channel between itself and authorized IT entities supporting the following capabilities: audit server, <h:b>TLS session proxying, </h:b>[<h:b>selection: </h:b><h:i>authentication server, <h:b>Enrollment over Secure Transport, </h:b>[<h:b>assignment: </h:b>other capabilities], no other capabilities</h:i>]
1164
1164
that is logically distinct from other communication channels and provides assured
@@ -1169,8 +1169,6 @@ expected to enforce.<h:p/>
1169
1169
this interface is defined in the PP-Module as selection-based functionality.
1170
1170
The TLS functionality used to implement SSL/TLS session proxying is defined in this PP-Module under the FCS_TTTC_EXT and FCS_TTTS_EXT requirements.
1171
1171
For other potential TLS uses (e.g. EST, audit server communications), the relevant SFRs from the Base-PP would be used.</h:p>
1172
-
<h:p><h:b>FTP_ITC.1.2: </h:b>The TSF shall permit [<h:b>selection: </h:b><h:i>the TSF, <h:b>the authorized IT entities</h:b></h:i>] to initiate communication via the trusted channel.</h:p>
1173
-
<h:p><h:b>FTP_ITC.1.3: </h:b>The TSF shall initiate communication via the trusted channel for [<h:i>establishment of TLS proxy connections, [<h:b>selection: </h:b>[<h:b>assignment: </h:b>list of other services for which the TSF is able to initiate communications], no other services</h:i>].</h:p>
0 commit comments