You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<rationale>This SFR supports the objective by ensuring secret and private key data is disposed of immediately after use to prevent unauthorized disclosure of keys.</rationale>
<rationale>This SFR supports the objective by defining the TLS trusted channel used for EST if the TOE supports that functionality.</rationale>
@@ -835,9 +853,9 @@ expected to enforce.<h:p/>
835
853
The TOE will have the ability to store and recover to a previous state at the direction of the
836
854
administrator (e.g., provide support for archival and recovery capabilities).
837
855
<h:p/>
838
-
Addressed by: FPT_FLS.1, FPT_RCV.1
856
+
Addressed by: FPT_FLS.1/STIP, FPT_RCV.1
839
857
</description>
840
-
<addressed-by>FPT_FLS.1</addressed-by>
858
+
<addressed-by>FPT_FLS.1/STIP</addressed-by>
841
859
<rationale>This SFR supports the objective by requiring the TSF to preserve a secure state when certain failures occur.</rationale>
842
860
<addressed-by>FPT_RCV.1</addressed-by>
843
861
<rationale>This SFR supports the objective by requiring the TSF to support a maintenance mode of operation that is entered when certain failures occur.</rationale>
@@ -860,10 +878,10 @@ expected to enforce.<h:p/>
860
878
TOE will record in audit records: date and time of action and the entity responsible for the action. The
861
879
TOE will provide the ability to store and review certificate information.
<rationale>This SFR supports the objective by defining a mechanism for the secure storage of audit data in the OE.</rationale>
868
886
<addressed-by>FAU_GEN.1/STIP</addressed-by>
869
887
<rationale>This SFR supports the objective by defining the auditable events specific to STIP functionality that the TSF must generate.</rationale>
@@ -1228,7 +1246,7 @@ expected to enforce.<h:p/>
1228
1246
1229
1247
<!-- Note: modified some of these to make the consistency more obvious, is that ok -->
1230
1248
<con-mod ref="OE.AUDIT">This objective intends for the TOE’s OE to have adequate storage to retain
1231
-
the TOE's audit records. This objective is not defined in the Base-PP but can be assumed to be consistent with the Base-PP because FAU_STG_EXT.1 requires transmission of audit data to an
1249
+
the TOE's audit records. This objective is not defined in the Base-PP but can be assumed to be consistent with the Base-PP because FAU_STG.1 requires transmission of audit data to an
1232
1250
environmental audit server, which means that there should be some assurance of the security of that server.</con-mod>
1233
1251
<con-mod ref="OE.CERT_REPOSITORY">This objective intends for the TOE’s OE to provide a certificate repository. This is not defined in the Base-PP because not all network devices will necessarily need to interface with a certificate repository.</con-mod>
1234
1252
<con-mod ref="OE.CERT_REPOSITORY_SEARCH">This objective intends for the TOE’s OE which will provide a certificate
@@ -1447,19 +1465,15 @@ expected to enforce.<h:p/>
1447
1465
</f-component>
1448
1466
1449
1467
1450
-
<f-component name="Prevention of Audit Data Loss" cc-id="fau_stg.4" id="fau-stg-4">
1468
+
<f-component name="Prevention of Audit Data Loss" cc-id="fau_stg.5" id="fau-stg-5">
1451
1469
<consistency-rationale>This SFR applies to the prevention of audit data loss by the inclusion of the
1452
1470
auditor role which is not listed in the Base-PP.</consistency-rationale>
1453
-
<comp-lev></comp-lev>
1454
-
<management></management>
1455
-
<audit></audit>
1456
-
<dependencies></dependencies>
1457
-
<f-element id="fau-stg-4e1">
1471
+
<f-element id="fau-stg-5e1">
1458
1472
<title>
1459
1473
The TSF shall [<h:i>prevent audited events, except those taken by the <h:b><selectables>
1460
1474
<selectable>Security Administrator</selectable>
1461
-
<selectable>Auditor</selectable></selectables></h:b></h:i>] and <assignable>other actions to be taken in
1462
-
case of audit storage failure</assignable>if the audit trail <h:b>cannot be written to</h:b>.
1475
+
<selectable>Auditor</selectable></selectables></h:b>, <assignable>other actions to be taken in
1476
+
case of audit storage failure</assignable></h:i>]if the audit <h:b>trail cannot be written to</h:b>.
1463
1477
</title>
1464
1478
<note role="application">
1465
1479
This requirement applies to the TOE regardless of whether the audit trail is stored
@@ -1781,7 +1795,7 @@ expected to enforce.<h:p/>
1781
1795
FCS_CKM.1 Cryptographic Key Generation<h:p/>
1782
1796
FCS_CKM.2 Cryptographic Key Distribution<h:p/>
1783
1797
FCS_COP.1 Cryptographic Operation<h:p/>
1784
-
FCS_RBG_EXT.1 Random Bit Generation<h:p/>
1798
+
FCS_RBG.1 Random Bit Generation<h:p/>
1785
1799
FCS_TTTS_EXT.1 Thru-Traffic TLS Inspection Server Protocol<h:p/>
<section title="Protection of the TSF (FPT)" id="m-fpt">
5216
5230
5217
-
<f-component name="Failure with Preservation of Secure State" cc-id="fpt_fls.1" id="fpt-fls-1">
5231
+
<f-component name="Failure with Preservation of Secure State" cc-id="fpt_fls.1" iteration="STIP" id="fpt-fls-1">
5218
5232
<consistency-rationale>This SFR applies to preserving a secure state when different failures occur
5219
5233
which is not defined in the Base-PP.</consistency-rationale>
5220
-
<f-element id="fpt-fls-1e1">
5234
+
<f-element id="fpt-fls-1e1-stip">
5221
5235
<title>The TSF shall preserve a secure state when the following types of failures occur: <h:b>
5222
5236
DRBG failure, integrity test failure, external audit server is unavailable, <selectables>
5223
5237
<selectable>local audit storage is full</selectable>
@@ -5250,7 +5264,7 @@ legacy cipher suites. -->
5250
5264
<Guidance>The evaluator shall examine the operational guidance to ensure it describes the actions that might occur in response to any detected failures
5251
5265
and provides remedial instructions for the administrator.<h:p/></Guidance>
5252
5266
<Tests>The evaluator shall attempt to cause each documented failure to occur and shall verify that the
5253
-
actions taken by the TSF are those specified in FPT_FLS.1.1. For those failures that the evaluator cannot
5267
+
actions taken by the TSF are those specified in FPT_FLS.1.1/STIP. For those failures that the evaluator cannot
5254
5268
cause, the evaluator shall provide a justification to explain why the failure could not be induced.
5255
5269
</Tests>
5256
5270
</aactivity>
@@ -5370,7 +5384,7 @@ legacy cipher suites. -->
5370
5384
<Tests>The evaluator shall attempt to cause each documented failure to occur and shall verify that the
5371
5385
result of this failure is that the TSF enters a maintenance mode. The evaluator shall also verify that the
5372
5386
maintenance mode can be exited and the TSF can be restored to a secure state. This testing may be
5373
-
performed in conjunction with FPT_FLS.1.</Tests>
5387
+
performed in conjunction with FPT_FLS.1/STIP.</Tests>
5374
5388
</aactivity>
5375
5389
</f-element>
5376
5390
<audit-event>
@@ -5571,12 +5585,10 @@ legacy cipher suites. -->
5571
5585
<selectable>certificate</selectable>
5572
5586
<selectable>certificate issuer</selectable>
5573
5587
</selectables> used by requested servers according to
5574
-
<h:b>
5575
5588
<selectables>
5576
5589
<selectable>a Security Administrator configurable number of the most common requested servers</selectable>
5577
5590
<selectable>a Security Administrator specified list of servers</selectable>
5578
5591
<selectable><assignable>a Security Administrator configurable rules based on attributes of the certificates used by the server</assignable></selectable></selectables>.
5579
-
</h:b>
5580
5592
</title>
5581
5593
<ext-comp-def-title>
5582
5594
<title>
@@ -6070,10 +6082,10 @@ legacy cipher suites. -->
6070
6082
<title>
6071
6083
The TSF shall be able to obtain EST server and CA certificates for authorized EST
6072
6084
services via <selectables>
6073
-
<selectable>implicit Trust Anchor/Trust Store (TA) configured by <h:b>
6085
+
<selectable>implicit Trust Anchor/Trust Store (TA) configured by
<audit-event-info><comment>There is an auditable event designated "Success" here but nothing listed for "Failure". Should an additional event be included for a failure case?</comment>
<selectable>individual components of Subject Alternative Name</selectable>
7198
7211
<selectable>subject ID</selectable>
@@ -7203,7 +7216,7 @@ legacy cipher suites. -->
7203
7216
<selectable>extended key usage</selectable>
7204
7217
<selectable>serial number</selectable>
7205
7218
<selectable><assignable>list of other certificate fields</assignable></selectable>
7206
-
</selectables></h:b>
7219
+
</selectables>
7207
7220
returning all matching certificates and <assignable>object identifier(s)</assignable> of
7208
7221
matching certificate.
7209
7222
</title>
@@ -7495,6 +7508,7 @@ legacy cipher suites. -->
7495
7508
</section>
7496
7509
7497
7510
<section title="Identification and Authentication (FIA)" id="obj-fia">
7511
+
<comment>All objective SFRs need a review to determine if they should change status in the next release of this PP-Module.</comment>
7498
7512
7499
7513
<f-component name="Client Use of TLS-Unique Value" cc-id="fia_estc_ext.2" id="fia-estc-ext-2">
7500
7514
<consistency-rationale>This SFR applies to the implementation of EST, which is a method of acquiring certificates that is not defined in the Base-PP.</consistency-rationale>
@@ -7585,16 +7599,8 @@ This appendix lists requirements that should be considered satisfied by products
0 commit comments