You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: input/stip.xml
+16-2Lines changed: 16 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -2723,7 +2723,14 @@ legacy cipher suites. -->
2723
2723
FMT_SMR.1 Security Roles
2724
2724
</dependencies>
2725
2725
<f-element id="fdp-cer-ext-1e1">
2726
-
<title>The TSF shall implement a certificate profile function for TLS server certificates
2726
+
<title>
2727
+
<comment>
2728
+
This SFR can be pulled as an iteration of FDP_CER_EXT.1 from the X.509 FP, however the FP provides customizability in its certificate profile definitions
2729
+
that the PP-Module version does not specify a position on. A review of these two versions of the SFRs is needed to determine the appropriate assignments/selections such that
2730
+
the configuration is comparable to its old definitions. Additionally, there is currently no syntactical or administrative
2731
+
way to provide guidance on what selections/assignments must be made in the FP from the perspective of this PP-Module. There is also no way to provide guidance on what selections must be made in the Base-PP in order to
2732
+
make the X.509 FP applicable to the product.
2733
+
</comment>The TSF shall implement a certificate profile function for TLS server certificates
2727
2734
issued by a CA embedded within the TOE, and shall ensure that issued certificates
2728
2735
are consistent with configured profiles.</title>
2729
2736
</f-element>
@@ -6336,7 +6343,14 @@ legacy cipher suites. -->
6336
6343
FMT_SMR.1 Security Roles
6337
6344
</dependencies>
6338
6345
<f-element id="fdp-cer-ext-4e1">
6339
-
<title>The TSF shall implement a certificate profile function for TLS client certificates
6346
+
<title>
6347
+
<comment>
6348
+
This SFR can be pulled as an iteration of FDP_CER_EXT.1 from the X.509 FP, however the FP provides customizability in its certificate profile definitions
6349
+
that the PP-Module version does not specify a position on. A review of these two versions of the SFRs is needed to determine the appropriate assignments/selections such that
6350
+
the configuration is comparable to its old definitions. Additionally, there is currently no syntactical or administrative
6351
+
way to provide guidance on what selections/assignments must be made in the FP from the perspective of this PP-Module. There is also no way to provide guidance on what selections must be made in the Base-PP in order to
6352
+
make the X.509 FP applicable to the product.
6353
+
</comment>The TSF shall implement a certificate profile function for TLS client certificates
6340
6354
issued by a CA embedded within the TOE, and shall ensure that issued certificates
0 commit comments