This page is best viewed with JavaScript enabled! {#this-page-is-best-viewed-with-jav This page is best viewed with JavaScript enabled! {#this-page-is-best-viewed-with-jav ================================================= ================================================= ::: {.center} ::: {.center} ![NIAP Logo](images/niaplogo.png)\ ![NIAP Logo](images/niaplogo.png)\ Version: 0.9\ | Version: 1.0\ 2022-01-10\ | 2022-02-10\ **National Information Assurance Partnership**\ **National Information Assurance Partnership**\ ::: ::: Revision History {#revision-history style="page-break-before:always;"} Revision History {#revision-history style="page-break-before:always;"} ---------------- ---------------- Version Date Comment Version Date Comment --------- ------------ -------------- | --------- ------------ ---------------------- 0.1 2020-11-16 Started 0.1 2020-11-16 Started 0.9 2022-01-10 Latest draft | 1.0 2022-02-10 Initial publication. Contents Contents -------- -------- ::: {#toc .toc} ::: {#toc .toc} [1Introduction](#Introduction)[1.1Overview](#ppoverview)[1.2Terms](#glossary)[1.2.1Co [1Introduction](#Introduction)[1.1Overview](#ppoverview)[1.2Terms](#glossary)[1.2.1Co Criteria Terms](#cc-terms)[1.2.2Technical Terms](#tech-terms)[1.3TOE Criteria Terms](#cc-terms)[1.2.2Technical Terms](#tech-terms)[1.3TOE Overview](#TOEdescription)[1.3.1TOE Boundary](#TOEboundary)[1.3.2TOE Overview](#TOEdescription)[1.3.1TOE Boundary](#TOEboundary)[1.3.2TOE Operational Environment](#TOEopenv)[1.4Use Operational Environment](#TOEopenv)[1.4Use Cases](#usecases)[1.5Roles](#roles)[2Conformance Claims](#ccl)[3Security Cases](#usecases)[1.5Roles](#roles)[2Conformance Claims](#ccl)[3Security Problem Problem Description](#spd)[3.1Threats](#Threats)[3.2Assumptions](#assumptions)[3.3Organizatio Description](#spd)[3.1Threats](#Threats)[3.2Assumptions](#assumptions)[3.3Organizatio Security Policies](#OSPs)[4Security Security Policies](#OSPs)[4Security Objectives](#Security_Objectives)[4.1Security Objectives for the Objectives](#Security_Objectives)[4.1Security Objectives for the TOE](#SecurityObjectivesTOE)[4.2Security Objectives for the Operational TOE](#SecurityObjectivesTOE)[4.2Security Objectives for the Operational Environment](#SecurityObjectivesTOEorEnvironment)[4.3Security Objectives Environment](#SecurityObjectivesTOEorEnvironment)[4.3Security Objectives Rationale](#SOR)[5Security Rationale](#SOR)[5Security Requirements](#Security_Requirements)[5.1Security Functional Requirements](#Security_Requirements)[5.1Security Functional Requirements](#SFRs)[5.1.1Auditable Events for Mandatory Requirements](#SFRs)[5.1.1Auditable Events for Mandatory SFRs](#ss-audit-table)[5.1.2Class: Security Management SFRs](#ss-audit-table)[5.1.2Class: Security Management (FMT)](#fmt)[5.1.3Class: Protection of the TSF (FPT)](#fpt)[5.1.4TOE (FMT)](#fmt)[5.1.3Class: Protection of the TSF (FPT)](#fpt)[5.1.4TOE Security Functional Requirements Rationale](#obj-req-map)[5.2Security Security Functional Requirements Rationale](#obj-req-map)[5.2Security Assurance Requirements](#SARs)[5.2.1Class ASE: Security Assurance Requirements](#SARs)[5.2.1Class ASE: Security Target](#ase)[5.2.2Class ADV: Development](#adv)[5.2.3Class AGD: Target](#ase)[5.2.2Class ADV: Development](#adv)[5.2.3Class AGD: Guidance Documentation](#agd)[5.2.4Class ALC: Life-cycle Guidance Documentation](#agd)[5.2.4Class ALC: Life-cycle Support](#alc)[5.2.5Class ATE: Tests](#ate)[5.2.6Class AVA: Support](#alc)[5.2.5Class ATE: Tests](#ate)[5.2.6Class AVA: Vulnerability Assessment](#ava)[Appendix A - Optional Vulnerability Assessment](#ava)[Appendix A - Optional Requirements](#opt-app)[A.1Strictly Optional Requirements Requirements](#opt-app)[A.1Strictly Optional Requirements ](#optional-reqs)[A.1.1 Auditable Events for Strictly Optional ](#optional-reqs)[A.1.1 Auditable Events for Strictly Optional Requirements ](#optional-reqs-audit)[A.1.2Class: Cryptographic Support Requirements ](#optional-reqs-audit)[A.1.2Class: Cryptographic Support (FCS)](#fcs-optional)[A.1.3Class: User Data Protection (FCS)](#fcs-optional)[A.1.3Class: User Data Protection (FDP)](#fdp-optional)[A.1.4Class: Identification and Authentication (FDP)](#fdp-optional)[A.1.4Class: Identification and Authentication (FIA)](#fia-optional)[A.2Objective Requirements ](#objective-reqs)[A.2.1 (FIA)](#fia-optional)[A.2Objective Requirements ](#objective-reqs)[A.2.1 Auditable Events for Objective Requirements Auditable Events for Objective Requirements ](#objective-reqs-audit)[A.2.2Class: Protection of the TSF ](#objective-reqs-audit)[A.2.2Class: Protection of the TSF (FPT)](#fpt-objective)[A.3Implementation-Based Requirements (FPT)](#fpt-objective)[A.3Implementation-Based Requirements ](#feat-based-reqs)[Appendix B - Selection-Based Requirements ](#feat-based-reqs)[Appendix B - Selection-Based Requirements ](#sel-based-reqs)[B.1 Auditable Events for Selection-Based Requirements ](#sel-based-reqs)[B.1 Auditable Events for Selection-Based Requirements ](#sel-based-reqs-audit)[B.2Class: Security Audit ](#sel-based-reqs-audit)[B.2Class: Security Audit (FAU)](#fau-sel-based)[B.3Class: Cryptographic Support (FAU)](#fau-sel-based)[B.3Class: Cryptographic Support (FCS)](#fcs-sel-based)[B.4Class: User Data Protection (FCS)](#fcs-sel-based)[B.4Class: User Data Protection (FDP)](#fdp-sel-based)[B.5Class: Identification and Authentication (FDP)](#fdp-sel-based)[B.5Class: Identification and Authentication (FIA)](#fia-sel-based)[B.6Class: Protection of the TSF (FIA)](#fia-sel-based)[B.6Class: Protection of the TSF (FPT)](#fpt-sel-based)[B.7Class: Trusted Path/Channels (FPT)](#fpt-sel-based)[B.7Class: Trusted Path/Channels (FTP)](#ftp-sel-based)[Appendix C - Extended Component (FTP)](#ftp-sel-based)[Appendix C - Extended Component Definitions](#ext-comp-defs)[C.1Extended Components Definitions](#ext-comp-defs)[C.1Extended Components Table](#ext-comp-defs-bg)[C.2Extended Component Table](#ext-comp-defs-bg)[C.2Extended Component Definitions](#ext-comp-defs-bg)[C.2.1Class: Security Audit Definitions](#ext-comp-defs-bg)[C.2.1Class: Security Audit (FAU)](#ext-comp-FAU)[C.2.1.1FAU\_STG\_EXT Off-Loading of Audit (FAU)](#ext-comp-FAU)[C.2.1.1FAU\_STG\_EXT Off-Loading of Audit Data](#ext-comp-FAU_STG_EXT)[C.2.2Class: Cryptographic Support Data](#ext-comp-FAU_STG_EXT)[C.2.2Class: Cryptographic Support (FCS)](#ext-comp-FCS)[C.2.2.1FCS\_CKM\_EXT Cryptographic Key (FCS)](#ext-comp-FCS)[C.2.2.1FCS\_CKM\_EXT Cryptographic Key Management](#ext-comp-FCS_CKM_EXT)[C.2.2.2FCS\_ENT\_EXT Entropy for Management](#ext-comp-FCS_CKM_EXT)[C.2.2.2FCS\_ENT\_EXT Entropy for Virtual Machines](#ext-comp-FCS_ENT_EXT)[C.2.2.3FCS\_HTTPS\_EXT HTTPS Virtual Machines](#ext-comp-FCS_ENT_EXT)[C.2.2.3FCS\_HTTPS\_EXT HTTPS Protocol](#ext-comp-FCS_HTTPS_EXT)[C.2.2.4FCS\_IPSEC\_EXT IPsec Protocol](#ext-comp-FCS_HTTPS_EXT)[C.2.2.4FCS\_IPSEC\_EXT IPsec Protocol](#ext-comp-FCS_IPSEC_EXT)[C.2.2.5FCS\_RBG\_EXT Cryptographic Protocol](#ext-comp-FCS_IPSEC_EXT)[C.2.2.5FCS\_RBG\_EXT Cryptographic Operation (Random Bit Operation (Random Bit Generation)](#ext-comp-FCS_RBG_EXT)[C.2.2.6FCS\_SLT\_EXT Cryptographic Generation)](#ext-comp-FCS_RBG_EXT)[C.2.2.6FCS\_SLT\_EXT Cryptographic Salt Generation](#ext-comp-FCS_SLT_EXT)[C.2.2.7FCS\_STG\_EXT Salt Generation](#ext-comp-FCS_SLT_EXT)[C.2.2.7FCS\_STG\_EXT Cryptographic Key Storage](#ext-comp-FCS_STG_EXT)[C.2.3Class: User Data Cryptographic Key Storage](#ext-comp-FCS_STG_EXT)[C.2.3Class: User Data Protection (FDP)](#ext-comp-FDP)[C.2.3.1FDP\_ITC\_EXT Key Protection (FDP)](#ext-comp-FDP)[C.2.3.1FDP\_ITC\_EXT Key Import](#ext-comp-FDP_ITC_EXT)[C.2.3.2FDP\_TEE\_EXT Trusted Execution Import](#ext-comp-FDP_ITC_EXT)[C.2.3.2FDP\_TEE\_EXT Trusted Execution Environment](#ext-comp-FDP_TEE_EXT)[C.2.4Class: Identification and Environment](#ext-comp-FDP_TEE_EXT)[C.2.4Class: Identification and Authentication (FIA)](#ext-comp-FIA)[C.2.4.1FIA\_AFL\_EXT Authentication Authentication (FIA)](#ext-comp-FIA)[C.2.4.1FIA\_AFL\_EXT Authentication Failure Handling](#ext-comp-FIA_AFL_EXT)[C.2.4.2FIA\_PMG\_EXT Password Failure Handling](#ext-comp-FIA_AFL_EXT)[C.2.4.2FIA\_PMG\_EXT Password Management](#ext-comp-FIA_PMG_EXT)[C.2.4.3FIA\_TRT\_EXT Authentication Management](#ext-comp-FIA_PMG_EXT)[C.2.4.3FIA\_TRT\_EXT Authentication Throttling](#ext-comp-FIA_TRT_EXT)[C.2.4.4FIA\_UIA\_EXT Administrator Throttling](#ext-comp-FIA_TRT_EXT)[C.2.4.4FIA\_UIA\_EXT Administrator Identification and Identification and Authentication](#ext-comp-FIA_UIA_EXT)[C.2.4.5FIA\_X509\_EXT X.509 Authentication](#ext-comp-FIA_UIA_EXT)[C.2.4.5FIA\_X509\_EXT X.509 Certificate Handling](#ext-comp-FIA_X509_EXT)[C.2.5Class: Security Certificate Handling](#ext-comp-FIA_X509_EXT)[C.2.5Class: Security Management (FMT)](#ext-comp-FMT)[C.2.5.1FMT\_CFG\_EXT Secure by Management (FMT)](#ext-comp-FMT)[C.2.5.1FMT\_CFG\_EXT Secure by Default](#ext-comp-FMT_CFG_EXT)[C.2.6Class: Protection of the TSF Default](#ext-comp-FMT_CFG_EXT)[C.2.6Class: Protection of the TSF (FPT)](#ext-comp-FPT)[C.2.6.1FPT\_JTA\_EXT Debug Port (FPT)](#ext-comp-FPT)[C.2.6.1FPT\_JTA\_EXT Debug Port Access](#ext-comp-FPT_JTA_EXT)[C.2.6.2FPT\_ROT\_EXT Platform Access](#ext-comp-FPT_JTA_EXT)[C.2.6.2FPT\_ROT\_EXT Platform Integrity](#ext-comp-FPT_ROT_EXT)[C.2.6.3FPT\_PPF\_EXT Protection of Integrity](#ext-comp-FPT_ROT_EXT)[C.2.6.3FPT\_PPF\_EXT Protection of Platform Firmware](#ext-comp-FPT_PPF_EXT)[C.2.6.4FPT\_RVR\_EXT Platform Platform Firmware](#ext-comp-FPT_PPF_EXT)[C.2.6.4FPT\_RVR\_EXT Platform Firmware Recovery](#ext-comp-FPT_RVR_EXT)[C.2.6.5FPT\_TUD\_EXT Platform Firmware Recovery](#ext-comp-FPT_RVR_EXT)[C.2.6.5FPT\_TUD\_EXT Platform Firmware Update](#ext-comp-FPT_TUD_EXT)[C.2.7Class: Trusted Firmware Update](#ext-comp-FPT_TUD_EXT)[C.2.7Class: Trusted Path/Channels (FTP)](#ext-comp-FTP)[C.2.7.1FTP\_ITC\_EXT Trusted Channel Path/Channels (FTP)](#ext-comp-FTP)[C.2.7.1FTP\_ITC\_EXT Trusted Channel Communications](#ext-comp-FTP_ITC_EXT)[C.2.7.2FTP\_ITE\_EXT Encrypted Communications](#ext-comp-FTP_ITC_EXT)[C.2.7.2FTP\_ITE\_EXT Encrypted Data Communications](#ext-comp-FTP_ITE_EXT)[C.2.7.3FTP\_ITP\_EXT Data Communications](#ext-comp-FTP_ITE_EXT)[C.2.7.3FTP\_ITP\_EXT Physically Protected Channel](#ext-comp-FTP_ITP_EXT)[Appendix D - Physically Protected Channel](#ext-comp-FTP_ITP_EXT)[Appendix D - Implicitly Satisfied Requirements](#satisfiedreqs)[Appendix E - Entropy Implicitly Satisfied Requirements](#satisfiedreqs)[Appendix E - Entropy Documentation and Assessment](#appendix-entropy)[E.1Design Documentation and Assessment](#appendix-entropy)[E.1Design Description](#s-design)[E.2Entropy Description](#s-design)[E.2Entropy Justification](#s-justification)[E.3Operating Justification](#s-justification)[E.3Operating Conditions](#s-oc)[E.4Health Testing](#s-health)[Appendix F - Conditions](#s-oc)[E.4Health Testing](#s-health)[Appendix F - Equivalency Equivalency Guidelines](#appendix-equiv)[F.1Introduction](#s-vm-intro)[F.2Approach Guidelines](#appendix-equiv)[F.1Introduction](#s-vm-intro)[F.2Approach to Equivalency Analysis](#s-approach)[F.3Specific Guidance for to Equivalency Analysis](#s-approach)[F.3Specific Guidance for Determining Product Equivalence](#s-modelequiv)[F.4Technical Determining Product Equivalence](#s-modelequiv)[F.4Technical Equivalence](#ss-hardware-equiv)[F.5Level of Specificity for Tested and Equivalence](#ss-hardware-equiv)[F.5Level of Specificity for Tested and Claimed Equivalent Configurations](#s-specificity)[Appendix G - Use Case Claimed Equivalent Configurations](#s-specificity)[Appendix G - Use Case Templates](#use-case-appendix)[G.1Server-Class Platform, Templates](#use-case-appendix)[G.1Server-Class Platform, Basic](#appendix-uc-server-basic)[G.2Server-Class Platform, Basic](#appendix-uc-server-basic)[G.2Server-Class Platform, Enhanced](#appendix-uc-server-enhanced)[G.3Portable Clients (laptops, Enhanced](#appendix-uc-server-enhanced)[G.3Portable Clients (laptops, tablets), Basic](#appendix-uc-client-portable-basic)[G.4Portable Clients tablets), Basic](#appendix-uc-client-portable-basic)[G.4Portable Clients (laptops, tablets), (laptops, tablets), Enhanced](#appendix-uc-client-portable-enhanced)[G.5CSfC Enhanced](#appendix-uc-client-portable-enhanced)[G.5CSfC EUD](#appendix-uc-csfc-eud)[G.6Tactical EUD](#appendix-uc-csfc-eud)[G.6Tactical EUD](#appendix-uc-tactical-eud)[G.7Enterprise Desktop EUD](#appendix-uc-tactical-eud)[G.7Enterprise Desktop clients](#appendix-uc-ent-clients-desktop)[G.8IoT clients](#appendix-uc-ent-clients-desktop)[G.8IoT Devices](#appendix-uc-iot-device)[Appendix H - Devices](#appendix-uc-iot-device)[Appendix H - Acronyms](#acronyms)[Appendix I - Bibliography](#appendix-bibliography) Acronyms](#acronyms)[Appendix I - Bibliography](#appendix-bibliography) ::: ::: 1 Introduction {#Introduction .indexable data-level="1"} 1 Introduction {#Introduction .indexable data-level="1"} ============== ============== 1.1 Overview {#ppoverview .indexable data-level="2"} 1.1 Overview {#ppoverview .indexable data-level="2"} ------------ ------------ The scope of this Protection Profile ([PP](#abbr_PP)) is to describe the The scope of this Protection Profile ([PP](#abbr_PP)) is to describe the security functionality of General-Purpose Computing Platforms in terms security functionality of General-Purpose Computing Platforms in terms of the Common Criteria and to define functional and assurance of the Common Criteria and to define functional and assurance requirements for such products. requirements for such products. A platform is a collection of hardware devices and firmware that provide A platform is a collection of hardware devices and firmware that provide the functional capabilities and services needed by tenant software. Such the functional capabilities and services needed by tenant software. Such components typically include embedded controllers, trusted platform components typically include embedded controllers, trusted platform modules, management controllers, host processors, network interface modules, management controllers, host processors, network interface controllers, graphics processing units, flash memory, storage controllers, graphics processing units, flash memory, storage controllers, storage devices, boot firmware, runtime firmware, human controllers, storage devices, boot firmware, runtime firmware, human interface devices, and a power supply. interface devices, and a power supply. This Protection Profile for General-Purpose Computing Platforms derives This Protection Profile for General-Purpose Computing Platforms derives requirements from the following documents: requirements from the following documents: - NIAP, *BIOS Update for PC Client Devices protection Profile*, - NIAP, *BIOS Update for PC Client Devices protection Profile*, Version 1.0, 12 Feb 2013 Version 1.0, 12 Feb 2013 - [NIST](#abbr_NIST) SP 800-147 *BIOS Protection Guidelines*, April - [NIST](#abbr_NIST) SP 800-147 *BIOS Protection Guidelines*, April 2011 2011 - [NIST](#abbr_NIST) SP 800-147B *BIOS Protection Guidelines for - [NIST](#abbr_NIST) SP 800-147B *BIOS Protection Guidelines for Servers*, August 2014 Servers*, August 2014 - [NIST](#abbr_NIST) SP 800-193 *Platform Firmware Resiliency - [NIST](#abbr_NIST) SP 800-193 *Platform Firmware Resiliency Guidelines* Guidelines* Additionally, the following specifications and standards may be relevant Additionally, the following specifications and standards may be relevant to requirements in this [PP](#abbr_PP): to requirements in this [PP](#abbr_PP): - [NIST](#abbr_NIST) SP 800-155 (Draft) *BIOS Integrity Measurement - [NIST](#abbr_NIST) SP 800-155 (Draft) *BIOS Integrity Measurement Guidelines (Draft)*, December 2011 Guidelines (Draft)*, December 2011 - [NIST](#abbr_NIST) SP 1800-34 (Draft) *Validating the Integrity of - [NIST](#abbr_NIST) SP 1800-34 (Draft) *Validating the Integrity of Computing Devices (Preliminary Draft)*, 2021 Computing Devices (Preliminary Draft)*, 2021 - Trusted Computing Group, *TCG PC Client Platform Firmware Integrity - Trusted Computing Group, *TCG PC Client Platform Firmware Integrity Measurement* Version 1.0 Revision Specification 43 Family 2.0, May Measurement* Version 1.0 Revision Specification 43 Family 2.0, May 7, 2021 7, 2021 - [IEEE](#abbr_IEEE) Std 802.1AR-2018, *Secure Device Identity* - [IEEE](#abbr_IEEE) Std 802.1AR-2018, *Secure Device Identity* 1.2 Terms {#glossary .indexable data-level="2"} 1.2 Terms {#glossary .indexable data-level="2"} --------- --------- The following sections list Common Criteria and technology terms used in The following sections list Common Criteria and technology terms used in this document. this document. ### 1.2.1 Common Criteria Terms {#cc-terms .indexable data-level="3"} ### 1.2.1 Common Criteria Terms {#cc-terms .indexable data-level="3"} +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Assurance} | Grounds for confidence that a | | ::: {#Assurance} | Grounds for confidence that a | | Assurance | [TOE](#abbr_TOE) meets the SFRs | | Assurance | [TOE](#abbr_TOE) meets the SFRs | | ::: | [\[CC\]](#bibCC). | | ::: | [\[CC\]](#bibCC). | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Base_Protection_Profile} | Protection Profile used as a | | ::: {#Base_Protection_Profile} | Protection Profile used as a | | Base Protection Profile | basis to build a | | Base Protection Profile | basis to build a | | ([Base-PP](#abbr_Base-PP)) | [PP-Configuration](#abbr_PP-Confi | | ([Base-PP](#abbr_Base-PP)) | [PP-Configuration](#abbr_PP-Confi | | ::: | guration). | | ::: | guration). | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Collaborative_Protection_Pr | A Protection Profile developed by | | ::: {#Collaborative_Protection_Pr | A Protection Profile developed by | | ofile} | international technical | | ofile} | international technical | | Collaborative Protection Profile | communities and approved by | | Collaborative Protection Profile | communities and approved by | | ([cPP](#abbr_cPP)) | multiple schemes | | ([cPP](#abbr_cPP)) | multiple schemes | | ::: | | | ::: | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Common_Criteria} | Common Criteria for Information | | ::: {#Common_Criteria} | Common Criteria for Information | | Common Criteria ([CC](#abbr_CC)) | Technology Security Evaluation | | Common Criteria ([CC](#abbr_CC)) | Technology Security Evaluation | | ::: | (International Standard | | ::: | (International Standard | | | [ISO](#abbr_ISO)/[IEC](#abbr_IEC) | | | [ISO](#abbr_ISO)/[IEC](#abbr_IEC) | | | 15408). | | | 15408). | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Common_Criteria_Testing_Lab | Within the context of the Common | | ::: {#Common_Criteria_Testing_Lab | Within the context of the Common | | oratory} | Criteria Evaluation and | | oratory} | Criteria Evaluation and | | Common Criteria Testing | Validation Scheme (CCEVS), an | | Common Criteria Testing | Validation Scheme (CCEVS), an | | Laboratory | [IT](#abbr_IT) security | | Laboratory | [IT](#abbr_IT) security | | ::: | evaluation facility, accredited | | ::: | evaluation facility, accredited | | | by the National Voluntary | | | by the National Voluntary | | | Laboratory Accreditation Program | | | Laboratory Accreditation Program | | | (NVLAP) and approved by the NIAP | | | (NVLAP) and approved by the NIAP | | | Validation Body to conduct Common | | | Validation Body to conduct Common | | | Criteria-based evaluations. | | | Criteria-based evaluations. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Common_Evaluation_Methodolo | Common Evaluation Methodology for | | ::: {#Common_Evaluation_Methodolo | Common Evaluation Methodology for | | gy} | Information Technology Security | | gy} | Information Technology Security | | Common Evaluation Methodology | Evaluation. | | Common Evaluation Methodology | Evaluation. | | ([CEM](#abbr_CEM)) | | | ([CEM](#abbr_CEM)) | | | ::: | | | ::: | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Extended_Package} | A deprecated document form for | | ::: {#Extended_Package} | A deprecated document form for | | Extended Package ([EP](#abbr_EP)) | collecting SFRs that implement a | | Extended Package ([EP](#abbr_EP)) | collecting SFRs that implement a | | ::: | particular protocol, technology, | | ::: | particular protocol, technology, | | | or functionality. See Functional | | | or functionality. See Functional | | | Packages. | | | Packages. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Functional_Package} | A document that collects SFRs for | | ::: {#Functional_Package} | A document that collects SFRs for | | Functional Package | a particular protocol, | | Functional Package | a particular protocol, | | ([FP](#abbr_FP)) | technology, or functionality. | | ([FP](#abbr_FP)) | technology, or functionality. | | ::: | | | ::: | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Operational_Environment} | Hardware and software that are | | ::: {#Operational_Environment} | Hardware and software that are | | Operational Environment | outside the [TOE](#abbr_TOE) | | Operational Environment | outside the [TOE](#abbr_TOE) | | ([OE](#abbr_OE)) | boundary that support the | | ([OE](#abbr_OE)) | boundary that support the | | ::: | [TOE](#abbr_TOE) functionality | | ::: | [TOE](#abbr_TOE) functionality | | | and security policy. | | | and security policy. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Protection_Profile} | An implementation-independent set | | ::: {#Protection_Profile} | An implementation-independent set | | Protection Profile | of security requirements for a | | Protection Profile | of security requirements for a | | ([PP](#abbr_PP)) | category of products. | | ([PP](#abbr_PP)) | category of products. | | ::: | | | ::: | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Protection_Profile_Configur | A comprehensive set of security | | ::: {#Protection_Profile_Configur | A comprehensive set of security | | ation} | requirements for a product type | | ation} | requirements for a product type | | Protection Profile Configuration | that consists of at least one | | Protection Profile Configuration | that consists of at least one | | ([PP-Configuration](#abbr_PP-Conf | [Base-PP](#abbr_Base-PP) and at | | ([PP-Configuration](#abbr_PP-Conf | [Base-PP](#abbr_Base-PP) and at | | iguration)) | least one | | iguration)) | least one | | ::: | [PP-Module](#abbr_PP-Module). | | ::: | [PP-Module](#abbr_PP-Module). | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Protection_Profile_Module} | An implementation-independent | | ::: {#Protection_Profile_Module} | An implementation-independent | | Protection Profile Module | statement of security needs for a | | Protection Profile Module | statement of security needs for a | | ([PP-Module](#abbr_PP-Module)) | [TOE](#abbr_TOE) type | | ([PP-Module](#abbr_PP-Module)) | [TOE](#abbr_TOE) type | | ::: | complementary to one or more Base | | ::: | complementary to one or more Base | | | Protection Profiles. | | | Protection Profiles. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Security_Assurance_Requirem | A requirement to assure the | | ::: {#Security_Assurance_Requirem | A requirement to assure the | | ent} | security of the [TOE](#abbr_TOE). | | ent} | security of the [TOE](#abbr_TOE). | | Security Assurance Requirement | | | Security Assurance Requirement | | | ([SAR](#abbr_SAR)) | | | ([SAR](#abbr_SAR)) | | | ::: | | | ::: | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Security_Functional_Require | A requirement for security | | ::: {#Security_Functional_Require | A requirement for security | | ment} | enforcement by the | | ment} | enforcement by the | | Security Functional Requirement | [TOE](#abbr_TOE). | | Security Functional Requirement | [TOE](#abbr_TOE). | | ([SFR](#abbr_SFR)) | | | ([SFR](#abbr_SFR)) | | | ::: | | | ::: | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Security_Target} | A set of implementation-dependent | | ::: {#Security_Target} | A set of implementation-dependent | | Security Target ([ST](#abbr_ST)) | security requirements for a | | Security Target ([ST](#abbr_ST)) | security requirements for a | | ::: | specific product. | | ::: | specific product. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Target_of_Evaluation} | The product under evaluation. | | ::: {#Target_of_Evaluation} | The product under evaluation. | | Target of Evaluation | | | Target of Evaluation | | | ([TOE](#abbr_TOE)) | | | ([TOE](#abbr_TOE)) | | | ::: | | | ::: | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#TOE_Security_Functionality} | The security functionality of the | | ::: {#TOE_Security_Functionality} | The security functionality of the | | [TOE](#abbr_TOE) Security | product under evaluation. | | [TOE](#abbr_TOE) Security | product under evaluation. | | Functionality ([TSF](#abbr_TSF)) | | | Functionality ([TSF](#abbr_TSF)) | | | ::: | | | ::: | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#TOE_Summary_Specification} | A description of how a | | ::: {#TOE_Summary_Specification} | A description of how a | | [TOE](#abbr_TOE) Summary | [TOE](#abbr_TOE) satisfies the | | [TOE](#abbr_TOE) Summary | [TOE](#abbr_TOE) satisfies the | | Specification ([TSS](#abbr_TSS)) | SFRs in an [ST](#abbr_ST). | | Specification ([TSS](#abbr_TSS)) | SFRs in an [ST](#abbr_ST). | | ::: | | | ::: | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ ### 1.2.2 Technical Terms {#tech-terms .indexable data-level="3"} ### 1.2.2 Technical Terms {#tech-terms .indexable data-level="3"} +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Administrator} | An Administrator is responsible | | ::: {#Administrator} | An Administrator is responsible | | Administrator | for management activities, | | Administrator | for management activities, | | ::: | including setting policies that | | ::: | including setting policies that | | | are applied by the enterprise on | | | are applied by the enterprise on | | | the platform. An Administrator | | | the platform. An Administrator | | | can act remotely through a | | | can act remotely through a | | | management server, from which the | | | management server, from which the | | | platform receives configuration | | | platform receives configuration | | | policies and updates. An | | | policies and updates. An | | | Administrator can enforce | | | Administrator can enforce | | | settings on the system that | | | settings on the system that | | | cannot be overridden by | | | cannot be overridden by | | | non-Administrator users. | | | non-Administrator users. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#American_National_Standards | A private organization that | | ::: {#American_National_Standards | A private organization that | | _Institute} | oversees development of standards | | _Institute} | oversees development of standards | | American National Standards | in the United States. | | American National Standards | in the United States. | | Institute ([ANSI](#abbr_ANSI)) | | | Institute ([ANSI](#abbr_ANSI)) | | | ::: | | | ::: | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Application} | Software that runs on a platform | | ::: {#Application} | Software that runs on a platform | | Application | and performs tasks on behalf of | | Application | and performs tasks on behalf of | | ::: | the user or owner of the | | ::: | the user or owner of the | | | platform. | | | platform. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Application_Programming_Int | A specification of routines, data | | ::: {#Application_Programming_Int | A specification of routines, data | | erface} | structures, object classes, and | | erface} | structures, object classes, and | | Application Programming Interface | variables that allows an | | Application Programming Interface | variables that allows an | | ([API](#abbr_API)) | application to make use of | | ([API](#abbr_API)) | application to make use of | | ::: | services provided by another | | ::: | services provided by another | | | software component, such as a | | | software component, such as a | | | library. APIs are often provided | | | library. APIs are often provided | | | for a set of libraries included | | | for a set of libraries included | | | with the platform. | | | with the platform. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Baseboard_Management_Contro | Or Management Controller. A small | | ::: {#Baseboard_Management_Contro | Or Management Controller. A small | | ller} | computer generally found on | | ller} | computer generally found on | | Baseboard Management Controller | Server motherboards that performs | | Baseboard Management Controller | Server motherboards that performs | | ([BMC](#abbr_BMC)) | management tasks on behalf of an | | ([BMC](#abbr_BMC)) | management tasks on behalf of an | | ::: | Administrator. | | ::: | Administrator. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Cipher-based_Message_Authen | A mode of [AES](#abbr_AES) that | | ::: {#Cipher-based_Message_Authen | A mode of [AES](#abbr_AES) that | | tication_Code} | provides authentication, but not | | tication_Code} | provides authentication, but not | | Cipher-based Message | confidentiality. | | Cipher-based Message | confidentiality. | | Authentication Code | | | Authentication Code | | | ([CMAC](#abbr_CMAC)) | | | ([CMAC](#abbr_CMAC)) | | | ::: | | | ::: | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Commercial_Solutions_for_Cl | An US Department of Defense | | ::: {#Commercial_Solutions_for_Cl | An US Department of Defense | | assified} | program for delivering | | assified} | program for delivering | | Commercial Solutions for | cybersecurity solutions that | | Commercial Solutions for | cybersecurity solutions that | | Classified ([CSfC](#abbr_CSfC)) | leverage commercial technologies | | Classified ([CSfC](#abbr_CSfC)) | leverage commercial technologies | | ::: | and products. | | ::: | and products. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Credential} | Data that establishes the | | ::: {#Credential} | Data that establishes the | | Credential | identity of a user, e.g. a | | Credential | identity of a user, e.g. a | | ::: | cryptographic key or password. | | ::: | cryptographic key or password. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Critical_Security_Parameter | Information that is either user | | ::: {#Critical_Security_Parameter | Information that is either user | | s} | or system defined and is used to | | s} | or system defined and is used to | | Critical Security Parameters | operate a cryptographic module in | | Critical Security Parameters | operate a cryptographic module in | | ([CSP](#abbr_CSP)) | processing encryption functions | | ([CSP](#abbr_CSP)) | processing encryption functions | | ::: | including cryptographic keys and | | ::: | including cryptographic keys and | | | authentication data, such as | | | authentication data, such as | | | passwords, the disclosure or | | | passwords, the disclosure or | | | modification of which can | | | modification of which can | | | compromise the security of a | | | compromise the security of a | | | cryptographic module or the | | | cryptographic module or the | | | security of the information | | | security of the information | | | protected by the module. | | | protected by the module. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Data-at-Rest_(DAR)_Protecti | Countermeasures that prevent | | ::: {#Data-at-Rest_(DAR)_Protecti | Countermeasures that prevent | | on} | attackers, even those with | | on} | attackers, even those with | | Data-at-Rest ([DAR](#abbr_DAR)) | physical access, from extracting | | Data-at-Rest ([DAR](#abbr_DAR)) | physical access, from extracting | | Protection | data from non-volatile storage. | | Protection | data from non-volatile storage. | | ::: | Common techniques include data | | ::: | Common techniques include data | | | encryption and wiping. | | | encryption and wiping. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Developer} | An entity that writes | | ::: {#Developer} | An entity that writes | | Developer | [OS](#abbr_OS) software. For the | | Developer | [OS](#abbr_OS) software. For the | | ::: | purposes of this document, | | ::: | purposes of this document, | | | vendors and developers are the | | | vendors and developers are the | | | same. | | | same. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Diffie-Hellman_Key_Exchange | A cryptographic key exchange | | ::: {#Diffie-Hellman_Key_Exchange | A cryptographic key exchange | | } | protocol using public/private key | | } | protocol using public/private key | | Diffie-Hellman Key Exchange | pairs. | | Diffie-Hellman Key Exchange | pairs. | | ([DH](#abbr_DH)) | | | ([DH](#abbr_DH)) | | | ::: | | | ::: | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Distinguished_Name} | Information used in | | ::: {#Distinguished_Name} | Information used in | | Distinguished Name | certificate-based operations to | | Distinguished Name | certificate-based operations to | | ([DN](#abbr_DN)) | uniquely identify a person, | | ([DN](#abbr_DN)) | uniquely identify a person, | | ::: | organization, or business. | | ::: | organization, or business. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#End-User_Device} | A class of computing platform | | ::: {#End-User_Device} | A class of computing platform | | End-User Device | characterized by having a user | | End-User Device | characterized by having a user | | ([EUD](#abbr_EUD)) | interface for a single user. | | ([EUD](#abbr_EUD)) | interface for a single user. | | ::: | Often, EUDs are portable (e.g., | | ::: | Often, EUDs are portable (e.g., | | | laptop, tablet, mobile device), | | | laptop, tablet, mobile device), | | | but this is not necessarily the | | | but this is not necessarily the | | | case (e.g., desktop PC). | | | case (e.g., desktop PC). | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#General_Purpose_Operating_S | A class of [OS](#abbr_OS) | | ::: {#General_Purpose_Operating_S | A class of [OS](#abbr_OS) | | ystem} | designed to support a | | ystem} | designed to support a | | General Purpose Operating System | wide-variety of workloads | | General Purpose Operating System | wide-variety of workloads | | ::: | consisting of many concurrent | | ::: | consisting of many concurrent | | | applications or services. Typical | | | applications or services. Typical | | | characteristics for | | | characteristics for | | | [OSes](#abbr_OS) in this class | | | [OSes](#abbr_OS) in this class | | | include support for third-party | | | include support for third-party | | | applications, support for | | | applications, support for | | | multiple users, and security | | | multiple users, and security | | | separation between users and | | | separation between users and | | | their respective resources. | | | their respective resources. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#General-Purpose_Computing_P | A physical computing platform | | ::: {#General-Purpose_Computing_P | A physical computing platform | | latform} | designed to support | | latform} | designed to support | | General-Purpose Computing | general-purpose operating | | General-Purpose Computing | general-purpose operating | | Platform ([GPCP](#abbr_GPCP)) | systems, virtualization systems, | | Platform ([GPCP](#abbr_GPCP)) | systems, virtualization systems, | | ::: | and applications. | | ::: | and applications. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Internet_of_Things} | Physical computing devices that | | ::: {#Internet_of_Things} | Physical computing devices that | | Internet of Things | are embedded with sensors, | | Internet of Things | are embedded with sensors, | | ([IoT](#abbr_IoT)) | processing ability, software, and | | ([IoT](#abbr_IoT)) | processing ability, software, and | | ::: | other technologies that connect | | ::: | other technologies that connect | | | and exchange data with other | | | and exchange data with other | | | devices and systems over | | | devices and systems over | | | communications networks. | | | communications networks. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Joint_Test_Action_Group} | A standard for verifying and | | ::: {#Joint_Test_Action_Group} | A standard for verifying and | | Joint Test Action Group | testing circuit boards after | | Joint Test Action Group | testing circuit boards after | | ([JTAG](#abbr_JTAG)) | manufacture. | | ([JTAG](#abbr_JTAG)) | manufacture. | | ::: | | | ::: | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#KECCAK_Message_Authenticati | A variable-length keyed hash | | ::: {#KECCAK_Message_Authenticati | A variable-length keyed hash | | on_Code} | function described in | | on_Code} | function described in | | KECCAK Message Authentication | [NIST](#abbr_NIST) SP 800-185. | | KECCAK Message Authentication | [NIST](#abbr_NIST) SP 800-185. | | Code ([KMAC](#abbr_KMAC)) | | | Code ([KMAC](#abbr_KMAC)) | | | ::: | | | ::: | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Management_Controller} | Or Baseboard Management | | ::: {#Management_Controller} | Or Baseboard Management | | Management Controller | Controller ([BMC](#abbr_BMC)). A | | Management Controller | Controller ([BMC](#abbr_BMC)). A | | ([MC](#abbr_MC)) | small computer generally found on | | ([MC](#abbr_MC)) | small computer generally found on | | ::: | server motherboards that performs | | ::: | server motherboards that performs | | | management tasks on behalf of an | | | management tasks on behalf of an | | | Administrator. | | | Administrator. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Open_Mobile_Terminal_Platfo | A forum created by mobile network | | ::: {#Open_Mobile_Terminal_Platfo | A forum created by mobile network | | rm} | operators to discuss standards | | rm} | operators to discuss standards | | Open Mobile Terminal Platform | with manufacturers of mobile | | Open Mobile Terminal Platform | with manufacturers of mobile | | ([OMTP](#abbr_OMTP)) | devices. | | ([OMTP](#abbr_OMTP)) | devices. | | ::: | | | ::: | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Operating_System} | Software that manages physical | | ::: {#Operating_System} | Software that manages physical | | Operating System ([OS](#abbr_OS)) | and logical resources and | | Operating System ([OS](#abbr_OS)) | and logical resources and | | ::: | provides services for | | ::: | provides services for | | | applications. Operating systems | | | applications. Operating systems | | | are the generally the primary | | | are the generally the primary | | | tenant of a [GPCP](#abbr_GPCP). | | | tenant of a [GPCP](#abbr_GPCP). | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Physical_Presence} | A user or administrator having | | ::: {#Physical_Presence} | A user or administrator having | | Physical Presence | physical access to the | | Physical Presence | physical access to the | | ::: | [TOE](#abbr_TOE). An assertion of | | ::: | [TOE](#abbr_TOE). An assertion of | | | physical presence can take the | | | physical presence can take the | | | form, for example, of requiring | | | form, for example, of requiring | | | entry of a password at a boot | | | entry of a password at a boot | | | screen, unlocking of a physical | | | screen, unlocking of a physical | | | lock (e.g., a motherboard | | | lock (e.g., a motherboard | | | jumper), or inserting a | | | jumper), or inserting a | | | [USB](#abbr_USB) cable before | | | [USB](#abbr_USB) cable before | | | permitting platform firmware to | | | permitting platform firmware to | | | be updated. | | | be updated. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Root_of_Trust} | Roots of trust are highly | | ::: {#Root_of_Trust} | Roots of trust are highly | | Root of Trust ([RoT](#abbr_RoT)) | reliable hardware, firmware, and | | Root of Trust ([RoT](#abbr_RoT)) | reliable hardware, firmware, and | | ::: | software components that perform | | ::: | software components that perform | | | specific, critical security | | | specific, critical security | | | functions. Roots of trust are the | | | functions. Roots of trust are the | | | foundation for integrity of | | | foundation for integrity of | | | computing devices. | | | computing devices. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Sensitive_Data} | Sensitive data may include all | | ::: {#Sensitive_Data} | Sensitive data may include all | | Sensitive Data | user or enterprise data or may be | | Sensitive Data | user or enterprise data or may be | | ::: | specific application data such as | | ::: | specific application data such as | | | PII, emails, messaging, | | | PII, emails, messaging, | | | documents, calendar items, and | | | documents, calendar items, and | | | contacts. Sensitive data must | | | contacts. Sensitive data must | | | minimally include credentials and | | | minimally include credentials and | | | keys. | | | keys. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Subject_Alternative_Name} | An extended X.509 certificate | | ::: {#Subject_Alternative_Name} | An extended X.509 certificate | | Subject Alternative Name | field. | | Subject Alternative Name | field. | | ([SAN](#abbr_SAN)) | | | ([SAN](#abbr_SAN)) | | | ::: | | | ::: | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Tenant_Software} | Software that runs on and is | | ::: {#Tenant_Software} | Software that runs on and is | | Tenant Software | supported by a platform. In the | | Tenant Software | supported by a platform. In the | | ::: | case of a [GPCP](#abbr_GPCP), | | ::: | case of a [GPCP](#abbr_GPCP), | | | tenant software generally | | | tenant software generally | | | consists of an operating system, | | | consists of an operating system, | | | virtualization system, or | | | virtualization system, or | | | \"bare-metal\" application. | | | \"bare-metal\" application. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Trusted_Execution_Environme | An isolated and secure area that | | ::: {#Trusted_Execution_Environme | An isolated and secure area that | | nt} | ensures the confidentiality and | | nt} | ensures the confidentiality and | | Trusted Execution Environment | integrity of code and data loaded | | Trusted Execution Environment | integrity of code and data loaded | | ([TEE](#abbr_TEE)) | inside. | | ([TEE](#abbr_TEE)) | inside. | | ::: | | | ::: | | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#User} | In the context of a | | ::: {#User} | In the context of a | | User | [GPCP](#abbr_GPCP), a User is a | | User | [GPCP](#abbr_GPCP), a User is a | | ::: | human who interacts with the | | ::: | human who interacts with the | | | platform through a user | | | platform through a user | | | interface. Users do not need to | | | interface. Users do not need to | | | be authenticated by the platform | | | be authenticated by the platform | | | to use the platform, but | | | to use the platform, but | | | generally authenticate to tenant | | | generally authenticate to tenant | | | software such as on Operating | | | software such as on Operating | | | System. | | | System. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | ::: {#Virtualization_System} | A software product that enables | | ::: {#Virtualization_System} | A software product that enables | | Virtualization System | multiple independent computing | | Virtualization System | multiple independent computing | | ([VS](#abbr_VS)) | systems to execute on the same | | ([VS](#abbr_VS)) | systems to execute on the same | | ::: | physical hardware platform | | ::: | physical hardware platform | | | without interference from one | | | without interference from one | | | other. | | | other. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ 1.3 TOE Overview {#TOEdescription .indexable data-level="2"} 1.3 TOE Overview {#TOEdescription .indexable data-level="2"} ---------------- ---------------- This Protection Profile for General-Purpose Computing Platforms This Protection Profile for General-Purpose Computing Platforms ([GPCP](#abbr_GPCP)) specifies security requirements for general-purpose ([GPCP](#abbr_GPCP)) specifies security requirements for general-purpose computing platforms. A [GPCP](#abbr_GPCP) is is a hardware device that computing platforms. A [GPCP](#abbr_GPCP) is is a hardware device that is capable of hosting one or more general-purpose operating systems as is capable of hosting one or more general-purpose operating systems as defined by the Protection Profile for General Purpose Operating Systems, defined by the Protection Profile for General Purpose Operating Systems, one or more virtualization systems as defined by the Protection Profile one or more virtualization systems as defined by the Protection Profile for Virtualization, or more than one application. Typical platform for Virtualization, or more than one application. Typical platform implementations include servers, PC clients, laptops, and tablets. implementations include servers, PC clients, laptops, and tablets. Mobile Device platforms as defined in the Protection Profile for Mobile Mobile Device platforms as defined in the Protection Profile for Mobile Device Fundamentals and Network Device platforms as defined in the Device Fundamentals and Network Device platforms as defined in the collaborative Protection Profile for Network Devices are out of scope of collaborative Protection Profile for Network Devices are out of scope of this [PP](#abbr_PP). Mobile Device and Network Device platforms must be this [PP](#abbr_PP). Mobile Device and Network Device platforms must be evaluated against the more specific requirements in their respective evaluated against the more specific requirements in their respective specialized PPs. specialized PPs. The core security features of GPCPs include protected firmware and a The core security features of GPCPs include protected firmware and a boot integrity processes. Platform firmware must be protected such that boot integrity processes. Platform firmware must be protected such that it is not permitted to execute if it has been modified outside of it is not permitted to execute if it has been modified outside of authorized and authenticated update processes. Other use-case-specific authorized and authenticated update processes. Other use-case-specific features include audit capabilities, Administrator authentication, and features include audit capabilities, Administrator authentication, and protections against physical tampering. protections against physical tampering. ### 1.3.1 TOE Boundary {#TOEboundary .indexable data-level="3"} ### 1.3.1 TOE Boundary {#TOEboundary .indexable data-level="3"} The [TOE](#abbr_TOE) comprises the hardware and firmware necessary for The [TOE](#abbr_TOE) comprises the hardware and firmware necessary for the hosting of tenant software. Generally, tenant software is an the hosting of tenant software. Generally, tenant software is an operating system or virtualization system, but may also be operating system or virtualization system, but may also be \"bare-metal\" applications. Tenant software is outside the \"bare-metal\" applications. Tenant software is outside the [TOE](#abbr_TOE) boundary. [TOE](#abbr_TOE) boundary. For example, for a PC Client platform, the hardware and firmware For example, for a PC Client platform, the hardware and firmware responsible for booting the platform and operation of platform devices responsible for booting the platform and operation of platform devices (such as BIOS, device controller firmware, and platform management (such as BIOS, device controller firmware, and platform management firmware would all be included in the [TOE](#abbr_TOE). Operating firmware would all be included in the [TOE](#abbr_TOE). Operating systems and application software is outside the [TOE](#abbr_TOE). systems and application software is outside the [TOE](#abbr_TOE). For server-class hardware, any management controller responsible for For server-class hardware, any management controller responsible for updating platform firmware (such as a baseboard management controller) updating platform firmware (such as a baseboard management controller) is expressly included within the [TOE](#abbr_TOE). is expressly included within the [TOE](#abbr_TOE). ::: {#figure-toe .figure} ::: {#figure-toe .figure} ![](images/arch.png){#toe}\ ![](images/arch.png){#toe}\ [Figure [1]{.counter}]{.ctr data-myid="toe" [Figure [1]{.counter}]{.ctr data-myid="toe" data-counter-type="ct-figure"}: High-Level Architecture of a Generic data-counter-type="ct-figure"}: High-Level Architecture of a Generic Platform Platform ::: ::: Figure 1 (taken from [NIST SP Figure 1 (taken from [NIST SP 800-193](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-193.pdf)) 800-193](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-193.pdf)) shows a high-level system architecture for a typical generic computing shows a high-level system architecture for a typical generic computing platform. Tenant software (operating system/virtualization system and platform. Tenant software (operating system/virtualization system and applications) is shown in orange. The tenant-specific software applications) is shown in orange. The tenant-specific software responsible for booting the tenant (Master Boot Record, etc.) is shown responsible for booting the tenant (Master Boot Record, etc.) is shown in grey. Platform components are in blue. in grey. Platform components are in blue. In general, the [TOE](#abbr_TOE) consists of the platform components In general, the [TOE](#abbr_TOE) consists of the platform components represented by the blue boxes, along with their associated firmware. Any represented by the blue boxes, along with their associated firmware. Any particular platform may have additional hardware components, or fewer particular platform may have additional hardware components, or fewer than those illustrated. than those illustrated. ### 1.3.2 TOE Operational Environment {#TOEopenv .indexable data-level="3"} ### 1.3.2 TOE Operational Environment {#TOEopenv .indexable data-level="3"} The [TOE](#abbr_TOE) has no platform since it is itself a platform, but The [TOE](#abbr_TOE) has no platform since it is itself a platform, but the [TOE](#abbr_TOE) does have an operational environment. The the [TOE](#abbr_TOE) does have an operational environment. The [OE](#abbr_OE) consists of the physical environment in which the [OE](#abbr_OE) consists of the physical environment in which the [TOE](#abbr_TOE) operates (e.g., data center, enterprise office, [TOE](#abbr_TOE) operates (e.g., data center, enterprise office, vehicle, outdoors) and any networks to which the [TOE](#abbr_TOE) may be vehicle, outdoors) and any networks to which the [TOE](#abbr_TOE) may be connected. Different use cases may invoke different requirements connected. Different use cases may invoke different requirements depending on the operational environment. depending on the operational environment. 1.4 Use Cases {#usecases .indexable data-level="2"} 1.4 Use Cases {#usecases .indexable data-level="2"} ------------- ------------- This Protection Profile supports several use cases. The cases enumerated This Protection Profile supports several use cases. The cases enumerated below add requirements to the baseline for [GPCP](#abbr_GPCP) due to below add requirements to the baseline for [GPCP](#abbr_GPCP) due to additional threats or changes in assumptions about the operational additional threats or changes in assumptions about the operational environment. Use cases not listed below (e.g. consumer-grade desktop environment. Use cases not listed below (e.g. consumer-grade desktop computers) need be evaluated only against the baseline requirements computers) need be evaluated only against the baseline requirements subject to the appropriate selections. subject to the appropriate selections. \[USE CASE 1\] Server-Class Platform, Basic \[USE CASE 1\] Server-Class Platform, Basic : This use case encompasses server-class hardware in a data center. : This use case encompasses server-class hardware in a data center. There are no additional physical protections required because the There are no additional physical protections required because the platform is assumed to be protected by the operational environment platform is assumed to be protected by the operational environment as indicated by [A.PHYSICAL\_PROTECTION](#A.PHYSICAL_PROTECTION). as indicated by [A.PHYSICAL\_PROTECTION](#A.PHYSICAL_PROTECTION). The platform is administered through a management controller that The platform is administered through a management controller that accesses the [MC](#abbr_MC) through a console or remotely. accesses the [MC](#abbr_MC) through a console or remotely. This use case adds audit requirements and Administrator This use case adds audit requirements and Administrator authentication requirements to the base mandatory requirements. authentication requirements to the base mandatory requirements. For changes to included SFRs, selections, and assignments required For changes to included SFRs, selections, and assignments required for this use case, see [G.1 Server-Class Platform, for this use case, see [G.1 Server-Class Platform, Basic](#appendix-uc-server-basic){.dynref}. Basic](#appendix-uc-server-basic){.dynref}. \[USE CASE 2\] Server-Class Platform, Enhanced \[USE CASE 2\] Server-Class Platform, Enhanced : This use case adds physical protections to the base requirements for : This use case adds physical protections to the base requirements for server-class hardware. Additional physical protections are required server-class hardware. Additional physical protections are required because the platform us assumed to be minimally protected by the by because the platform us assumed to be minimally protected by the by the operational environment. This use case can also be invoked for the operational environment. This use case can also be invoked for servers in data centers where there are enhanced security servers in data centers where there are enhanced security requirements. requirements. This use case adds requirements for audit, physical protections, and This use case adds requirements for audit, physical protections, and Administrator authentication to the base mandatory SFRs. It removes Administrator authentication to the base mandatory SFRs. It removes the assumption that the [TOE](#abbr_TOE) is physically protected by the assumption that the [TOE](#abbr_TOE) is physically protected by the [OE](#abbr_OE). the [OE](#abbr_OE). For changes to included SFRs, selections, and assignments required For changes to included SFRs, selections, and assignments required for this use case, see [G.2 Server-Class Platform, for this use case, see [G.2 Server-Class Platform, Enhanced](#appendix-uc-server-enhanced){.dynref}. Enhanced](#appendix-uc-server-enhanced){.dynref}. \[USE CASE 3\] Portable Clients (laptops, tablets), Basic \[USE CASE 3\] Portable Clients (laptops, tablets), Basic : This use case defines the base requirements for portable clients. : This use case defines the base requirements for portable clients. This use case adds no requirements to the base mandatory SFRs. This use case adds no requirements to the base mandatory SFRs. \[USE CASE 4\] Portable Clients (laptops, tablets), Enhanced \[USE CASE 4\] Portable Clients (laptops, tablets), Enhanced : This use case adds physical protections to the base requirements for : This use case adds physical protections to the base requirements for portable clients or end-user devices. It is intended for devices portable clients or end-user devices. It is intended for devices that are used in high-assurance scenarios. that are used in high-assurance scenarios. For changes to included SFRs, selections, and assignments required For changes to included SFRs, selections, and assignments required for this use case, see [G.4 Portable Clients (laptops, tablets), for this use case, see [G.4 Portable Clients (laptops, tablets), Enhanced](#appendix-uc-client-portable-enhanced){.dynref}. Enhanced](#appendix-uc-client-portable-enhanced){.dynref}. \[USE CASE 5\] CSfC EUD \[USE CASE 5\] CSfC EUD : EUDs used in accordance with the [CSfC](#abbr_CSfC) Mobile Access : EUDs used in accordance with the [CSfC](#abbr_CSfC) Mobile Access Capability Package can include smart phones, tablets, and laptops. Capability Package can include smart phones, tablets, and laptops. This use case covers the basic [CSfC](#abbr_CSfC) requirements for This use case covers the basic [CSfC](#abbr_CSfC) requirements for tablet and laptop EUDs (mobile devices are out of scope for this tablet and laptop EUDs (mobile devices are out of scope for this [PP](#abbr_PP)). [PP](#abbr_PP)). Although [CSfC](#abbr_CSfC) requires that users maintain physical Although [CSfC](#abbr_CSfC) requires that users maintain physical control of EUDs at all times, this use case removes the assumption control of EUDs at all times, this use case removes the assumption that the [TOE](#abbr_TOE) is protected by the [OE](#abbr_OE) and that the [TOE](#abbr_TOE) is protected by the [OE](#abbr_OE) and adds requirements for audit and basic tamper detection and adds requirements for audit and basic tamper detection and reporting. reporting. For changes to included SFRs, selections, and assignments required For changes to included SFRs, selections, and assignments required for this use case, see [G.5 CSfC for this use case, see [G.5 CSfC EUD](#appendix-uc-csfc-eud){.dynref}. EUD](#appendix-uc-csfc-eud){.dynref}. \[USE CASE 6\] Tactical EUD \[USE CASE 6\] Tactical EUD : This use case adds requirements for portable end user computing : This use case adds requirements for portable end user computing devices in a tactical environment. devices in a tactical environment. For changes to included SFRs, selections, and assignments required For changes to included SFRs, selections, and assignments required for this use case, see [G.6 Tactical for this use case, see [G.6 Tactical EUD](#appendix-uc-tactical-eud){.dynref}. EUD](#appendix-uc-tactical-eud){.dynref}. \[USE CASE 7\] Enterprise Desktop clients \[USE CASE 7\] Enterprise Desktop clients : This use case covers the requirements for non-portable desktop : This use case covers the requirements for non-portable desktop computing devices in a low-threat enterprise physical environment. computing devices in a low-threat enterprise physical environment. This use case adds only audit to the base mandatory SFRs. This use case adds only audit to the base mandatory SFRs. For changes to included SFRs, selections, and assignments required For changes to included SFRs, selections, and assignments required for this use case, see [G.7 Enterprise Desktop for this use case, see [G.7 Enterprise Desktop clients](#appendix-uc-ent-clients-desktop){.dynref}. clients](#appendix-uc-ent-clients-desktop){.dynref}. \[USE CASE 8\] IoT Devices \[USE CASE 8\] IoT Devices : [IoT](#abbr_IoT) devices are field-located devices without human : [IoT](#abbr_IoT) devices are field-located devices without human interfaces when in normal operation. In order to qualify for interfaces when in normal operation. In order to qualify for evaluation under this [PP](#abbr_PP), the device must meet the basic evaluation under this [PP](#abbr_PP), the device must meet the basic criteria for a general-purpose platform, and not meet the criteria for a general-purpose platform, and not meet the requirements for a mobile device or network device. requirements for a mobile device or network device. For changes to included SFRs, selections, and assignments required For changes to included SFRs, selections, and assignments required for this use case, see [G.8 IoT for this use case, see [G.8 IoT Devices](#appendix-uc-iot-device){.dynref}. Devices](#appendix-uc-iot-device){.dynref}. 1.5 Roles {#roles .indexable data-level="2"} 1.5 Roles {#roles .indexable data-level="2"} --------- --------- For purposes of these requirements there are two entities that interact For purposes of these requirements there are two entities that interact with a general-purpose computing platform: with a general-purpose computing platform: 1. Users (unprivileged users) 1. Users (unprivileged users) 2. Administrators (privileged users) 2. Administrators (privileged users) Users are humans who interact with the platform through user interfaces. Users are humans who interact with the platform through user interfaces. They usually have to authenticate themselves to tenant software (e.g. an They usually have to authenticate themselves to tenant software (e.g. an operating system), but generally not to the platform itself. Throughout operating system), but generally not to the platform itself. Throughout this document the term \"user\" refers generally to a person interacting this document the term \"user\" refers generally to a person interacting with the platform. with the platform. Administrators are users who manage the platform through a management Administrators are users who manage the platform through a management interface. The interface may be local or remote to the platform. interface. The interface may be local or remote to the platform. Administrators manage the physical platform, not the [OS](#abbr_OS) Administrators manage the physical platform, not the [OS](#abbr_OS) ([OS](#abbr_OS) Administrators would be classified as platform Users). ([OS](#abbr_OS) Administrators would be classified as platform Users). Administrators must be authenticated to the platform before the platform Administrators must be authenticated to the platform before the platform can allow them to perform administrative functions. For an can allow them to perform administrative functions. For an [EUD](#abbr_EUD), this could be accomplished through an interface [EUD](#abbr_EUD), this could be accomplished through an interface implemented in firmware. For server-class hardware, the management implemented in firmware. For server-class hardware, the management interface could be implemented in a management controller that is part interface could be implemented in a management controller that is part of the platform. Administrators are assumed to be acting in the best of the platform. Administrators are assumed to be acting in the best interests of the platform owner. interests of the platform owner. Tenant Software generally consists of an operating system, Tenant Software generally consists of an operating system, virtualization system, or application that uses platform resources to virtualization system, or application that uses platform resources to run workloads on behalf of Users. Tenant software generally has the run workloads on behalf of Users. Tenant software generally has the privilege of the User or Administrator in whose context it runs. privilege of the User or Administrator in whose context it runs. 2 Conformance Claims {#ccl .indexable data-level="1"} 2 Conformance Claims {#ccl .indexable data-level="1"} ==================== ==================== Conformance Statement Conformance Statement : A Security Target must claim exact conformance to this Protection : A Security Target must claim exact conformance to this Protection Profile, as defined in the [CC](#abbr_CC) and [CEM](#abbr_CEM) Profile, as defined in the [CC](#abbr_CC) and [CEM](#abbr_CEM) addenda for Exact Conformance, Selection-Based SFRs, and Optional addenda for Exact Conformance, Selection-Based SFRs, and Optional SFRs (dated May 2017). SFRs (dated May 2017). CC Conformance Claims CC Conformance Claims : This [PP](#abbr_PP) is conformant to Parts 2 (Extended) and 3 : This [PP](#abbr_PP) is conformant to Parts 2 (Extended) and 3 (Extended) of Common Criteria Version 3.1, Release 5 (Extended) of Common Criteria Version 3.1, Release 5 \[[CC](#abbr_CC)\]. \[[CC](#abbr_CC)\]. PP Claim PP Claim : This [PP](#abbr_PP) does not claim conformance to any other : This [PP](#abbr_PP) does not claim conformance to any other [PP](#abbr_PP). [PP](#abbr_PP). Package Claim Package Claim : This [PP](#abbr_PP) is Functional Package for Transport Layer : This [PP](#abbr_PP) is Functional Package for Transport Layer Security ([TLS](#abbr_TLS)), version 1.1 Conformant and Functional Security ([TLS](#abbr_TLS)), version 1.1 Conformant and Functional Package for Secure Shell ([SSH](#abbr_SSH)), version 1.0 Conformant. Package for Secure Shell ([SSH](#abbr_SSH)), version 1.0 Conformant. 3 Security Problem Description {#spd .indexable data-level="1"} 3 Security Problem Description {#spd .indexable data-level="1"} ============================== ============================== The security problem is described in terms of the threats that the The security problem is described in terms of the threats that the [GPCP](#abbr_GPCP) is expected to address, assumptions about the [GPCP](#abbr_GPCP) is expected to address, assumptions about the operational environment, and any organizational security policies that operational environment, and any organizational security policies that the [GPCP](#abbr_GPCP) is expected to enforce. the [GPCP](#abbr_GPCP) is expected to enforce. The platform has three major security responsibilities: The platform has three major security responsibilities: - ensuring the integrity of its own firmware and hardware - ensuring the integrity of its own firmware and hardware - ensuring that it is resilient - ensuring that it is resilient - providing security services to tenant workloads - providing security services to tenant workloads These responsibilities manifest as protecting: These responsibilities manifest as protecting: - Platform firmware and hardware - Platform firmware and hardware - Platform firmware updates - Platform firmware updates - Tenant initialization (boot) - Tenant initialization (boot) 3.1 Threats {#Threats .indexable data-level="2"} 3.1 Threats {#Threats .indexable data-level="2"} ----------- ----------- T.PHYSICAL T.PHYSICAL : An attacker with physical access might be able to compromise : An attacker with physical access might be able to compromise [TOE](#abbr_TOE) integrity, subvert [TOE](#abbr_TOE) protections, or [TOE](#abbr_TOE) integrity, subvert [TOE](#abbr_TOE) protections, or access tenant data through hardware attacks such as probing, access tenant data through hardware attacks such as probing, physical manipulation, fault-injection, side-channel analysis, physical manipulation, fault-injection, side-channel analysis, environmental stress, or activating disabled features or environmental stress, or activating disabled features or pre-delivery services. This threat is addressed by [TOE](#abbr_TOE) pre-delivery services. This threat is addressed by [TOE](#abbr_TOE) Objectives O.PHYSICAL\_SECURITY and Objectives O.PHYSICAL\_SECURITY and [O.ATTACK\_DETECTION\_AND\_RESPONSE](#O.ATTACK_DETECTION_AND_RESPONSE) [O.ATTACK\_DETECTION\_AND\_RESPONSE](#O.ATTACK_DETECTION_AND_RESPONSE) for the use cases listed below. For other use cases, this threat is for the use cases listed below. For other use cases, this threat is mitigated by Operational Environment Objective mitigated by Operational Environment Objective [OE.PHYSICAL\_PROTECTION](#OE.PHYSICAL_PROTECTION) as mapped to [OE.PHYSICAL\_PROTECTION](#OE.PHYSICAL_PROTECTION) as mapped to Assumption [A.PHYSICAL\_PROTECTION](#A.PHYSICAL_PROTECTION). Assumption [A.PHYSICAL\_PROTECTION](#A.PHYSICAL_PROTECTION). - Server-Class Platform, Enhanced - Server-Class Platform, Enhanced - Portable Clients (laptops, tablets), Enhanced - Portable Clients (laptops, tablets), Enhanced - [CSfC](#abbr_CSfC) [EUD](#abbr_EUD) - [CSfC](#abbr_CSfC) [EUD](#abbr_EUD) - Tactical [EUD](#abbr_EUD) - Tactical [EUD](#abbr_EUD) - [IoT](#abbr_IoT) Devices - [IoT](#abbr_IoT) Devices T.SIDE\_CHANNEL\_LEAKAGE T.SIDE\_CHANNEL\_LEAKAGE : An attacker running in a tenant context might be able to leverage : An attacker running in a tenant context might be able to leverage physical effects caused by the operation of the [TOE](#abbr_TOE) to physical effects caused by the operation of the [TOE](#abbr_TOE) to derive sensitive information about other tenants or the derive sensitive information about other tenants or the [TOE](#abbr_TOE). [TOE](#abbr_TOE). T.PERSISTENCE T.PERSISTENCE : An attacker might be able to establish a permanent presence on the : An attacker might be able to establish a permanent presence on the [TOE](#abbr_TOE) in firmware. This could result in permanent [TOE](#abbr_TOE) in firmware. This could result in permanent compromise of tenant information, as well as [TOE](#abbr_TOE) compromise of tenant information, as well as [TOE](#abbr_TOE) updates. This threat does not encompass attacker presence in tenant updates. This threat does not encompass attacker presence in tenant software, as tenant software is not part of the [TOE](#abbr_TOE). software, as tenant software is not part of the [TOE](#abbr_TOE). T.UPDATE\_COMPROMISE T.UPDATE\_COMPROMISE : An attacker may attempt to provide a compromised update of : An attacker may attempt to provide a compromised update of [TOE](#abbr_TOE) firmware. Such updates can undermine the security [TOE](#abbr_TOE) firmware. Such updates can undermine the security functionality of the device if they are unauthorized, functionality of the device if they are unauthorized, unauthenticated, or are improperly validated using non-secure or unauthenticated, or are improperly validated using non-secure or weak cryptography. weak cryptography. T.SECURITY\_FUNCTIONALITY\_FAILURE T.SECURITY\_FUNCTIONALITY\_FAILURE : An attacker could leverage failed or compromised security : An attacker could leverage failed or compromised security functionality to access, change, or modify tenant data, functionality to access, change, or modify tenant data, [TOE](#abbr_TOE) data, or other security functionality of the [TOE](#abbr_TOE) data, or other security functionality of the device. device. T.TENANT\_BASED\_ATTACK T.TENANT\_BASED\_ATTACK : An attacker running software as a tenant can attempt to access or : An attacker running software as a tenant can attempt to access or modify [TOE](#abbr_TOE) firmware or functionality. Note that direct modify [TOE](#abbr_TOE) firmware or functionality. Note that direct tenant attacks against other tenants are not encompassed by this tenant attacks against other tenants are not encompassed by this threat as they are out of scope. threat as they are out of scope. T.NETWORK\_BASED\_ATTACK T.NETWORK\_BASED\_ATTACK : An attacker from off the [TOE](#abbr_TOE) can attempt to compromise : An attacker from off the [TOE](#abbr_TOE) can attempt to compromise the [TOE](#abbr_TOE) through a network interface connected to an the [TOE](#abbr_TOE) through a network interface connected to an active [TOE](#abbr_TOE) component, such as a management subsystem. active [TOE](#abbr_TOE) component, such as a management subsystem. T.UNAUTHORIZED\_RECONFIGURATION T.UNAUTHORIZED\_RECONFIGURATION : An attacker might be able to modify the configuration of the : An attacker might be able to modify the configuration of the [TOE](#abbr_TOE) and alter its functionality. This might include, [TOE](#abbr_TOE) and alter its functionality. This might include, activating dormant subsystems, disabling hardware assists, or activating dormant subsystems, disabling hardware assists, or altering boot-time behaviors. altering boot-time behaviors. T.UNAUTHORIZED\_PLATFORM\_ADMINISTRATOR T.UNAUTHORIZED\_PLATFORM\_ADMINISTRATOR : An attacker might be able to attain platform administrator status by : An attacker might be able to attain platform administrator status by defeating or bypassing authentication measures. defeating or bypassing authentication measures. 3.2 Assumptions {#assumptions .indexable data-level="2"} 3.2 Assumptions {#assumptions .indexable data-level="2"} --------------- --------------- A.PHYSICAL\_PROTECTION A.PHYSICAL\_PROTECTION : The [TOE](#abbr_TOE) is assumed to be physically protected in its : The [TOE](#abbr_TOE) is assumed to be physically protected in its operational environment and thus is not subject to physical attacks operational environment and thus is not subject to physical attacks that could compromise its security or its ability to support the that could compromise its security or its ability to support the security of tenant workloads. This assumption does not apply if the security of tenant workloads. This assumption does not apply if the [TOE](#abbr_TOE) implements any of the below, in which case physical [TOE](#abbr_TOE) implements any of the below, in which case physical protection from the Operational Environment is not assumed and the protection from the Operational Environment is not assumed and the threat [T.PHYSICAL](#T.PHYSICAL) and its associated [TOE](#abbr_TOE) threat [T.PHYSICAL](#T.PHYSICAL) and its associated [TOE](#abbr_TOE) Objectives apply: Objectives apply: - Server-Class Platform, Enhanced - Server-Class Platform, Enhanced - Portable Clients (laptops, tablets), Enhanced - Portable Clients (laptops, tablets), Enhanced - [CSfC](#abbr_CSfC) [EUD](#abbr_EUD) - [CSfC](#abbr_CSfC) [EUD](#abbr_EUD) - Tactical [EUD](#abbr_EUD) - Tactical [EUD](#abbr_EUD) - [IoT](#abbr_IoT) Devices - [IoT](#abbr_IoT) Devices A.ROT\_INTEGRITY A.ROT\_INTEGRITY : The [TOE](#abbr_TOE) includes one or more Roots of Trust composed of : The [TOE](#abbr_TOE) includes one or more Roots of Trust composed of [TOE](#abbr_TOE) firmware, hardware, and pre-installed credentials. [TOE](#abbr_TOE) firmware, hardware, and pre-installed credentials. Roots of Trust are assumed to be free of malicious capabilities as Roots of Trust are assumed to be free of malicious capabilities as their integrity cannot be verified. their integrity cannot be verified. A.TRUSTED\_ADMIN A.TRUSTED\_ADMIN : [TOE](#abbr_TOE) Security Administrator are assumed to be trusted : [TOE](#abbr_TOE) Security Administrator are assumed to be trusted and to act in the best interest of security for the organization. and to act in the best interest of security for the organization. The [TOE](#abbr_TOE) is not expected to be capable of defending The [TOE](#abbr_TOE) is not expected to be capable of defending against a malicious Administrator that actively works to bypass or against a malicious Administrator that actively works to bypass or compromise the security of the platform. compromise the security of the platform. A.MFR\_ROT A.MFR\_ROT : The root signing credential of the manufacturer is assumed to be : The root signing credential of the manufacturer is assumed to be secure and has not been compromised. secure and has not been compromised. A.TRUSTED\_DEVELOPMENT\_AND\_BUILD\_PROCESSES A.TRUSTED\_DEVELOPMENT\_AND\_BUILD\_PROCESSES : The [TOE](#abbr_TOE) cannot protect itself during its own : The [TOE](#abbr_TOE) cannot protect itself during its own development and build processes. Therefore it is assumed that the development and build processes. Therefore it is assumed that the developers and participants in the build process are not hostile. developers and participants in the build process are not hostile. A.SUPPLY\_CHAIN\_SECURITY A.SUPPLY\_CHAIN\_SECURITY : The hardware components that comprise the [TOE](#abbr_TOE) are : The hardware components that comprise the [TOE](#abbr_TOE) are assumed to be non-hostile and not compromised at the time of assumed to be non-hostile and not compromised at the time of [TOE](#abbr_TOE) construction. Likewise, the [TOE](#abbr_TOE) is [TOE](#abbr_TOE) construction. Likewise, the [TOE](#abbr_TOE) is assumed to retain its integrity throughout transportation until assumed to retain its integrity throughout transportation until delivery to its operational site. delivery to its operational site. A.CORRECT\_INITIAL\_CONFIGURATION A.CORRECT\_INITIAL\_CONFIGURATION : It is assumed that the initial setup and configuration of the : It is assumed that the initial setup and configuration of the [TOE](#abbr_TOE) at its operational site is correct and in [TOE](#abbr_TOE) at its operational site is correct and in accordance with organizational security policy and operational use accordance with organizational security policy and operational use case. case. A.TRUSTED\_USERS A.TRUSTED\_USERS : Physically present non-administrative users of the [TOE](#abbr_TOE) : Physically present non-administrative users of the [TOE](#abbr_TOE) are assumed to be trusted as far as they are assumed to not be are assumed to be trusted as far as they are assumed to not be actively trying to subvert the system. (Not for all use cases). actively trying to subvert the system. (Not for all use cases). A.REGULAR\_UPDATES A.REGULAR\_UPDATES : It is assumed that the manufacturer provides updates to : It is assumed that the manufacturer provides updates to [TOE](#abbr_TOE) firmware in a timely manner in response to known [TOE](#abbr_TOE) firmware in a timely manner in response to known vulnerabilities, and that Administrators apply these updates when vulnerabilities, and that Administrators apply these updates when they are received. they are received. 3.3 Organizational Security Policies {#OSPs .indexable data-level="2"} 3.3 Organizational Security Policies {#OSPs .indexable data-level="2"} ------------------------------------ ------------------------------------ This document does not define any additional OSPs. This document does not define any additional OSPs. 4 Security Objectives {#Security_Objectives .indexable data-level="1"} 4 Security Objectives {#Security_Objectives .indexable data-level="1"} ===================== ===================== 4.1 Security Objectives for the TOE {#SecurityObjectivesTOE .indexable data-level="2" 4.1 Security Objectives for the TOE {#SecurityObjectivesTOE .indexable data-level="2" ----------------------------------- ----------------------------------- O.PHYSICAL\_INTEGRITY O.PHYSICAL\_INTEGRITY : The [TOE](#abbr_TOE) must be able to protect the physical platform : The [TOE](#abbr_TOE) must be able to protect the physical platform and interfaces from access by physical means such as probing, and interfaces from access by physical means such as probing, physical manipulation, fault-injection, side-channel analysis, physical manipulation, fault-injection, side-channel analysis, environmental stress, or activating disabled features or environmental stress, or activating disabled features or pre-delivery services. This includes specification of: pre-delivery services. This includes specification of: - Requirements for tamper detection - Requirements for tamper detection - Requirements for disabling or protection of external debug - Requirements for disabling or protection of external debug interfaces interfaces - Requirements for updateability - Requirements for updateability - Requirements for environmental shielding - Requirements for environmental shielding This Objective applies only if the [TOE](#abbr_TOE) implements a use This Objective applies only if the [TOE](#abbr_TOE) implements a use case that addresses the threat [T.PHYSICAL](#T.PHYSICAL). case that addresses the threat [T.PHYSICAL](#T.PHYSICAL). O.ATTACK\_DETECTION\_AND\_RESPONSE O.ATTACK\_DETECTION\_AND\_RESPONSE : The [TOE](#abbr_TOE) must be capable of detecting attempts to : The [TOE](#abbr_TOE) must be capable of detecting attempts to compromise the physical or logical integrity of the [TOE](#abbr_TOE) compromise the physical or logical integrity of the [TOE](#abbr_TOE) and respond by notifying a user or reporting the attempt to an and respond by notifying a user or reporting the attempt to an enterprise security authority. This includes specification of: enterprise security authority. This includes specification of: - Requirements for responses to particular detected events. - Requirements for responses to particular detected events. (resilience, secure state, etc.) (resilience, secure state, etc.) - Requirements for basic auditing capabilities and protection of - Requirements for basic auditing capabilities and protection of audit records. audit records. - Requirements for secure transmission of audit records (if - Requirements for secure transmission of audit records (if applicable) applicable) O.MITIGATE\_FUNDAMENTAL\_FLAWS O.MITIGATE\_FUNDAMENTAL\_FLAWS : The [TOE](#abbr_TOE) must have a capability for mitigating or fixing : The [TOE](#abbr_TOE) must have a capability for mitigating or fixing fundamental flaws through update or some other technical or fundamental flaws through update or some other technical or operational means. This includes specifications of: operational means. This includes specifications of: - Requirements for updateability of [TOE](#abbr_TOE) firmware. - Requirements for updateability of [TOE](#abbr_TOE) firmware. O.PROTECTED\_FIRMWARE O.PROTECTED\_FIRMWARE : [TOE](#abbr_TOE) must ensure that its firmware cannot be modified : [TOE](#abbr_TOE) must ensure that its firmware cannot be modified other than through a non-bypassable trusted update process. This other than through a non-bypassable trusted update process. This ensures the integrity of firmware both during the update process and ensures the integrity of firmware both during the update process and while at rest. This includes specification of: while at rest. This includes specification of: - Requirements for invocation of the trusted update process - Requirements for invocation of the trusted update process - Requirements for non-bypassability of the update process - Requirements for non-bypassability of the update process - Requirements for detection and reporting of attempts to modify - Requirements for detection and reporting of attempts to modify [TOE](#abbr_TOE) firmware outside of the trusted update process. [TOE](#abbr_TOE) firmware outside of the trusted update process. O.UPDATE\_INTEGRITY O.UPDATE\_INTEGRITY : The [TOE](#abbr_TOE) must ensure that updates to [TOE](#abbr_TOE) : The [TOE](#abbr_TOE) must ensure that updates to [TOE](#abbr_TOE) firmware are authorized, authenticated, and properly validated prior firmware are authorized, authenticated, and properly validated prior to installation. This includes specification of: to installation. This includes specification of: - Requirements for protection of updates - Requirements for protection of updates - Requirements for authentication of update packages - Requirements for authentication of update packages - Requirements for management of updates - Requirements for management of updates - Requirements for detection and reporting of update events, - Requirements for detection and reporting of update events, whether authorized or not. whether authorized or not. O.STRONG\_CRYPTOGRAPHY O.STRONG\_CRYPTOGRAPHY : Cryptography must meet the standards required for protection of : Cryptography must meet the standards required for protection of National Security Systems data (in accordance with CNSSP 15, \"Use National Security Systems data (in accordance with CNSSP 15, \"Use of Public Standards for Secure Information Sharing\"). This includes of Public Standards for Secure Information Sharing\"). This includes specification of: specification of: - Requirements for use and configuration of cryptographic - Requirements for use and configuration of cryptographic operations. operations. - Requirements for key generation - Requirements for key generation - Requirements for random bit generation support. - Requirements for random bit generation support. O.SECURITY\_FUNCTIONALITY\_INTEGRITY O.SECURITY\_FUNCTIONALITY\_INTEGRITY : The [TOE](#abbr_TOE) should be able not be able to operate with : The [TOE](#abbr_TOE) should be able not be able to operate with failed or degraded security functionality in such a way as might failed or degraded security functionality in such a way as might compromise the security or integrity of the [TOE](#abbr_TOE) or of compromise the security or integrity of the [TOE](#abbr_TOE) or of [TOE](#abbr_TOE) data. [TOE](#abbr_TOE) data. - Requirements for detection of degraded or failed security - Requirements for detection of degraded or failed security functionality. functionality. - Requirements for protection of platform credentials against - Requirements for protection of platform credentials against compromise (secret keys, passwords, etc.) compromise (secret keys, passwords, etc.) - Requirements for secure destruction of platform credentials (if - Requirements for secure destruction of platform credentials (if applicable) applicable) - Requirements for quality of credentials (password lengths and - Requirements for quality of credentials (password lengths and the like) the like) O.TENANT\_SECURITY O.TENANT\_SECURITY : The [TOE](#abbr_TOE) should provide capabilities and security : The [TOE](#abbr_TOE) should provide capabilities and security services to tenant software to help tenants help themselves. This services to tenant software to help tenants help themselves. This includes specification of: includes specification of: - Requirements for providing cryptographic support to tenants - Requirements for providing cryptographic support to tenants (random bit generation, crypto support instructions). (random bit generation, crypto support instructions). - Requirements for support for separation of tenant workloads - Requirements for support for separation of tenant workloads - Requirements for supporting secure storage of tenant credentials - Requirements for supporting secure storage of tenant credentials - Requirements for supporting secure boot of a tenant operating - Requirements for supporting secure boot of a tenant operating system system O.TRUSTED\_CHANNELS O.TRUSTED\_CHANNELS : The [TOE](#abbr_TOE) must protect certain network communications : The [TOE](#abbr_TOE) must protect certain network communications through guaranteed confidentiality, integrity, and authenticity. through guaranteed confidentiality, integrity, and authenticity. Such traffic includes communications with remote administrators, Such traffic includes communications with remote administrators, audit servers, update servers, and credential managers. This audit servers, update servers, and credential managers. This objective includes specification of: objective includes specification of: - Requirements for the use of secure network protocols - Requirements for the use of secure network protocols - Requirements for the use of public key certificates - Requirements for the use of public key certificates - Requirements for the authentication of endpoints - Requirements for the authentication of endpoints O.CONFIGURATION\_INTEGRITY O.CONFIGURATION\_INTEGRITY : The [TOE](#abbr_TOE) should detect or prevent unauthorized users : The [TOE](#abbr_TOE) should detect or prevent unauthorized users from being able to modify the system configuration. This includes: from being able to modify the system configuration. This includes: - Requirements for authentication of Administrators before - Requirements for authentication of Administrators before application of configuration modifications. application of configuration modifications. - Requirements for detection and reporting of attempts to modify - Requirements for detection and reporting of attempts to modify the [TOE](#abbr_TOE) configuration. the [TOE](#abbr_TOE) configuration. O.AUTHORIZED\_ADMINISTRATOR O.AUTHORIZED\_ADMINISTRATOR : The [TOE](#abbr_TOE) must ensure that Administrative actions can be : The [TOE](#abbr_TOE) must ensure that Administrative actions can be taken only by authorized Administrators. This includes specification taken only by authorized Administrators. This includes specification of: of: - Requirements specifying actions allowable for the Administrator - Requirements specifying actions allowable for the Administrator role role - Requirements for processes for authenticating Administrators - Requirements for processes for authenticating Administrators - Requirements for protection of Administrator credentials - Requirements for protection of Administrator credentials - Requirements for setup and operation of a secure channel for - Requirements for setup and operation of a secure channel for remote administration remote administration - Requirements for management of administrator sessions. - Requirements for management of administrator sessions. 4.2 Security Objectives for the Operational Environment {#SecurityObjectivesTOEorEnvi 4.2 Security Objectives for the Operational Environment {#SecurityObjectivesTOEorEnvi ------------------------------------------------------- ------------------------------------------------------- The following security objectives for the operational environment assist The following security objectives for the operational environment assist the [GPCP](#abbr_GPCP) in correctly providing its security the [GPCP](#abbr_GPCP) in correctly providing its security functionality. These track with the assumptions about the environment. functionality. These track with the assumptions about the environment. OE.PHYSICAL\_PROTECTION OE.PHYSICAL\_PROTECTION : Platforms that operate within data centers or in other : Platforms that operate within data centers or in other access-controlled environments are expected to receive a access-controlled environments are expected to receive a considerable degree of protection from these environments. In considerable degree of protection from these environments. In addition to physical protection, these environments often provide addition to physical protection, these environments often provide malware-detection and behavior-monitoring services for networked malware-detection and behavior-monitoring services for networked computing assets. computing assets. OE.SUPPLY\_CHAIN OE.SUPPLY\_CHAIN : The manufacturer is expected to implement processes to ensure that : The manufacturer is expected to implement processes to ensure that [TOE](#abbr_TOE) hardware and firmware is not compromised between [TOE](#abbr_TOE) hardware and firmware is not compromised between time of [TOE](#abbr_TOE) manufacture and delivery to its operational time of [TOE](#abbr_TOE) manufacture and delivery to its operational site. site. OE.TRUSTED\_ADMIN OE.TRUSTED\_ADMIN : The administrator of the [GPCP](#abbr_GPCP) is not careless, : The administrator of the [GPCP](#abbr_GPCP) is not careless, willfully negligent or hostile, and administers the platform within willfully negligent or hostile, and administers the platform within compliance of enterprise security policy. compliance of enterprise security policy. 4.3 Security Objectives Rationale {#SOR .indexable,h2 data-level="2"} 4.3 Security Objectives Rationale {#SOR .indexable,h2 data-level="2"} --------------------------------- --------------------------------- This section describes how the assumptions, threats, and organizational This section describes how the assumptions, threats, and organizational security policies map to the security objectives. security policies map to the security objectives. [Table [1]{.counter}]{#t-sec-obj-rat .ctr data-myid="t-sec-obj-rat" [Table [1]{.counter}]{#t-sec-obj-rat .ctr data-myid="t-sec-obj-rat" data-counter-type="ct-Table"}: Security Objectives Rationale data-counter-type="ct-Table"}: Security Objectives Rationale Threat, Assumption, or OSP Threat, Assumption, or OSP Security Objectives Security Objectives Rationale Rationale [T.PHYSICAL](#T.PHYSICAL)\ | [T.PHYSICAL](#T.PHYSICAL) [O.PHYSICAL\_INTEGRITY](#O.PHYSICAL_INTEGRITY) | [O.PHYSICAL\_​INTEGRITY](#O.PHYSICAL_INTEGRITY) The threat [T.PHYSICAL](#T.PHYSICAL) is countered by The threat [T.PHYSICAL](#T.PHYSICAL) is countered by [O.PHYSICAL\_INTEGRITY](#O.PHYSICAL_INTEGRITY) as this objective [O.PHYSICAL\_INTEGRITY](#O.PHYSICAL_INTEGRITY) as this objective supports detection or prevention of attempts to compromise the physical supports detection or prevention of attempts to compromise the physical platform. platform. [O.ATTACK\_DETECTION\_AND\_RESPONSE](#O.ATTACK_DETECTION_AND_RESPONSE) | [O.ATTACK\_​DETECTION\_​AND\_​RESPONSE](#O.ATTACK_DETECTION_AND_RESPONSE) The threat [T.PHYSICAL](#T.PHYSICAL) is countered by The threat [T.PHYSICAL](#T.PHYSICAL) is countered by [O.ATTACK\_DETECTION\_AND\_RESPONSE](#O.ATTACK_DETECTION_AND_RESPONSE) [O.ATTACK\_DETECTION\_AND\_RESPONSE](#O.ATTACK_DETECTION_AND_RESPONSE) as this objective supports detection and reporting of attempts to as this objective supports detection and reporting of attempts to compromise the [TOE](#abbr_TOE). compromise the [TOE](#abbr_TOE). [T.SIDE\_CHANNEL\_LEAKAGE](#T.SIDE_CHANNEL_LEAKAGE)\ | [T.SIDE\_​CHANNEL\_​LEAKAGE](#T.SIDE_CHANNEL_LEAKAGE) [O.MITIGATE\_FUNDAMENTAL\_FLAWS](#O.MITIGATE_FUNDAMENTAL_FLAWS) | [O.MITIGATE\_​FUNDAMENTAL\_​FLAWS](#O.MITIGATE_FUNDAMENTAL_FLAWS) The threat [T.SIDE\_CHANNEL\_LEAKAGE](#T.SIDE_CHANNEL_LEAKAGE) is The threat [T.SIDE\_CHANNEL\_LEAKAGE](#T.SIDE_CHANNEL_LEAKAGE) is countered by countered by [O.MITIGATE\_FUNDAMENTAL\_FLAWS](#O.MITIGATE_FUNDAMENTAL_FLAWS) as this [O.MITIGATE\_FUNDAMENTAL\_FLAWS](#O.MITIGATE_FUNDAMENTAL_FLAWS) as this objective supports the remedy of critical flaws through update or other objective supports the remedy of critical flaws through update or other technical or operational means. technical or operational means. [T.PERSISTENCE](#T.PERSISTENCE)\ | [T.PERSISTENCE](#T.PERSISTENCE) [O.PROTECTED\_FIRMWARE](#O.PROTECTED_FIRMWARE) | [O.PROTECTED\_​FIRMWARE](#O.PROTECTED_FIRMWARE) The threat [T.PERSISTENCE](#T.PERSISTENCE) is countered by The threat [T.PERSISTENCE](#T.PERSISTENCE) is countered by [O.PROTECTED\_FIRMWARE](#O.PROTECTED_FIRMWARE) as this objective [O.PROTECTED\_FIRMWARE](#O.PROTECTED_FIRMWARE) as this objective supports maintenance of platform firmware integrity. supports maintenance of platform firmware integrity. [T.UPDATE\_COMPROMISE](#T.UPDATE_COMPROMISE)\ | [T.UPDATE\_​COMPROMISE](#T.UPDATE_COMPROMISE) [O.UPDATE\_INTEGRITY](#O.UPDATE_INTEGRITY) | [O.UPDATE\_​INTEGRITY](#O.UPDATE_INTEGRITY) The threat [T.UPDATE\_COMPROMISE](#T.UPDATE_COMPROMISE) is countered by The threat [T.UPDATE\_COMPROMISE](#T.UPDATE_COMPROMISE) is countered by [O.UPDATE\_INTEGRITY](#O.UPDATE_INTEGRITY) as this objective supports [O.UPDATE\_INTEGRITY](#O.UPDATE_INTEGRITY) as this objective supports ensuring that platform firmware updates are authentic and properly ensuring that platform firmware updates are authentic and properly validated prior to installation. validated prior to installation. [O.STRONG\_CRYPTOGRAPHY](#O.STRONG_CRYPTOGRAPHY) | [O.STRONG\_​CRYPTOGRAPHY](#O.STRONG_CRYPTOGRAPHY) The threat [T.UPDATE\_COMPROMISE](#T.UPDATE_COMPROMISE) is countered by The threat [T.UPDATE\_COMPROMISE](#T.UPDATE_COMPROMISE) is countered by [O.STRONG\_CRYPTOGRAPHY](#O.STRONG_CRYPTOGRAPHY) as this objective [O.STRONG\_CRYPTOGRAPHY](#O.STRONG_CRYPTOGRAPHY) as this objective supports use of proven, standards-based cryptographic mechanisms for supports use of proven, standards-based cryptographic mechanisms for ensuring that updates are authentic and maintain their integrity. ensuring that updates are authentic and maintain their integrity. [O.ATTACK\_DETECTION\_AND\_RESPONSE](#O.ATTACK_DETECTION_AND_RESPONSE) | [O.ATTACK\_​DETECTION\_​AND\_​RESPONSE](#O.ATTACK_DETECTION_AND_RESPONSE) The threat [T.UPDATE\_COMPROMISE](#T.UPDATE_COMPROMISE) is countered by The threat [T.UPDATE\_COMPROMISE](#T.UPDATE_COMPROMISE) is countered by [O.ATTACK\_DETECTION\_AND\_RESPONSE](#O.ATTACK_DETECTION_AND_RESPONSE) [O.ATTACK\_DETECTION\_AND\_RESPONSE](#O.ATTACK_DETECTION_AND_RESPONSE) as this objective supports detection and reporting of attempts to as this objective supports detection and reporting of attempts to compromise the [TOE](#abbr_TOE). compromise the [TOE](#abbr_TOE). [T.SECURITY\_FUNCTIONALITY\_FAILURE](#T.SECURITY_FUNCTIONALITY_FAILURE)\ | [T.SECURITY\_​FUNCTIONALITY\_​FAILURE](#T.SECURITY_FUNCTIONALITY_FAILURE) [O.SECURITY\_FUNCTIONALITY\_INTEGRITY](#O.SECURITY_FUNCTIONALITY_INTEGRITY) | [O.SECURITY\_​FUNCTIONALITY\_​INTEGRITY](#O.SECURITY_FUNCTIONALITY_INTEGRITY) The threat The threat [T.SECURITY\_FUNCTIONALITY\_FAILURE](#T.SECURITY_FUNCTIONALITY_FAILURE) [T.SECURITY\_FUNCTIONALITY\_FAILURE](#T.SECURITY_FUNCTIONALITY_FAILURE) is countered by is countered by [O.SECURITY\_FUNCTIONALITY\_INTEGRITY](#O.SECURITY_FUNCTIONALITY_INTEGRITY) [O.SECURITY\_FUNCTIONALITY\_INTEGRITY](#O.SECURITY_FUNCTIONALITY_INTEGRITY) as this objective supports integrity and proper functioning of security as this objective supports integrity and proper functioning of security functionality. functionality. [T.TENANT\_BASED\_ATTACK](#T.TENANT_BASED_ATTACK)\ | [T.TENANT\_​BASED\_​ATTACK](#T.TENANT_BASED_ATTACK) [O.TENANT\_SECURITY](#O.TENANT_SECURITY) | [O.TENANT\_​SECURITY](#O.TENANT_SECURITY) The threat [T.TENANT\_BASED\_ATTACK](#T.TENANT_BASED_ATTACK) is The threat [T.TENANT\_BASED\_ATTACK](#T.TENANT_BASED_ATTACK) is countered by [O.TENANT\_SECURITY](#O.TENANT_SECURITY) as this objective countered by [O.TENANT\_SECURITY](#O.TENANT_SECURITY) as this objective supports tenant-based security mechanisms to prevent tenant compromise. supports tenant-based security mechanisms to prevent tenant compromise. [T.NETWORK\_BASED\_ATTACK](#T.NETWORK_BASED_ATTACK)\ | [T.NETWORK\_​BASED\_​ATTACK](#T.NETWORK_BASED_ATTACK) [O.TRUSTED\_CHANNELS](#O.TRUSTED_CHANNELS) | [O.TRUSTED\_​CHANNELS](#O.TRUSTED_CHANNELS) The threat [T.NETWORK\_BASED\_ATTACK](#T.NETWORK_BASED_ATTACK) is The threat [T.NETWORK\_BASED\_ATTACK](#T.NETWORK_BASED_ATTACK) is countered by [O.TRUSTED\_CHANNELS](#O.TRUSTED_CHANNELS) as this provides countered by [O.TRUSTED\_CHANNELS](#O.TRUSTED_CHANNELS) as this provides for integrity and confidentiality of transmitted data. for integrity and confidentiality of transmitted data. [T.UNAUTHORIZED\_RECONFIGURATION](#T.UNAUTHORIZED_RECONFIGURATION)\ | [T.UNAUTHORIZED\_​RECONFIGURATION](#T.UNAUTHORIZED_RECONFIGURATION) [O.CONFIGURATION\_INTEGRITY](#O.CONFIGURATION_INTEGRITY) | [O.CONFIGURATION\_​INTEGRITY](#O.CONFIGURATION_INTEGRITY) The threat The threat [T.UNAUTHORIZED\_RECONFIGURATION](#T.UNAUTHORIZED_RECONFIGURATION) is [T.UNAUTHORIZED\_RECONFIGURATION](#T.UNAUTHORIZED_RECONFIGURATION) is countered by [O.CONFIGURATION\_INTEGRITY](#O.CONFIGURATION_INTEGRITY) as countered by [O.CONFIGURATION\_INTEGRITY](#O.CONFIGURATION_INTEGRITY) as this provides for integrity of platform configuration. this provides for integrity of platform configuration. [T.UNAUTHORIZED\_PLATFORM\_ADMINISTRATOR](#T.UNAUTHORIZED_PLATFORM_ADMINISTRATOR)\ | [T.UNAUTHORIZED\_​PLATFORM\_​ADMINISTRATOR](#T.UNAUTHORIZED_PLATFORM_ADMINISTRATOR) [O.AUTHORIZED\_ADMINISTRATOR](#O.AUTHORIZED_ADMINISTRATOR) | [O.AUTHORIZED\_​ADMINISTRATOR](#O.AUTHORIZED_ADMINISTRATOR) The threat The threat [T.UNAUTHORIZED\_PLATFORM\_ADMINISTRATOR](#T.UNAUTHORIZED_PLATFORM_ADMINISTRATOR) [T.UNAUTHORIZED\_PLATFORM\_ADMINISTRATOR](#T.UNAUTHORIZED_PLATFORM_ADMINISTRATOR) is countered by is countered by [O.AUTHORIZED\_ADMINISTRATOR](#O.AUTHORIZED_ADMINISTRATOR) as this [O.AUTHORIZED\_ADMINISTRATOR](#O.AUTHORIZED_ADMINISTRATOR) as this provides for authentication of privileged Administrators. provides for authentication of privileged Administrators. [A.PHYSICAL\_PROTECTION](#A.PHYSICAL_PROTECTION)\ | [A.PHYSICAL\_​PROTECTION](#A.PHYSICAL_PROTECTION) [OE.PHYSICAL\_PROTECTION](#OE.PHYSICAL_PROTECTION) | [OE.PHYSICAL\_​PROTECTION](#OE.PHYSICAL_PROTECTION) The operational environment objective The operational environment objective [OE.PHYSICAL\_PROTECTION](#OE.PHYSICAL_PROTECTION) is realized through [OE.PHYSICAL\_PROTECTION](#OE.PHYSICAL_PROTECTION) is realized through [A.PHYSICAL\_PROTECTION](#A.PHYSICAL_PROTECTION). [A.PHYSICAL\_PROTECTION](#A.PHYSICAL_PROTECTION). [A.ROT\_INTEGRITY](#A.ROT_INTEGRITY)\ | [A.ROT\_​INTEGRITY](#A.ROT_INTEGRITY) [OE.SUPPLY\_CHAIN](#OE.SUPPLY_CHAIN) | [OE.SUPPLY\_​CHAIN](#OE.SUPPLY_CHAIN) The operational environment objective The operational environment objective [OE.SUPPLY\_CHAIN](#OE.SUPPLY_CHAIN) is realized through [OE.SUPPLY\_CHAIN](#OE.SUPPLY_CHAIN) is realized through [A.ROT\_INTEGRITY](#A.ROT_INTEGRITY). [A.ROT\_INTEGRITY](#A.ROT_INTEGRITY). [A.TRUSTED\_ADMIN](#A.TRUSTED_ADMIN)\ | [A.TRUSTED\_​ADMIN](#A.TRUSTED_ADMIN) [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) | [OE.TRUSTED\_​ADMIN](#OE.TRUSTED_ADMIN) The operational environment objective The operational environment objective [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) is realized through [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) is realized through [A.TRUSTED\_ADMIN](#A.TRUSTED_ADMIN). [A.TRUSTED\_ADMIN](#A.TRUSTED_ADMIN). [A.MFR\_ROT](#A.MFR_ROT)\ | [A.MFR\_​ROT](#A.MFR_ROT) [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) | [OE.TRUSTED\_​ADMIN](#OE.TRUSTED_ADMIN) The operational environment objective The operational environment objective [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) is realized through [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) is realized through [A.TRUSTED\_ADMIN](#A.TRUSTED_ADMIN). [A.TRUSTED\_ADMIN](#A.TRUSTED_ADMIN). [A.TRUSTED\_DEVELOPMENT\_AND\_BUILD\_PROCESSES](#A.TRUSTED_DEVELOPMENT_AND_BUILD_PROC | [A.TRUSTED\_​DEVELOPMENT\_​AND\_​BUILD\_​PROCESSES](#A.TRUSTED_DEVELOPMENT_AND_BUILD_PROC [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) | [OE.TRUSTED\_​ADMIN](#OE.TRUSTED_ADMIN) The operational environment objective The operational environment objective [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) is realized through [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) is realized through [A.TRUSTED\_ADMIN](#A.TRUSTED_ADMIN). [A.TRUSTED\_ADMIN](#A.TRUSTED_ADMIN). [A.SUPPLY\_CHAIN\_SECURITY](#A.SUPPLY_CHAIN_SECURITY)\ | [A.SUPPLY\_​CHAIN\_​SECURITY](#A.SUPPLY_CHAIN_SECURITY) [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) | [OE.TRUSTED\_​ADMIN](#OE.TRUSTED_ADMIN) The operational environment objective The operational environment objective [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) is realized through [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) is realized through [A.TRUSTED\_ADMIN](#A.TRUSTED_ADMIN). [A.TRUSTED\_ADMIN](#A.TRUSTED_ADMIN). [A.CORRECT\_INITIAL\_CONFIGURATION](#A.CORRECT_INITIAL_CONFIGURATION)\ | [A.CORRECT\_​INITIAL\_​CONFIGURATION](#A.CORRECT_INITIAL_CONFIGURATION) [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) | [OE.TRUSTED\_​ADMIN](#OE.TRUSTED_ADMIN) The operational environment objective The operational environment objective [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) is realized through [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) is realized through [A.TRUSTED\_ADMIN](#A.TRUSTED_ADMIN). [A.TRUSTED\_ADMIN](#A.TRUSTED_ADMIN). [A.TRUSTED\_USERS](#A.TRUSTED_USERS)\ | [A.TRUSTED\_​USERS](#A.TRUSTED_USERS) [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) | [OE.TRUSTED\_​ADMIN](#OE.TRUSTED_ADMIN) The operational environment objective The operational environment objective [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) is realized through [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) is realized through [A.TRUSTED\_ADMIN](#A.TRUSTED_ADMIN). [A.TRUSTED\_ADMIN](#A.TRUSTED_ADMIN). [A.REGULAR\_UPDATES](#A.REGULAR_UPDATES)\ | [A.REGULAR\_​UPDATES](#A.REGULAR_UPDATES) [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) | [OE.TRUSTED\_​ADMIN](#OE.TRUSTED_ADMIN) The operational environment objective The operational environment objective [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) is realized through [OE.TRUSTED\_ADMIN](#OE.TRUSTED_ADMIN) is realized through [A.TRUSTED\_ADMIN](#A.TRUSTED_ADMIN). [A.TRUSTED\_ADMIN](#A.TRUSTED_ADMIN). 5 Security Requirements {#Security_Requirements .indexable data-level="1"} 5 Security Requirements {#Security_Requirements .indexable data-level="1"} ======================= ======================= This chapter describes the security requirements which have to be This chapter describes the security requirements which have to be fulfilled by the product under evaluation. Those requirements comprise fulfilled by the product under evaluation. Those requirements comprise functional components from Part 2 and assurance components from Part 3 functional components from Part 2 and assurance components from Part 3 of [\[CC\]](#bibCC). The following conventions are used for the of [\[CC\]](#bibCC). The following conventions are used for the completion of operations: completion of operations: - **Refinement** operation (denoted by **bold text** or - **Refinement** operation (denoted by **bold text** or ~~strikethrough text~~): is used to add details to a requirement ~~strikethrough text~~): is used to add details to a requirement (including replacing an assignment with a more restrictive (including replacing an assignment with a more restrictive selection) or to remove part of the requirement that is made selection) or to remove part of the requirement that is made irrelevant through the completion of another operation, and thus irrelevant through the completion of another operation, and thus further restricts a requirement. further restricts a requirement. - **Selection** (denoted by *italicized text*): is used to select one - **Selection** (denoted by *italicized text*): is used to select one or more options provided by the \[[CC](#abbr_CC)\] in stating a or more options provided by the \[[CC](#abbr_CC)\] in stating a requirement. requirement. - **Assignment** operation (denoted by [italicized - **Assignment** operation (denoted by [italicized text]{.assignable-content}): is used to assign a specific value to text]{.assignable-content}): is used to assign a specific value to an unspecified parameter, such as the length of a password. Showing an unspecified parameter, such as the length of a password. Showing the value in square brackets indicates assignment. the value in square brackets indicates assignment. - **Iteration** operation: is indicated by appending the - **Iteration** operation: is indicated by appending the [SFR](#abbr_SFR) name with a slash and unique identifier suggesting [SFR](#abbr_SFR) name with a slash and unique identifier suggesting the purpose of the operation, e.g. \"/EXAMPLE1.\" the purpose of the operation, e.g. \"/EXAMPLE1.\" 5.1 Security Functional Requirements {#SFRs .indexable data-level="2"} 5.1 Security Functional Requirements {#SFRs .indexable data-level="2"} ------------------------------------ ------------------------------------ ### 5.1.1 Auditable Events for Mandatory SFRs {#ss-audit-table .indexable data-level= ### 5.1.1 Auditable Events for Mandatory SFRs {#ss-audit-table .indexable data-level= ----------------------------------------------------------------------------------- ----------------------------------------------------------------------------------- Requirement Auditable Events Requirement Auditable Events ----------------------------------- ----------------------------------------------- ----------------------------------- ----------------------------------------------- [FMT\_CFG\_EXT.1](#FMT_CFG_EXT.1) No events specified. [FMT\_CFG\_EXT.1](#FMT_CFG_EXT.1) No events specified. [FMT\_MOF.1](#FMT_MOF.1) No events specified. [FMT\_MOF.1](#FMT_MOF.1) No events specified. [FMT\_SMF.1](#FMT_SMF.1) No events specified. [FMT\_SMF.1](#FMT_SMF.1) No events specified. [FMT\_SMR.1](#FMT_SMR.1) No events specified. [FMT\_SMR.1](#FMT_SMR.1) No events specified. [FPT\_JTA\_EXT.1](#FPT_JTA_EXT.1) No events specified. [FPT\_JTA\_EXT.1](#FPT_JTA_EXT.1) No events specified. [FPT\_PPF\_EXT.1](#FPT_PPF_EXT.1) No events specified. [FPT\_PPF\_EXT.1](#FPT_PPF_EXT.1) No events specified. [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1) No events specified. [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1) No events specified. [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) **\[selection:** *Failure of integrity verifica [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) **\[selection:** *Failure of integrity verifica [FPT\_STM.1](#FPT_STM.1) No events specified. [FPT\_STM.1](#FPT_STM.1) No events specified. [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1) No events specified. [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1) No events specified. ----------------------------------------------------------------------------------- ----------------------------------------------------------------------------------- : [Table [2]{.counter}]{#t-audit-mandatory .ctr : [Table [2]{.counter}]{#t-audit-mandatory .ctr data-myid="t-audit-mandatory" data-counter-type="ct-Table"}: Auditable data-myid="t-audit-mandatory" data-counter-type="ct-Table"}: Auditable Events for Mandatory Requirements Events for Mandatory Requirements ### 5.1.2 Class: Security Management (FMT) {#fmt .indexable data-level="3"} ### 5.1.2 Class: Security Management (FMT) {#fmt .indexable data-level="3"} ::: {#FMT_CFG_EXT.1 .comp} ::: {#FMT_CFG_EXT.1 .comp} #### FMT\_CFG\_EXT.1 Secure by Default Configuration #### FMT\_CFG\_EXT.1 Secure by Default Configuration ::: {.element} ::: {.element} ::: {#FMT_CFG_EXT.1.1 .reqid} ::: {#FMT_CFG_EXT.1.1 .reqid} [FMT\_CFG\_EXT.1.1](#FMT_CFG_EXT.1.1){.abbr} [FMT\_CFG\_EXT.1.1](#FMT_CFG_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall enforce that Administrator credentials be The [TSF](#abbr_TSF) shall enforce that Administrator credentials be changed immediately after first use when configured with default changed immediately after first use when configured with default Administrator credentials or with no Administrator credentials. Administrator credentials or with no Administrator credentials. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ Default credentials are credentials [Application Note: ]{.note-header}[ Default credentials are credentials (e.g., passwords, keys) that are pre-installed (without user (e.g., passwords, keys) that are pre-installed (without user interaction) onto the platform, generally by the manufacturer, whether interaction) onto the platform, generally by the manufacturer, whether they are default values or randomly generated. This requirement applies they are default values or randomly generated. This requirement applies only to credentials used by an Administrator for logging in to the only to credentials used by an Administrator for logging in to the [TOE](#abbr_TOE), and not to other platform credentials that might come [TOE](#abbr_TOE), and not to other platform credentials that might come pre-installed.]{.note} pre-installed.]{.note} ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FMT\_CFG\_EXT.1](#FMT_CFG_EXT.1) [FMT\_CFG\_EXT.1](#FMT_CFG_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall check the [TSS](#abbr_TSS) to determine whether the The evaluator shall check the [TSS](#abbr_TSS) to determine whether the platform comes pre-installed with default Administrator credentials, or platform comes pre-installed with default Administrator credentials, or does not require credentials for initial Administrator access. does not require credentials for initial Administrator access. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to ensure that it describes the The evaluator shall examine the AGD to ensure that it describes the process for replacing or specifying Administrator credentials on first process for replacing or specifying Administrator credentials on first use. use. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: If the platform uses default Administrator credentials or no If the platform uses default Administrator credentials or no Administrator credentials on first use the evaluator shall run the Administrator credentials on first use the evaluator shall run the following tests: following tests: - **Test 1:** The evaluator shall reset the platform to factory state - **Test 1:** The evaluator shall reset the platform to factory state and restart the platform to verify that only the functionality and restart the platform to verify that only the functionality required to set new Administrator credentials is available required to set new Administrator credentials is available immediately after Administrator login. immediately after Administrator login. - **Test 2:** The evaluator shall log in to the platform as - **Test 2:** The evaluator shall log in to the platform as Administrator using the default credentials, establish new Administrator using the default credentials, establish new credentials, and verify that the original default credentials no credentials, and verify that the original default credentials no longer provide Administrative access to the platform. longer provide Administrative access to the platform. ::: ::: ::: ::: ::: ::: ::: {#FMT_MOF.1 .comp} ::: {#FMT_MOF.1 .comp} #### FMT\_MOF.1 Management of Security Functions Behavior #### FMT\_MOF.1 Management of Security Functions Behavior ::: {.element} ::: {.element} ::: {#FMT_MOF.1.1 .reqid} ::: {#FMT_MOF.1.1 .reqid} [FMT\_MOF.1.1](#FMT_MOF.1.1){.abbr} [FMT\_MOF.1.1](#FMT_MOF.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall restrict the ability to \[*determine the The [TSF](#abbr_TSF) shall restrict the ability to \[*determine the behaviour of*\] the functions \[*listed in [Table behaviour of*\] the functions \[*listed in [Table [3]{.counter}](#t-manfunc){.t-manfunc-ref}*\] to \[*the roles indicated [3]{.counter}](#t-manfunc){.t-manfunc-ref}*\] to \[*the roles indicated in [Table [3]{.counter}](#t-manfunc){.t-manfunc-ref}*\]. in [Table [3]{.counter}](#t-manfunc){.t-manfunc-ref}*\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ There are two roles defined in this [Application Note: ]{.note-header}[ There are two roles defined in this [PP](#abbr_PP): Administrator and User (see FIA\_SMR.1). Administrators [PP](#abbr_PP): Administrator and User (see FIA\_SMR.1). Administrators can perform most management functions on the platform, and only can perform most management functions on the platform, and only Administrators are required to authenticate themselves to the Administrators are required to authenticate themselves to the platform.]{.note} platform.]{.note} Users have a limited ability to select responses to certain events as Users have a limited ability to select responses to certain events as specified in the Management Functions table in [FMT\_SMF.1](#FMT_SMF.1). specified in the Management Functions table in [FMT\_SMF.1](#FMT_SMF.1). ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FMT\_MOF.1](#FMT_MOF.1) [FMT\_MOF.1](#FMT_MOF.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall verify that the [TSS](#abbr_TSS) describes those The evaluator shall verify that the [TSS](#abbr_TSS) describes those management functions that may be performed by the Administrator, and management functions that may be performed by the Administrator, and those that can be performed by ordinary users. The [TSS](#abbr_TSS) also those that can be performed by ordinary users. The [TSS](#abbr_TSS) also describes any functionality that is affected by administrator-configured describes any functionality that is affected by administrator-configured policy and how. This activity will be performed in conjunction with policy and how. This activity will be performed in conjunction with [FMT\_SMF.1](#FMT_SMF.1). [FMT\_SMF.1](#FMT_SMF.1). ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: Testing of this [SFR](#abbr_SFR) is covered in the tests for Testing of this [SFR](#abbr_SFR) is covered in the tests for [FMT\_SMF.1](#FMT_SMF.1). [FMT\_SMF.1](#FMT_SMF.1). ::: ::: ::: ::: ::: ::: ::: {#FMT_SMF.1 .comp} ::: {#FMT_SMF.1 .comp} #### FMT\_SMF.1 Specification of Management Functions #### FMT\_SMF.1 Specification of Management Functions ::: {.element} ::: {.element} ::: {#FMT_SMF.1.1 .reqid} ::: {#FMT_SMF.1.1 .reqid} [FMT\_SMF.1.1](#FMT_SMF.1.1){.abbr} [FMT\_SMF.1.1](#FMT_SMF.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall be capable of performing the following The [TSF](#abbr_TSF) shall be capable of performing the following management functions: \[ management functions: \[ **[Table [3]{.counter}: Management Functions]{#t-manfunc .ctr **[Table [3]{.counter}: Management Functions]{#t-manfunc .ctr data-myid="t-manfunc" data-counter-type="ct-Table"}** data-myid="t-manfunc" data-counter-type="ct-Table"}** Status Markers:\ Status Markers:\ M - Mandatory\ M - Mandatory\ O - Optional/Selectable\ O - Optional/Selectable\ X - Not permitted X - Not permitted ----------------------------------------------------------------------------------- ----------------------------------------------------------------------------------- Number Function Admin User Notes Number Function Admin User Notes -------------- ------------------ -------------- -------------- ------------------- -------------- ------------------ -------------- -------------- ------------------- 1 Ability to M X If \"*remotely*\" i 1 Ability to M X If \"*remotely*\" i administer the [FTP\_TRP.1](#FTP_T administer the [FTP\_TRP.1](#FTP_T platform in the [ST](#abbr_S platform in the [ST](#abbr_S \[**selection**: Function 5 must be \[**selection**: Function 5 must be *locally*, *locally*, *remotely*, *not If \"*not at all*\" *remotely*, *not If \"*not at all*\" at all*\] other management fu at all*\] other management fu selected. selected. 2 Ability to O X If [FAU\_GEN.1](#FA 2 Ability to O X If [FAU\_GEN.1](#FA configure and in the [ST](#abbr_S configure and in the [ST](#abbr_S manage the audit function must be se manage the audit function must be se functionality and functionality and audit data audit data 3 Ability to O X If [FAU\_STG\_EXT.1 3 Ability to O X If [FAU\_STG\_EXT.1 configure included in the [ST configure included in the [ST name/address of this function must name/address of this function must audit/logging audit/logging server to which to server to which to send audit/logging send audit/logging records records 4 Ability to review O X If [FAU\_SAR.1](#FA 4 Ability to review O X If [FAU\_SAR.1](#FA audit records. in the [ST](#abbr_S audit records. in the [ST](#abbr_S function must be se function must be se 5 Ability to O X If [FTP\_TRP.1](#FT 5 Ability to O X If [FTP\_TRP.1](#FT initiate a trusted in the [ST](#abbr_S initiate a trusted in the [ST](#abbr_S channel for remote function must me se channel for remote function must me se administration. administration. 6 Ability to set O X If [FIA\_AFL\_EXT.1 6 Ability to set O X If [FIA\_AFL\_EXT.1 parameters for included in the [ST parameters for included in the [ST allowable number this function must allowable number this function must of authentication of authentication failures. failures. 7 Ability to O X If [FIA\_PMG\_EXT.1 7 Ability to O X If [FIA\_PMG\_EXT.1 configure password included in the [ST configure password included in the [ST length and this function must length and this function must complexity. password length and complexity. password length and configurable. configurable. 8 Ability to O X If [FIA\_TRT\_EXT.1 8 Ability to O X If [FIA\_TRT\_EXT.1 configure included in the [ST configure included in the [ST authentication this function must authentication this function must throttling policy. authentication thro throttling policy. authentication thro configurable. configurable. 9 Ability to manage O X If [FIA\_UAU.5](#FI 9 Ability to manage O X If [FIA\_UAU.5](#FI authentication in the [ST](#abbr_S authentication in the [ST](#abbr_S methods and change function must be se methods and change function must be se default authentication meth default authentication meth authorization authorization factors factors 10 Ability to O X If [FIA\_X509\_EXT. 10 Ability to O X If [FIA\_X509\_EXT. configure of is included in the configure of is included in the certificate this function must certificate this function must revocation [TOE](#abbr_TOE) su revocation [TOE](#abbr_TOE) su checking methods. of certificate revo checking methods. of certificate revo methods. methods. 11 Ability to O X If [FIA\_X509\_EXT. 11 Ability to O X If [FIA\_X509\_EXT. configure is included in the configure is included in the [TSF](#abbr_TSF) *allow the administ [TSF](#abbr_TSF) *allow the administ behavior when whether to accept t behavior when whether to accept t certificate these cases*\" is s certificate these cases*\" is s revocation status function must be se revocation status function must be se cannot be cannot be determined. determined. 12 Ability to O X If [FPT\_ROT\_EXT.2 12 Ability to O X If [FPT\_ROT\_EXT.2 configure default [FPT\_ROT\_EXT.3](# configure default [FPT\_ROT\_EXT.3](# action to take on included in the [ST action to take on included in the [ST integrity failure. accordance with integrity failure. accordance with Administrator-confi Administrator-confi selected in selected in [FPT\_ROT\_EXT.2.2] [FPT\_ROT\_EXT.2.2] [FPT\_ROT\_EXT.3.2] [FPT\_ROT\_EXT.3.2] then this function then this function 13 Ability to O X If [FPT\_TUD\_EXT.2 13 Ability to O X If [FPT\_TUD\_EXT.2 configure default [FPT\_TUD\_EXT.3](# configure default [FPT\_TUD\_EXT.3](# action to take on included in the [ST action to take on included in the [ST update failure. accordance with update failure. accordance with Administrator-confi Administrator-confi selected in selected in [FPT\_TUD\_EXT.2.5] [FPT\_TUD\_EXT.2.5] [FPT\_TUD\_EXT.3.4] [FPT\_TUD\_EXT.3.4] then this function then this function 14 Ability to O X If \"*no mechanism 14 Ability to O X If \"*no mechanism initiate the update*\" is select initiate the update*\" is select update process. [FPT\_TUD\_EXT.1.1] update process. [FPT\_TUD\_EXT.1.1] then this function then this function 15 Ability to O O If [FPT\_TUD\_EXT.2 15 Ability to O O If [FPT\_TUD\_EXT.2 determine the [FPT\_TUD\_EXT.3](# determine the [FPT\_TUD\_EXT.3](# action to take on included in the [ST action to take on included in the [ST update failure. express determinati update failure. express determinati \[Administrator\]*\ \[Administrator\]*\ [FPT\_TUD\_EXT.2.5] [FPT\_TUD\_EXT.2.5] [FPT\_TUD\_EXT.3.4] [FPT\_TUD\_EXT.3.4] then this function then this function Administrators. If Administrators. If determination of an determination of an selected, then this selected, then this selected for Users. selected for Users. 16 Ability to O O If [FPT\_ROT\_EXT.2 16 Ability to O O If [FPT\_ROT\_EXT.2 determine the [FPT\_ROT\_EXT.3](# determine the [FPT\_ROT\_EXT.3](# action to take on included in the [ST action to take on included in the [ST integrity check express determinati integrity check express determinati failure. \[Administrator\]*\ failure. \[Administrator\]*\ [FPT\_ROT\_EXT.2.2] [FPT\_ROT\_EXT.2.2] [FPT\_ROT\_EXT.3.2] [FPT\_ROT\_EXT.3.2] then this function then this function Administrators. If Administrators. If determination of an determination of an selected, then this selected, then this selected for Users. selected for Users. 17 Ability to manage O X If [FCS\_STG\_EXT.1 17 Ability to manage O X If [FCS\_STG\_EXT.1 import and export included in the [ST import and export included in the [ST keys/secrets to this function must keys/secrets to this function must and from protected and from protected storage. storage. ----------------------------------------------------------------------------------- ----------------------------------------------------------------------------------- \ \ \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ Note that all Administrator [Application Note: ]{.note-header}[ Note that all Administrator management functions except Function 1 are indicated as management functions except Function 1 are indicated as \"Optional/Selectable.\" These functions become Mandatory or Selectable \"Optional/Selectable.\" These functions become Mandatory or Selectable as indicated in the Notes.]{.note} as indicated in the Notes.]{.note} Administration is considered "local" if the Administrator is physically Administration is considered "local" if the Administrator is physically present at the [GPCP](#abbr_GPCP). present at the [GPCP](#abbr_GPCP). Administration is considered "remote" if communications between the Administration is considered "remote" if communications between the Administrator and [GPCP](#abbr_GPCP) is over a network. Administrator and [GPCP](#abbr_GPCP) is over a network. \"*Not at all*\" is the proper selection for Function 1 only in the case \"*Not at all*\" is the proper selection for Function 1 only in the case where the [GPCP](#abbr_GPCP) is incapable of being Administered at all. where the [GPCP](#abbr_GPCP) is incapable of being Administered at all. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FMT\_SMF.1](#FMT_SMF.1) [FMT\_SMF.1](#FMT_SMF.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to ensure that it The evaluator shall examine the [TSS](#abbr_TSS) to ensure that it describes each management function and its associated actions. describes each management function and its associated actions. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to ensure that it describes how the The evaluator shall examine the AGD to ensure that it describes how the Administrator performs each management function that the [ST](#abbr_ST) Administrator performs each management function that the [ST](#abbr_ST) claims the [TOE](#abbr_TOE) supports. claims the [TOE](#abbr_TOE) supports. The evaluator shall verify for each claimed management function that the The evaluator shall verify for each claimed management function that the guidance is sufficiently detailed to allow the function to be performed. guidance is sufficiently detailed to allow the function to be performed. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall test each management function included in the The evaluator shall test each management function included in the [ST](#abbr_ST) to demonstrate that the function can be performed only by [ST](#abbr_ST) to demonstrate that the function can be performed only by the roles indicated in [Table [3]{.counter}](#t-manfunc){.t-manfunc-ref} the roles indicated in [Table [3]{.counter}](#t-manfunc){.t-manfunc-ref} and the result of the function is demonstrated. and the result of the function is demonstrated. ::: ::: ::: ::: ::: ::: ::: {#FMT_SMR.1 .comp} ::: {#FMT_SMR.1 .comp} #### FMT\_SMR.1 Security Roles #### FMT\_SMR.1 Security Roles ::: {.element} ::: {.element} ::: {#FMT_SMR.1.1 .reqid} ::: {#FMT_SMR.1.1 .reqid} [FMT\_SMR.1.1](#FMT_SMR.1.1){.abbr} [FMT\_SMR.1.1](#FMT_SMR.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall maintain the roles \[*User* and The [TSF](#abbr_TSF) shall maintain the roles \[*User* and \[**selection**: *Administrator*, *no other roles*\]\]. \[**selection**: *Administrator*, *no other roles*\]\]. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FMT_SMR.1.2 .reqid} ::: {#FMT_SMR.1.2 .reqid} [FMT\_SMR.1.2](#FMT_SMR.1.2){.abbr} [FMT\_SMR.1.2](#FMT_SMR.1.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall be able to associate users with roles. The [TSF](#abbr_TSF) shall be able to associate users with roles. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ If \"*Administrator*\" is selected, [Application Note: ]{.note-header}[ If \"*Administrator*\" is selected, then the user authentication SFRs in FIA must be claimed.]{.note} then the user authentication SFRs in FIA must be claimed.]{.note} A User is a human who interacts with the [GPCP](#abbr_GPCP) through a A User is a human who interacts with the [GPCP](#abbr_GPCP) through a user interface. Users do not authenticate themselves to the user interface. Users do not authenticate themselves to the [GPCP](#abbr_GPCP), though they may be authenticated by tenant software. [GPCP](#abbr_GPCP), though they may be authenticated by tenant software. The User role is considered to exist even if no humans normally interact The User role is considered to exist even if no humans normally interact with a [GPCP](#abbr_GPCP). with a [GPCP](#abbr_GPCP). An Administrator is a privileged user that must be authenticated by the An Administrator is a privileged user that must be authenticated by the [GPCP](#abbr_GPCP) in order to administer the [GPCP](#abbr_GPCP). This [GPCP](#abbr_GPCP) in order to administer the [GPCP](#abbr_GPCP). This role is distinct from [OS](#abbr_OS) or [VS](#abbr_VS) administrators, role is distinct from [OS](#abbr_OS) or [VS](#abbr_VS) administrators, who are may are authenticated to tenant software and are considered to who are may are authenticated to tenant software and are considered to be Users in the context of the [GPCP](#abbr_GPCP). be Users in the context of the [GPCP](#abbr_GPCP). ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FMT\_SMR.1](#FMT_SMR.1) [FMT\_SMR.1](#FMT_SMR.1) ::: ::: Documentation and testing for roles is covered in the Evaluation Documentation and testing for roles is covered in the Evaluation Activities for [FMT\_SMF.1](#FMT_SMF.1) Activities for [FMT\_SMF.1](#FMT_SMF.1) ::: ::: ::: ::: ::: ::: ### 5.1.3 Class: Protection of the TSF (FPT) {#fpt .indexable data-level="3"} ### 5.1.3 Class: Protection of the TSF (FPT) {#fpt .indexable data-level="3"} ::: {#FPT_JTA_EXT.1 .comp} ::: {#FPT_JTA_EXT.1 .comp} #### FPT\_JTA\_EXT.1 JTAG/Debug Port Access #### FPT\_JTA\_EXT.1 JTAG/Debug Port Access ::: {.element} ::: {.element} ::: {#FPT_JTA_EXT.1.1 .reqid} ::: {#FPT_JTA_EXT.1.1 .reqid} [FPT\_JTA\_EXT.1.1](#FPT_JTA_EXT.1.1){.abbr} [FPT\_JTA\_EXT.1.1](#FPT_JTA_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall allow access to [JTAG](#abbr_JTAG) or other The [TSF](#abbr_TSF) shall allow access to [JTAG](#abbr_JTAG) or other debug ports only to an authorized Administrator through platform debug ports only to an authorized Administrator through platform firmware or through assertion of physical presence. firmware or through assertion of physical presence. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This requirement means that [Application Note: ]{.note-header}[ This requirement means that [JTAG](#abbr_JTAG) ports may not be accessible to tenant [JTAG](#abbr_JTAG) ports may not be accessible to tenant software.]{.note} software.]{.note} For use cases that include the threat [T.PHYSICAL](#T.PHYSICAL), For use cases that include the threat [T.PHYSICAL](#T.PHYSICAL), [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) should also be included in the [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) should also be included in the [ST](#abbr_ST). [ST](#abbr_ST). ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FPT\_JTA\_EXT.1](#FPT_JTA_EXT.1) [FPT\_JTA\_EXT.1](#FPT_JTA_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to determine how access The evaluator shall examine the [TSS](#abbr_TSS) to determine how access to the [JTAG](#abbr_JTAG) or debug ports is denied to tenant software. to the [JTAG](#abbr_JTAG) or debug ports is denied to tenant software. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to ensure that it describes how The evaluator shall examine the AGD to ensure that it describes how Administrators assert physical presence to the [TSF](#abbr_TSF). Administrators assert physical presence to the [TSF](#abbr_TSF). ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following tests: The evaluator shall perform the following tests: - **Test 1:** The evaluator shall attempt to access the debug port - **Test 1:** The evaluator shall attempt to access the debug port without authenticating as an Administrator. The attempt should fail. without authenticating as an Administrator. The attempt should fail. - **Test 2:** The evaluator shall authenticate as an Administrator and - **Test 2:** The evaluator shall authenticate as an Administrator and then attempt to access the debug port. The attempt should succeed. then attempt to access the debug port. The attempt should succeed. ::: ::: ::: ::: ::: ::: ::: {#FPT_PPF_EXT.1 .comp} ::: {#FPT_PPF_EXT.1 .comp} #### FPT\_PPF\_EXT.1 Protection of Platform Firmware and Critical Data #### FPT\_PPF\_EXT.1 Protection of Platform Firmware and Critical Data ::: {.element} ::: {.element} ::: {#FPT_PPF_EXT.1.1 .reqid} ::: {#FPT_PPF_EXT.1.1 .reqid} [FPT\_PPF\_EXT.1.1](#FPT_PPF_EXT.1.1){.abbr} [FPT\_PPF\_EXT.1.1](#FPT_PPF_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall allow modification of platform firmware only The [TSF](#abbr_TSF) shall allow modification of platform firmware only through the update mechanisms described in through the update mechanisms described in [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1). [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1). ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ Platform firmware must be modifiable [Application Note: ]{.note-header}[ Platform firmware must be modifiable only through one of the secure update mechanisms specified in only through one of the secure update mechanisms specified in [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1). If the update mechanism itself is [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1). If the update mechanism itself is implemented in platform firmware, then naturally, it must itself also be implemented in platform firmware, then naturally, it must itself also be modifiable only through the secure update mechanism. Configuration data modifiable only through the secure update mechanism. Configuration data used by platform firmware that is stored in nonvolatile memory is not used by platform firmware that is stored in nonvolatile memory is not included in these protections. Executable portions of the included in these protections. Executable portions of the [TSF](#abbr_TSF) and data critical for ensuring the integrity of the [TSF](#abbr_TSF) and data critical for ensuring the integrity of the [TSF](#abbr_TSF) are included in these protections. Specifically, this [TSF](#abbr_TSF) are included in these protections. Specifically, this includes the key store and the signature verification algorithm used by includes the key store and the signature verification algorithm used by the update mechanisms. ]{.note} the update mechanisms. ]{.note} ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FPT\_PPF\_EXT.1](#FPT_PPF_EXT.1) [FPT\_PPF\_EXT.1](#FPT_PPF_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to ensure that it The evaluator shall examine the [TSS](#abbr_TSS) to ensure that it explains how the various areas of platform firmware and critical data explains how the various areas of platform firmware and critical data are protected from modification outside of the platform firmware update are protected from modification outside of the platform firmware update mechanism described in [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1). If the mechanism described in [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1). If the [TOE](#abbr_TOE) implements an authenticated update mechanism as [TOE](#abbr_TOE) implements an authenticated update mechanism as specified in [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2), then the evaluator shall specified in [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2), then the evaluator shall ensure that the [TSS](#abbr_TSS) describes specifically how the ensure that the [TSS](#abbr_TSS) describes specifically how the signature verification code and key store is protected from update signature verification code and key store is protected from update outside of the secure platform firmware update mechanism. outside of the secure platform firmware update mechanism. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall check the AGD to ensure that there are instructions The evaluator shall check the AGD to ensure that there are instructions for how to securely modify the platform firmware and critical data using for how to securely modify the platform firmware and critical data using a mechanism specified in [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1). a mechanism specified in [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1). ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following test: The evaluator shall perform the following test: The evaluator shall attempt to overwrite or modify the platform firmware The evaluator shall attempt to overwrite or modify the platform firmware without invoking one of the update mechanisms specified in without invoking one of the update mechanisms specified in [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1) (e.g., using a modified Linux boot [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1) (e.g., using a modified Linux boot loader such as GRUB that attempts to write to the memory where platform loader such as GRUB that attempts to write to the memory where platform firmware is stored). The test succeeds if the attempts to overwrite firmware is stored). The test succeeds if the attempts to overwrite platform firmware fail. The evaluator shall attempt at least two such platform firmware fail. The evaluator shall attempt at least two such tests\--one that attempts to overwrite the first platform firmware that tests\--one that attempts to overwrite the first platform firmware that executes after boot, and one that targets the secure update mechanism executes after boot, and one that targets the secure update mechanism (if implemented), and one that targets firmware that has been (if implemented), and one that targets firmware that has been integrity-checked since the last boot. integrity-checked since the last boot. ::: ::: ::: ::: ::: ::: ::: {#FPT_ROT_EXT.1 .comp} ::: {#FPT_ROT_EXT.1 .comp} #### FPT\_ROT\_EXT.1 Platform Integrity Root #### FPT\_ROT\_EXT.1 Platform Integrity Root ::: {.element} ::: {.element} ::: {#FPT_ROT_EXT.1.1 .reqid} ::: {#FPT_ROT_EXT.1.1 .reqid} [FPT\_ROT\_EXT.1.1](#FPT_ROT_EXT.1.1){.abbr} [FPT\_ROT\_EXT.1.1](#FPT_ROT_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The integrity of platform firmware shall be rooted in \[**selection**: The integrity of platform firmware shall be rooted in \[**selection**: - *code or data written to immutable memory or storage*, - *code or data written to immutable memory or storage*, - *credentials held in immutable storage on-platform or protected - *credentials held in immutable storage on-platform or protected storage off-platform*, storage off-platform*, - *a separate management controller that is itself rooted in a - *a separate management controller that is itself rooted in a mechanism that meets this requirement*, mechanism that meets this requirement*, - *integrity measurements held securely in an on-platform dedicated - *integrity measurements held securely in an on-platform dedicated security component*, security component*, - *integrity measurements held securely by an off-platform entity* - *integrity measurements held securely by an off-platform entity* \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ Roots of Trust are components that [Application Note: ]{.note-header}[ Roots of Trust are components that constitute a set of unconditionally trusted functions. The above are constitute a set of unconditionally trusted functions. The above are acceptable roots of trust for platform firmware integrity.]{.note} acceptable roots of trust for platform firmware integrity.]{.note} The [ST](#abbr_ST) Author must select the root of trust used to ensure The [ST](#abbr_ST) Author must select the root of trust used to ensure the integrity of the first platform firmware that executes. The the integrity of the first platform firmware that executes. The integrity of subsequently executed platform firmware must be traceable integrity of subsequently executed platform firmware must be traceable back to this root or to some other root as specified in back to this root or to some other root as specified in [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2). This [SFR](#abbr_SFR) should be [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2). This [SFR](#abbr_SFR) should be iterated for additional [TOE](#abbr_TOE) roots (for example, a iterated for additional [TOE](#abbr_TOE) roots (for example, a management controller or firmware executed from an add-in card). management controller or firmware executed from an add-in card). Selection of \"*a separate management controller\...*\" implies the Selection of \"*a separate management controller\...*\" implies the existence of an Administrator role. existence of an Administrator role. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1) [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall verify that the [TSS](#abbr_TSS) describes the Root The evaluator shall verify that the [TSS](#abbr_TSS) describes the Root of Trust on which initial integrity of platform firmware is anchored, of Trust on which initial integrity of platform firmware is anchored, consistent with the selection above. The description shall include means consistent with the selection above. The description shall include means by which the Root of Trust is protected from modification. by which the Root of Trust is protected from modification. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: There are no Test evaluation activities for this component. There are no Test evaluation activities for this component. ::: ::: ::: ::: ::: ::: ::: {#FPT_ROT_EXT.2 .comp} ::: {#FPT_ROT_EXT.2 .comp} #### FPT\_ROT\_EXT.2 Platform Integrity Extension #### FPT\_ROT\_EXT.2 Platform Integrity Extension ::: {.element} ::: {.element} ::: {#FPT_ROT_EXT.2.1 .reqid} ::: {#FPT_ROT_EXT.2.1 .reqid} [FPT\_ROT\_EXT.2.1](#FPT_ROT_EXT.2.1){.abbr} [FPT\_ROT\_EXT.2.1](#FPT_ROT_EXT.2.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The integrity of all mutable platform firmware outside of the platform The integrity of all mutable platform firmware outside of the platform integrity root specified in [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1) shall be integrity root specified in [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1) shall be verified prior to execution or use through: \[**selection**: verified prior to execution or use through: \[**selection**: - *computation and verification of a hash by trusted code/data*, - *computation and verification of a hash by trusted code/data*, - *verification of a digital signature by trusted code/data*, - *verification of a digital signature by trusted code/data*, - *measurement and verification by trusted code/data*, - *measurement and verification by trusted code/data*, - *measurement and verification by an on-platform dedicated security - *measurement and verification by an on-platform dedicated security component*, component*, - *measurement and verification by an off-platform entity* - *measurement and verification by an off-platform entity* \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This requirement specifies the means [Application Note: ]{.note-header}[ This requirement specifies the means for extending the initial integrity of platform firmware established by for extending the initial integrity of platform firmware established by [FPT\_ROT\_EXT.1.1](#FPT_ROT_EXT.1.1) to subsequently executed platform [FPT\_ROT\_EXT.1.1](#FPT_ROT_EXT.1.1) to subsequently executed platform firmware and data that is located in mutable storage. (Integrity of code firmware and data that is located in mutable storage. (Integrity of code and data written to immutable storage is assured).]{.note} and data written to immutable storage is assured).]{.note} Otherwise, integrity must be extended through cryptographic means: Otherwise, integrity must be extended through cryptographic means: either through hashes or digital signatures computed and verified by either through hashes or digital signatures computed and verified by firmware that is trusted because it has previously had its integrity firmware that is trusted because it has previously had its integrity verified or is itself a Root of Trust. Verification can be performed by verified or is itself a Root of Trust. Verification can be performed by [TOE](#abbr_TOE) components such as management controllers or non-TOE [TOE](#abbr_TOE) components such as management controllers or non-TOE trusted entities. trusted entities. If \"*computation and verification of a hash by trusted code/data*\" is If \"*computation and verification of a hash by trusted code/data*\" is selected, then [FCS\_COP.1/Hash](#FCS_COP.1/Hash) must be claimed. selected, then [FCS\_COP.1/Hash](#FCS_COP.1/Hash) must be claimed. If \"*verification of a digital signature by trusted code/data*\" is If \"*verification of a digital signature by trusted code/data*\" is selected, then [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) must be claimed. selected, then [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) must be claimed. ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FPT_ROT_EXT.2.2 .reqid} ::: {#FPT_ROT_EXT.2.2 .reqid} [FPT\_ROT\_EXT.2.2](#FPT_ROT_EXT.2.2){.abbr} [FPT\_ROT\_EXT.2.2](#FPT_ROT_EXT.2.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TOE](#abbr_TOE) shall take the following actions if an integrity The [TOE](#abbr_TOE) shall take the following actions if an integrity check specified in [FPT\_ROT\_EXT.2.1](#FPT_ROT_EXT.2.1) fails: check specified in [FPT\_ROT\_EXT.2.1](#FPT_ROT_EXT.2.1) fails: 1. Halt, 1. Halt, 2. Notify an \[**selection**: *Administrator*, *User*\] by 2. Notify an \[**selection**: *Administrator*, *User*\] by \[**selection**: *generating an audit event*, *\[**assignment**: \[**selection**: *generating an audit event*, *\[**assignment**: [other notification method(s)]{.assignable-content}\]*\], and [other notification method(s)]{.assignable-content}\]*\], and 3. \[**selection**: | 3. \[**selection, choose one of**: - *Stop all execution and shut down*, - *Stop all execution and shut down*, - *Initiate a recovery process as specified in - *Initiate a recovery process as specified in [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)* [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)* \] \] \[**selection**: | \[**selection, choose one of**: - *automatically*, - *automatically*, - *in accordance with Administrator-configurable policy*, - *in accordance with Administrator-configurable policy*, - *by express determination of an \[**selection**: *Administrator*, - *by express determination of an \[**selection**: *Administrator*, *User*\]* *User*\]* \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ Notification of an administrator can [Application Note: ]{.note-header}[ Notification of an administrator can take many forms. For server-class platforms, such notification could take many forms. For server-class platforms, such notification could take the form of administrator alerts or audit events. For platforms take the form of administrator alerts or audit events. For platforms without management controllers, notification could be achieved, for without management controllers, notification could be achieved, for example, by blinking lights, beep codes, screen indications, or local example, by blinking lights, beep codes, screen indications, or local logging.]{.note} logging.]{.note} If \"Administrator\" is selected anywhere in If \"Administrator\" is selected anywhere in [FPT\_ROT\_EXT.2.2](#FPT_ROT_EXT.2.2), or if \"in accordance with [FPT\_ROT\_EXT.2.2](#FPT_ROT_EXT.2.2), or if \"in accordance with Administrator-configurable policy\" is selected, then all Administrator Administrator-configurable policy\" is selected, then all Administrator authentication requirements must be included in the [ST](#abbr_ST) authentication requirements must be included in the [ST](#abbr_ST) ([FIA\_UIA\_EXT.1](#FIA_UIA_EXT.1), [FIA\_UAU.5](#FIA_UAU.5), ([FIA\_UIA\_EXT.1](#FIA_UIA_EXT.1), [FIA\_UAU.5](#FIA_UAU.5), [FIA\_PMG\_EXT.1](#FIA_PMG_EXT.1), [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1), [FIA\_PMG\_EXT.1](#FIA_PMG_EXT.1), [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1), [FIA\_UAU.7](#FIA_UAU.7)). If \"*generating an audit event*\" is [FIA\_UAU.7](#FIA_UAU.7)). If \"*generating an audit event*\" is selected, then [FAU\_GEN.1](#FAU_GEN.1), [FAU\_SAR.1](#FAU_SAR.1), selected, then [FAU\_GEN.1](#FAU_GEN.1), [FAU\_SAR.1](#FAU_SAR.1), [FAU\_STG.1](#FAU_STG.1), [FAU\_STG.4](#FAU_STG.4), and [FAU\_STG.1](#FAU_STG.1), [FAU\_STG.4](#FAU_STG.4), and [FAU\_STG\_EXT.1](#FAU_STG_EXT.1) must be included in the [FAU\_STG\_EXT.1](#FAU_STG_EXT.1) must be included in the [ST](#abbr_ST). [ST](#abbr_ST). If \"*computation and verification of a hash by trusted code/data*\" is If \"*computation and verification of a hash by trusted code/data*\" is selected, then [FCS\_COP.1/Hash](#FCS_COP.1/Hash) must be included in selected, then [FCS\_COP.1/Hash](#FCS_COP.1/Hash) must be included in the [ST](#abbr_ST). the [ST](#abbr_ST). If \"*verification of a digital signature by trusted code/data*\" is If \"*verification of a digital signature by trusted code/data*\" is selected, then [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) must be included selected, then [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) must be included in the [ST](#abbr_ST). in the [ST](#abbr_ST). If \"*Initiate a recovery process as specified in If \"*Initiate a recovery process as specified in [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)*\" is selected, then [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)*\" is selected, then [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1) must be included in the [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1) must be included in the [ST](#abbr_ST). [ST](#abbr_ST). If \"*in accordance with administrator-configurable policy*\" is If \"*in accordance with administrator-configurable policy*\" is selected, then FMT\_MOF\_EXT.1 and [FMT\_SMF.1](#FMT_SMF.1) must be selected, then FMT\_MOF\_EXT.1 and [FMT\_SMF.1](#FMT_SMF.1) must be included in the [ST](#abbr_ST). included in the [ST](#abbr_ST). ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall verify that the [TSS](#abbr_TSS) describes the means The evaluator shall verify that the [TSS](#abbr_TSS) describes the means by which initial integrity of platform firmware is extended to other by which initial integrity of platform firmware is extended to other platform components, and that the means are consistent with the platform components, and that the means are consistent with the selection(s) made in [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2). The selection(s) made in [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2). The [TSS](#abbr_TSS) shall also describe how the [TOE](#abbr_TOE) responds [TSS](#abbr_TSS) shall also describe how the [TOE](#abbr_TOE) responds to failure of verification consistent with the selections in to failure of verification consistent with the selections in [FPT\_ROT\_EXT.2.2](#FPT_ROT_EXT.2.2). [FPT\_ROT\_EXT.2.2](#FPT_ROT_EXT.2.2). ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to ensure that it describes the The evaluator shall examine the AGD to ensure that it describes the actions taken and notification methods used in case of failure to actions taken and notification methods used in case of failure to establish the integrity of the platform firmware root. If the actions establish the integrity of the platform firmware root. If the actions are configurable, the AGD shall explain how they are configured. are configurable, the AGD shall explain how they are configured. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall modify the platform firmware in a way that should The evaluator shall modify the platform firmware in a way that should cause a failure of the integrity check. The test passes if the mechanism cause a failure of the integrity check. The test passes if the mechanism specified in [FPT\_ROT\_EXT.2.2](#FPT_ROT_EXT.2.2) is triggered on the specified in [FPT\_ROT\_EXT.2.2](#FPT_ROT_EXT.2.2) is triggered on the first subsequent boot of the platform. first subsequent boot of the platform. Depending on the protections implemented, the evaluator may need a Depending on the protections implemented, the evaluator may need a specially crafted update module from the vendor to perform this test. specially crafted update module from the vendor to perform this test. But note that this is not necessarily the same as a test of the update But note that this is not necessarily the same as a test of the update mechanism. The update mechanism can be tested either at boot time or at mechanism. The update mechanism can be tested either at boot time or at the time of the update. This verification check must be done during the time of the update. This verification check must be done during boot. boot. If modification of platform firmware *in situ* or using the update If modification of platform firmware *in situ* or using the update mechanism is deemed to be not feasible within the time and cost mechanism is deemed to be not feasible within the time and cost constraints of the evaluation, then the evaluator shall make such an constraints of the evaluation, then the evaluator shall make such an argument in the AAR, and with concurrence of the [CC](#abbr_CC) scheme, argument in the AAR, and with concurrence of the [CC](#abbr_CC) scheme, this test can be replaced by evidence of vendor testing. this test can be replaced by evidence of vendor testing. ::: ::: ::: ::: ::: ::: ::: {#FPT_STM.1 .comp} ::: {#FPT_STM.1 .comp} #### FPT\_STM.1 Reliable Time Stamps #### FPT\_STM.1 Reliable Time Stamps ::: {.element} ::: {.element} ::: {#FPT_STM.1.1 .reqid} ::: {#FPT_STM.1.1 .reqid} [FPT\_STM.1.1](#FPT_STM.1.1){.abbr} [FPT\_STM.1.1](#FPT_STM.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall be able to provide reliable time stamps. The [TSF](#abbr_TSF) shall be able to provide reliable time stamps. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ It is acceptable for the [Application Note: ]{.note-header}[ It is acceptable for the [TSF](#abbr_TSF) to provide timestamp data either through an internal [TSF](#abbr_TSF) to provide timestamp data either through an internal clock or a counter. It is also permissible for the [TSF](#abbr_TSF) to clock or a counter. It is also permissible for the [TSF](#abbr_TSF) to obtain time data from a clock contained within the same physical obtain time data from a clock contained within the same physical enclosure as the [TOE](#abbr_TOE).]{.note} enclosure as the [TOE](#abbr_TOE).]{.note} ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FPT\_STM.1](#FPT_STM.1) [FPT\_STM.1](#FPT_STM.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to ensure that it lists The evaluator shall examine the [TSS](#abbr_TSS) to ensure that it lists each security function that makes use of time. The [TSS](#abbr_TSS) each security function that makes use of time. The [TSS](#abbr_TSS) provides a description of how the time is maintained and considered provides a description of how the time is maintained and considered reliable in the context of each of the time related functions. reliable in the context of each of the time related functions. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to ensure it instructs the The evaluator shall examine the AGD to ensure it instructs the Administrator on any mechanisms for configuring the time source. Administrator on any mechanisms for configuring the time source. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following tests: The evaluator shall perform the following tests: \[conditional\] If the [TSF](#abbr_TSF) provides a mechanism to manually \[conditional\] If the [TSF](#abbr_TSF) provides a mechanism to manually set the time, the evaluator shall use the guidance documentation to set set the time, the evaluator shall use the guidance documentation to set the time. The evaluator shall then use an available interface to observe the time. The evaluator shall then use an available interface to observe that the time is reported correctly. that the time is reported correctly. ::: ::: ::: ::: ::: ::: ::: {#FPT_TUD_EXT.1 .comp} ::: {#FPT_TUD_EXT.1 .comp} #### FPT\_TUD\_EXT.1 TOE Firmware Update #### FPT\_TUD\_EXT.1 TOE Firmware Update ::: {.element} ::: {.element} ::: {#FPT_TUD_EXT.1.1 .reqid} ::: {#FPT_TUD_EXT.1.1 .reqid} [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1){.abbr} [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall implement \[**selection**: The [TSF](#abbr_TSF) shall implement \[**selection**: - *no mechanism for platform firmware update*, - *no mechanism for platform firmware update*, - *an authenticated platform firmware update mechanism as described in - *an authenticated platform firmware update mechanism as described in [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2)*, [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2)*, - *a delayed-authentication platform firmware update mechanism as - *a delayed-authentication platform firmware update mechanism as described in [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3)*, described in [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3)*, - *a secure local platform firmware update mechanism described in - *a secure local platform firmware update mechanism described in [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4)* [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4)* \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ The purpose of the platform firmware [Application Note: ]{.note-header}[ The purpose of the platform firmware update mechanism is to ensure the authenticity and integrity of platform update mechanism is to ensure the authenticity and integrity of platform firmware updates. ]{.note} firmware updates. ]{.note} If platform firmware is immutable (not updateable by any non-destructive If platform firmware is immutable (not updateable by any non-destructive means), then the [ST](#abbr_ST) Author selects \"*no mechanism for means), then the [ST](#abbr_ST) Author selects \"*no mechanism for platform firmware update*.\" platform firmware update*.\" If the platform implements an update mechanism that does not require If the platform implements an update mechanism that does not require physical presence at the platform, and that authenticates firmware physical presence at the platform, and that authenticates firmware updates prior to installing them, then the [ST](#abbr_ST) Author selects updates prior to installing them, then the [ST](#abbr_ST) Author selects \"*an authenticated platform firmware update mechanism\...*\" and \"*an authenticated platform firmware update mechanism\...*\" and includes [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) and includes [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) and [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) in the [ST](#abbr_ST). [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) in the [ST](#abbr_ST). If the platform implements an update mechanism that does not require If the platform implements an update mechanism that does not require physical presence at the platform, and that does not authenticate physical presence at the platform, and that does not authenticate firmware updates prior to installing them, then the [ST](#abbr_ST) firmware updates prior to installing them, then the [ST](#abbr_ST) Author selects \"*a delayed-authentication platform firmware update Author selects \"*a delayed-authentication platform firmware update mechanism\...*\" and includes [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) and mechanism\...*\" and includes [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) and [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) in the [ST](#abbr_ST). [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) in the [ST](#abbr_ST). If platform firmware is modifiable only through a local update requiring If platform firmware is modifiable only through a local update requiring physical presence at the platform, then the [ST](#abbr_ST) Author must physical presence at the platform, then the [ST](#abbr_ST) Author must select \"*a secure local platform firmware update mechanism\...*\" and select \"*a secure local platform firmware update mechanism\...*\" and include [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) in the [ST](#abbr_ST). include [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) in the [ST](#abbr_ST). ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1) [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: If the [ST](#abbr_ST) Author selects \"*no provision for platform If the [ST](#abbr_ST) Author selects \"*no provision for platform firmware update*,\" then the evaluator shall examine the firmware update*,\" then the evaluator shall examine the [TSS](#abbr_TSS) to ensure that it explains all ways of modifying [TSS](#abbr_TSS) to ensure that it explains all ways of modifying platform firmware in the absence of any provided mechanism. For example, platform firmware in the absence of any provided mechanism. For example, breaking open the case and prying a chip off the motherboard and then breaking open the case and prying a chip off the motherboard and then reprogramming the chip. The purpose of this activity is to ensure that reprogramming the chip. The purpose of this activity is to ensure that the [TOE](#abbr_TOE) does not implement a local update mechanism that the [TOE](#abbr_TOE) does not implement a local update mechanism that does not meet the requirements of [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4). does not meet the requirements of [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4). This requirement is met if the platform implements no means for updating This requirement is met if the platform implements no means for updating platform firmware and the [TSS](#abbr_TSS) describes a method for platform firmware and the [TSS](#abbr_TSS) describes a method for updating or replacing platform firmware that involves potentially updating or replacing platform firmware that involves potentially destroying or damaging the [TOE](#abbr_TOE) or some of its components. destroying or damaging the [TOE](#abbr_TOE) or some of its components. If the [ST](#abbr_ST) Author selects \"*an authenticated platform If the [ST](#abbr_ST) Author selects \"*an authenticated platform firmware update mechanism\...*,\" then this requirement is satisfied if firmware update mechanism\...*,\" then this requirement is satisfied if [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) is satisfied. [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) is satisfied. If the [ST](#abbr_ST) Author selects \"*a delayed-authentication If the [ST](#abbr_ST) Author selects \"*a delayed-authentication platform firmware update mechanism\...*,\" then this requirement is platform firmware update mechanism\...*,\" then this requirement is satisfied if [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) is satisfied. satisfied if [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) is satisfied. If the [ST](#abbr_ST) Author selects \"*a secure local platform firmware If the [ST](#abbr_ST) Author selects \"*a secure local platform firmware update mechanism\...*,\" then this requirement is satisfied if update mechanism\...*,\" then this requirement is satisfied if [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) is satisfied. [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) is satisfied. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: There are no Test evaluation activities for this component. There are no Test evaluation activities for this component. ::: ::: ::: ::: ::: ::: ### 5.1.4 TOE Security Functional Requirements Rationale {#obj-req-map .indexable dat ### 5.1.4 TOE Security Functional Requirements Rationale {#obj-req-map .indexable dat The following rationale provides justification for each security The following rationale provides justification for each security objective for the [TOE](#abbr_TOE), showing that the SFRs are suitable objective for the [TOE](#abbr_TOE), showing that the SFRs are suitable to meet and achieve the security objectives:\ to meet and achieve the security objectives:\ [Table [4]{.counter}]{#t-obj_map .ctr data-myid="t-obj_map" [Table [4]{.counter}]{#t-obj_map .ctr data-myid="t-obj_map" data-counter-type="ct-Table"}: [SFR](#abbr_SFR) Rationale data-counter-type="ct-Table"}: [SFR](#abbr_SFR) Rationale Objective Objective Addressed by Addressed by Rationale Rationale [O.PHYSICAL\_INTEGRITY](#O.PHYSICAL_INTEGRITY)\ | [O.PHYSICAL\_​INTEGRITY](#O.PHYSICAL_INTEGRITY)\ [FPT\_JTA\_EXT.1](#FPT_JTA_EXT.1) [FPT\_JTA\_EXT.1](#FPT_JTA_EXT.1) Supports the objective through restricting access to debug ports. Supports the objective through restricting access to debug ports. [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1) [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1) Supports the objective through requiring that a [TOE](#abbr_TOE) be Supports the objective through requiring that a [TOE](#abbr_TOE) be either updateable or immutable. either updateable or immutable. [FPT\_ROT\_EXT.3](#FPT_ROT_EXT.3) (objective) [FPT\_ROT\_EXT.3](#FPT_ROT_EXT.3) (objective) Supports the objective through requiring supply chain traceability. Supports the objective through requiring supply chain traceability. [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) (sel-based) [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) (sel-based) Supports the objective through requiring debug ports to be disabled. Supports the objective through requiring debug ports to be disabled. [FPT\_PHP.1](#FPT_PHP.1) (sel-based) [FPT\_PHP.1](#FPT_PHP.1) (sel-based) Supports the objective through passive detection of physical tampering. Supports the objective through passive detection of physical tampering. [FPT\_PHP.2](#FPT_PHP.2) (sel-based) [FPT\_PHP.2](#FPT_PHP.2) (sel-based) Supports the objective through detection and reporting of physical Supports the objective through detection and reporting of physical tampering. tampering. [FPT\_PHP.3](#FPT_PHP.3) (sel-based) [FPT\_PHP.3](#FPT_PHP.3) (sel-based) Supports the objective through resistance to physical tampering. Supports the objective through resistance to physical tampering. [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) (sel-based) [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) (sel-based) Supports the objective through specifying an authenticated firmware Supports the objective through specifying an authenticated firmware update mechanism. update mechanism. [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) (sel-based) [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) (sel-based) Supports the objective through specifying a firmware update mechanism Supports the objective through specifying a firmware update mechanism with delayed authentication. with delayed authentication. [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) (sel-based) [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) (sel-based) Supports the objective through specifying a secure local firmware update Supports the objective through specifying a secure local firmware update mechanism. mechanism. [O.ATTACK\_DETECTION\_AND\_RESPONSE](#O.ATTACK_DETECTION_AND_RESPONSE)\ | [O.ATTACK\_​DETECTION\_​AND\_​RESPONSE](#O.ATTACK_DETECTION_AND_RESPONSE)\ [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) Supports the objective by indicating integrity failures in platform Supports the objective by indicating integrity failures in platform firmware. firmware. [FPT\_STM.1](#FPT_STM.1) [FPT\_STM.1](#FPT_STM.1) Supports the objective by ensuring that audit events are marked with Supports the objective by ensuring that audit events are marked with reliable time stamps. reliable time stamps. [FAU\_GEN.1](#FAU_GEN.1) (sel-based) [FAU\_GEN.1](#FAU_GEN.1) (sel-based) Supports the objective by requiring reporting of security-related audit Supports the objective by requiring reporting of security-related audit events. events. [FAU\_SAR.1](#FAU_SAR.1) (sel-based) [FAU\_SAR.1](#FAU_SAR.1) (sel-based) Supports the objective by requiring that audit events be readable by an Supports the objective by requiring that audit events be readable by an Administrator. Administrator. [FAU\_STG.1](#FAU_STG.1) (sel-based) [FAU\_STG.1](#FAU_STG.1) (sel-based) Supports the objective by requiring that audit records be protected from Supports the objective by requiring that audit records be protected from unauthorized deletion. unauthorized deletion. [FAU\_STG.4](#FAU_STG.4) (sel-based) [FAU\_STG.4](#FAU_STG.4) (sel-based) Supports the objective by requiring that audit records be protected from Supports the objective by requiring that audit records be protected from automatic deletion. automatic deletion. [FAU\_STG\_EXT.1](#FAU_STG_EXT.1) (sel-based) [FAU\_STG\_EXT.1](#FAU_STG_EXT.1) (sel-based) Supports the objective by requiring that audit records be off-loaded to Supports the objective by requiring that audit records be off-loaded to an external [IT](#abbr_IT) entity. an external [IT](#abbr_IT) entity. [FPT\_PHP.1](#FPT_PHP.1) (sel-based) [FPT\_PHP.1](#FPT_PHP.1) (sel-based) Supports the objective through passive detection of physical tampering. Supports the objective through passive detection of physical tampering. [FPT\_PHP.3](#FPT_PHP.3) (sel-based) [FPT\_PHP.3](#FPT_PHP.3) (sel-based) Supports the objective through resistance to physical tampering. Supports the objective through resistance to physical tampering. [O.MITIGATE\_FUNDAMENTAL\_FLAWS](#O.MITIGATE_FUNDAMENTAL_FLAWS)\ | [O.MITIGATE\_​FUNDAMENTAL\_​FLAWS](#O.MITIGATE_FUNDAMENTAL_FLAWS)\ [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1) [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1) Supports the objective through requiring that a [TOE](#abbr_TOE) be Supports the objective through requiring that a [TOE](#abbr_TOE) be either updateable or immutable. either updateable or immutable. [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) (sel-based) [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) (sel-based) Supports the objective through specifying an authenticated firmware Supports the objective through specifying an authenticated firmware update mechanism. update mechanism. [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) (sel-based) [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) (sel-based) Supports the objective through specifying a firmware update mechanism Supports the objective through specifying a firmware update mechanism with delayed authentication. with delayed authentication. [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) (sel-based) [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) (sel-based) Supports the objective through specifying a secure local firmware update Supports the objective through specifying a secure local firmware update mechanism. mechanism. [O.PROTECTED\_FIRMWARE](#O.PROTECTED_FIRMWARE)\ | [O.PROTECTED\_​FIRMWARE](#O.PROTECTED_FIRMWARE)\ [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1) [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1) Supports the objective by ensuring that platform integrity is rooted in Supports the objective by ensuring that platform integrity is rooted in a trust anchor. a trust anchor. [FPT\_PPF\_EXT.1](#FPT_PPF_EXT.1) [FPT\_PPF\_EXT.1](#FPT_PPF_EXT.1) Supports the objective by requiring that platform firmware be modifiable Supports the objective by requiring that platform firmware be modifiable only through the update process. only through the update process. [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1) [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1) Supports the objective through requiring that a [TOE](#abbr_TOE) be Supports the objective through requiring that a [TOE](#abbr_TOE) be either updateable or immutable. either updateable or immutable. [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) (sel-based) [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) (sel-based) Supports the objective by detecting integrity failures in platform Supports the objective by detecting integrity failures in platform firmware. firmware. [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1) (sel-based) [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1) (sel-based) Supports the objective by specifying a means for recovery from a boot Supports the objective by specifying a means for recovery from a boot firmware failure. firmware failure. [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) (sel-based) [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) (sel-based) Supports the objective through specifying an authenticated firmware Supports the objective through specifying an authenticated firmware update mechanism. update mechanism. [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) (sel-based) [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) (sel-based) Supports the objective through specifying a firmware update mechanism Supports the objective through specifying a firmware update mechanism with delayed authentication. with delayed authentication. [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) (sel-based) [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) (sel-based) Supports the objective through specifying a secure local firmware update Supports the objective through specifying a secure local firmware update mechanism. mechanism. [O.UPDATE\_INTEGRITY](#O.UPDATE_INTEGRITY)\ | [O.UPDATE\_​INTEGRITY](#O.UPDATE_INTEGRITY)\ [FPT\_PPF\_EXT.1](#FPT_PPF_EXT.1) [FPT\_PPF\_EXT.1](#FPT_PPF_EXT.1) Supports the objective by requiring that platform firmware be modifiable Supports the objective by requiring that platform firmware be modifiable only through the update process. only through the update process. [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) Supports the objective by validating the integrity of platform firmware Supports the objective by validating the integrity of platform firmware prior to execution. prior to execution. [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1) [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1) Supports the objective through requiring that a [TOE](#abbr_TOE) be Supports the objective through requiring that a [TOE](#abbr_TOE) be either updateable or immutable. either updateable or immutable. [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) (sel-based) [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) (sel-based) Supports the objective through specifying an authenticated firmware Supports the objective through specifying an authenticated firmware update mechanism. update mechanism. [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) (sel-based) [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) (sel-based) Supports the objective through specifying a firmware update mechanism Supports the objective through specifying a firmware update mechanism with delayed authentication. with delayed authentication. [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) (sel-based) [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) (sel-based) Supports the objective through specifying a secure local firmware update Supports the objective through specifying a secure local firmware update mechanism. mechanism. [O.STRONG\_CRYPTOGRAPHY](#O.STRONG_CRYPTOGRAPHY)\ | [O.STRONG\_​CRYPTOGRAPHY](#O.STRONG_CRYPTOGRAPHY)\ [FCS\_SLT\_EXT.1](#FCS_SLT_EXT.1) (optional) [FCS\_SLT\_EXT.1](#FCS_SLT_EXT.1) (optional) Supports the objective by specifying the requirements for cryptographic Supports the objective by specifying the requirements for cryptographic salt generation. salt generation. [FCS\_CKM.1/AK](#FCS_CKM.1/AK) (sel-based/optional) [FCS\_CKM.1/AK](#FCS_CKM.1/AK) (sel-based/optional) Supports the objective by specifying the requirements for generating Supports the objective by specifying the requirements for generating asymmetric keys. asymmetric keys. [FCS\_CKM.1/SK](#FCS_CKM.1/SK) (sel-based/optional) [FCS\_CKM.1/SK](#FCS_CKM.1/SK) (sel-based/optional) Supports the objective by specifying the requirements for generating Supports the objective by specifying the requirements for generating symmetric keys. symmetric keys. [FCS\_CKM.2](#FCS_CKM.2) (sel-based/optional) [FCS\_CKM.2](#FCS_CKM.2) (sel-based/optional) Supports the objective by specifying the requirements for cryptographic Supports the objective by specifying the requirements for cryptographic key establishment. key establishment. [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5) (sel-based/optional) [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5) (sel-based/optional) Supports the objective by specifying the requirements for cryptographic Supports the objective by specifying the requirements for cryptographic key derivation. key derivation. [FCS\_COP.1/Hash](#FCS_COP.1/Hash) (sel-based/optional) [FCS\_COP.1/Hash](#FCS_COP.1/Hash) (sel-based/optional) Supports the objective by specifying the requirements for cryptographic Supports the objective by specifying the requirements for cryptographic hashing. hashing. [FCS\_COP.1/KAT](#FCS_COP.1/KAT) (sel-based/optional) [FCS\_COP.1/KAT](#FCS_COP.1/KAT) (sel-based/optional) Supports the objective by specifying the requirements for key agreement Supports the objective by specifying the requirements for key agreement and transport. and transport. [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) (sel-based/optional) [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) (sel-based/optional) Supports the objective by specifying the requirements for keyed hashes. Supports the objective by specifying the requirements for keyed hashes. [FCS\_COP.1/SigGen](#FCS_COP.1/SigGen) (sel-based/optional) [FCS\_COP.1/SigGen](#FCS_COP.1/SigGen) (sel-based/optional) Supports the objective by specifying the requirements for digital Supports the objective by specifying the requirements for digital signature generation. signature generation. [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) (sel-based/optional) [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) (sel-based/optional) Supports the objective by specifying the requirements for digital Supports the objective by specifying the requirements for digital signature verification. signature verification. [FCS\_COP.1/SKC](#FCS_COP.1/SKC) (sel-based/optional) [FCS\_COP.1/SKC](#FCS_COP.1/SKC) (sel-based/optional) Supports the objective by specifying the requirements for symmetric-key Supports the objective by specifying the requirements for symmetric-key cryptography. cryptography. [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) (sel-based/optional) [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) (sel-based/optional) Supports the objective by specifying the requirements for random-bit Supports the objective by specifying the requirements for random-bit generation services. generation services. [O.SECURITY\_FUNCTIONALITY\_INTEGRITY](#O.SECURITY_FUNCTIONALITY_INTEGRITY)\ | [O.SECURITY\_​FUNCTIONALITY\_​INTEGRITY](#O.SECURITY_FUNCTIONALITY_INTEGRITY)\ [FPT\_PPF\_EXT.1](#FPT_PPF_EXT.1) [FPT\_PPF\_EXT.1](#FPT_PPF_EXT.1) Supports the objective by requiring that platform firmware be modifiable Supports the objective by requiring that platform firmware be modifiable only through the update process. only through the update process. [FCS\_STG\_EXT.1](#FCS_STG_EXT.1) (optional) [FCS\_STG\_EXT.1](#FCS_STG_EXT.1) (optional) Supports the objective by specifying the types of credential storage Supports the objective by specifying the types of credential storage supported by the [TOE](#abbr_TOE). supported by the [TOE](#abbr_TOE). [FCS\_CKM.4](#FCS_CKM.4) (sel-based) [FCS\_CKM.4](#FCS_CKM.4) (sel-based) Supports the objective by specifying the requirements for credential and Supports the objective by specifying the requirements for credential and key destruction. key destruction. [FCS\_CKM\_EXT.4](#FCS_CKM_EXT.4) (sel-based) [FCS\_CKM\_EXT.4](#FCS_CKM_EXT.4) (sel-based) Supports the objective by specifying the timing for credential and key Supports the objective by specifying the timing for credential and key destruction. destruction. [FCS\_STG\_EXT.2](#FCS_STG_EXT.2) (sel-based) [FCS\_STG\_EXT.2](#FCS_STG_EXT.2) (sel-based) Supports the objective by specifying the types of material that must be Supports the objective by specifying the types of material that must be encrypted for storage. encrypted for storage. [FCS\_STG\_EXT.3](#FCS_STG_EXT.3) (sel-based) [FCS\_STG\_EXT.3](#FCS_STG_EXT.3) (sel-based) Supports the objective by specifying the encryption requirements for Supports the objective by specifying the encryption requirements for credential storage. credential storage. [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1) (sel-based) [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1) (sel-based) Supports the objective by specifying the requirements for import of keys Supports the objective by specifying the requirements for import of keys and credentials. and credentials. [O.TENANT\_SECURITY](#O.TENANT_SECURITY)\ | [O.TENANT\_​SECURITY](#O.TENANT_SECURITY)\ [FCS\_ENT\_EXT.1](#FCS_ENT_EXT.1) (optional) [FCS\_ENT\_EXT.1](#FCS_ENT_EXT.1) (optional) Supports the objective by requiring that the [TOE](#abbr_TOE) provide Supports the objective by requiring that the [TOE](#abbr_TOE) provide entropy to tenant software. entropy to tenant software. [FCS\_STG\_EXT.1](#FCS_STG_EXT.1) (optional) [FCS\_STG\_EXT.1](#FCS_STG_EXT.1) (optional) Supports the objective by specifying the types of credential storage Supports the objective by specifying the types of credential storage supported by the [TOE](#abbr_TOE). supported by the [TOE](#abbr_TOE). [FDP\_TEE\_EXT.1](#FDP_TEE_EXT.1) (optional) [FDP\_TEE\_EXT.1](#FDP_TEE_EXT.1) (optional) Supports the objective by specifying the requirements for a trusted Supports the objective by specifying the requirements for a trusted execution environment. execution environment. [FCS\_STG\_EXT.2](#FCS_STG_EXT.2) (sel-based) [FCS\_STG\_EXT.2](#FCS_STG_EXT.2) (sel-based) Supports the objective by specifying the types of material that must be Supports the objective by specifying the types of material that must be encrypted for storage. encrypted for storage. [FCS\_STG\_EXT.3](#FCS_STG_EXT.3) (sel-based) [FCS\_STG\_EXT.3](#FCS_STG_EXT.3) (sel-based) Supports the objective by specifying the encryption requirements for Supports the objective by specifying the encryption requirements for credential storage. credential storage. [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1) (sel-based) [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1) (sel-based) Supports the objective by specifying the requirements for import of keys Supports the objective by specifying the requirements for import of keys and credentials. and credentials. [O.TRUSTED\_CHANNELS](#O.TRUSTED_CHANNELS)\ | [O.TRUSTED\_​CHANNELS](#O.TRUSTED_CHANNELS)\ [FCS\_HTTPS\_EXT.1](#FCS_HTTPS_EXT.1) (sel-based) [FCS\_HTTPS\_EXT.1](#FCS_HTTPS_EXT.1) (sel-based) Supports the objective by specifying requirements for the Supports the objective by specifying requirements for the [HTTPS](#abbr_HTTPS) protocol. [HTTPS](#abbr_HTTPS) protocol. [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) (sel-based) [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) (sel-based) Supports the objective by specifying requirements for the IPSec Supports the objective by specifying requirements for the IPSec protocol. protocol. [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) (sel-based) [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) (sel-based) Supports the objective by specifying how X.509 certificate validation is Supports the objective by specifying how X.509 certificate validation is performed. performed. [FIA\_X509\_EXT.2](#FIA_X509_EXT.2) (sel-based) [FIA\_X509\_EXT.2](#FIA_X509_EXT.2) (sel-based) Supports the objective by specifying how X.509 certificate Supports the objective by specifying how X.509 certificate authentication is performed. authentication is performed. [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1) (sel-based) [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1) (sel-based) Supports the objective by specifying allowable trusted channel Supports the objective by specifying allowable trusted channel protocols. protocols. [FTP\_ITE\_EXT.1](#FTP_ITE_EXT.1) (sel-based) [FTP\_ITE\_EXT.1](#FTP_ITE_EXT.1) (sel-based) Supports the objective by specifying requirements for moving data Supports the objective by specifying requirements for moving data through untrusted channels. through untrusted channels. [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1) (sel-based) [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1) (sel-based) Supports the objective by allowing physically protected communications Supports the objective by allowing physically protected communications channels. channels. [FTP\_TRP.1](#FTP_TRP.1) (sel-based) [FTP\_TRP.1](#FTP_TRP.1) (sel-based) Supports the objective by specifying allowable uses for trusted Supports the objective by specifying allowable uses for trusted channels. channels. [O.CONFIGURATION\_INTEGRITY](#O.CONFIGURATION_INTEGRITY)\ | [O.CONFIGURATION\_​INTEGRITY](#O.CONFIGURATION_INTEGRITY)\ [FMT\_CFG\_EXT.1](#FMT_CFG_EXT.1) [FMT\_CFG\_EXT.1](#FMT_CFG_EXT.1) Supports the objective by requiring that default Administrator Supports the objective by requiring that default Administrator credentials be changed. credentials be changed. [FIA\_UIA\_EXT.1](#FIA_UIA_EXT.1) (sel-based) [FIA\_UIA\_EXT.1](#FIA_UIA_EXT.1) (sel-based) Supports the objective by requiring Administrators be authenticated Supports the objective by requiring Administrators be authenticated before making changes. before making changes. FMT\_MOF\_EXT.1 (sel-based) FMT\_MOF\_EXT.1 (sel-based) Supports the objective by specifying that management functions be Supports the objective by specifying that management functions be performed by Administrators. performed by Administrators. [FMT\_SMF.1](#FMT_SMF.1) (sel-based) [FMT\_SMF.1](#FMT_SMF.1) (sel-based) Supports the objective by specifying the management functions Supports the objective by specifying the management functions implemented by the [TOE](#abbr_TOE). implemented by the [TOE](#abbr_TOE). [FMT\_SMR.1](#FMT_SMR.1) (sel-based) [FMT\_SMR.1](#FMT_SMR.1) (sel-based) Supports the objective by defining the roles of Administrator and User. Supports the objective by defining the roles of Administrator and User. [O.AUTHORIZED\_ADMINISTRATOR](#O.AUTHORIZED_ADMINISTRATOR)\ | [O.AUTHORIZED\_​ADMINISTRATOR](#O.AUTHORIZED_ADMINISTRATOR)\ [FMT\_CFG\_EXT.1](#FMT_CFG_EXT.1) [FMT\_CFG\_EXT.1](#FMT_CFG_EXT.1) Supports the objective by requiring that default Administrator Supports the objective by requiring that default Administrator credentials be changed. credentials be changed. [FIA\_TRT\_EXT.1](#FIA_TRT_EXT.1) (optional) [FIA\_TRT\_EXT.1](#FIA_TRT_EXT.1) (optional) Supports the objective by limiting the number of automated Supports the objective by limiting the number of automated authentication attempts. authentication attempts. [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1) (sel-based) [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1) (sel-based) Supports the objective by requiring that Administrators be Supports the objective by requiring that Administrators be authenticated. authenticated. [FIA\_PMG\_EXT.1](#FIA_PMG_EXT.1) (sel-based) [FIA\_PMG\_EXT.1](#FIA_PMG_EXT.1) (sel-based) Supports the objective by specifying password complexity requirements. Supports the objective by specifying password complexity requirements. [FIA\_UAU.5](#FIA_UAU.5) (sel-based) [FIA\_UAU.5](#FIA_UAU.5) (sel-based) Supports the objective by specifying supported authentication Supports the objective by specifying supported authentication mechanisms. mechanisms. [FIA\_UAU.7](#FIA_UAU.7) (sel-based) [FIA\_UAU.7](#FIA_UAU.7) (sel-based) Supports the objective by requiring that authentication factor feedback Supports the objective by requiring that authentication factor feedback be suppressed. be suppressed. [FIA\_UIA\_EXT.1](#FIA_UIA_EXT.1) (sel-based) [FIA\_UIA\_EXT.1](#FIA_UIA_EXT.1) (sel-based) Supports the objective by requiring Administrators be authenticated Supports the objective by requiring Administrators be authenticated before making changes. before making changes. [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) (sel-based) [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) (sel-based) Supports the objective by specifying how X.509 certificate validation is Supports the objective by specifying how X.509 certificate validation is performed. performed. [FIA\_X509\_EXT.2](#FIA_X509_EXT.2) (sel-based) [FIA\_X509\_EXT.2](#FIA_X509_EXT.2) (sel-based) Supports the objective by specifying how X.509 certificate Supports the objective by specifying how X.509 certificate authentication is performed. authentication is performed. FMT\_MOF\_EXT.1 (sel-based) FMT\_MOF\_EXT.1 (sel-based) Supports the objective by specifying that management functions be Supports the objective by specifying that management functions be performed by Administrators. performed by Administrators. [FMT\_SMF.1](#FMT_SMF.1) (sel-based) [FMT\_SMF.1](#FMT_SMF.1) (sel-based) Supports the objective by specifying the management functions Supports the objective by specifying the management functions implemented by the [TOE](#abbr_TOE). implemented by the [TOE](#abbr_TOE). [FMT\_SMR.1](#FMT_SMR.1) (sel-based) [FMT\_SMR.1](#FMT_SMR.1) (sel-based) Supports the objective by defining the roles of Administrator and User. Supports the objective by defining the roles of Administrator and User. 5.2 Security Assurance Requirements {#SARs .indexable data-level="2"} 5.2 Security Assurance Requirements {#SARs .indexable data-level="2"} ----------------------------------- ----------------------------------- The Security Objectives in [Section 4.1 Security Objectives for the The Security Objectives in [Section 4.1 Security Objectives for the TOE](#SecurityObjectivesTOE){.dynref} were constructed to address TOE](#SecurityObjectivesTOE){.dynref} were constructed to address threats identified in [Section 3.1 Threats](#Threats){.dynref}. The threats identified in [Section 3.1 Threats](#Threats){.dynref}. The Security Functional Requirements (SFRs) in [Section 5.1 Security Security Functional Requirements (SFRs) in [Section 5.1 Security Functional Requirements](#SFRs){.dynref} are a formal instantiation of Functional Requirements](#SFRs){.dynref} are a formal instantiation of the Security Objectives. The [PP](#abbr_PP) identifies the Security the Security Objectives. The [PP](#abbr_PP) identifies the Security Assurance Requirements (SARs) to frame the extent to which the evaluator Assurance Requirements (SARs) to frame the extent to which the evaluator assesses the documentation applicable for the evaluation and performs assesses the documentation applicable for the evaluation and performs independent testing. independent testing. This section lists the set of SARs from [CC](#abbr_CC) part 3 that are This section lists the set of SARs from [CC](#abbr_CC) part 3 that are required in evaluations against this [PP](#abbr_PP). Individual required in evaluations against this [PP](#abbr_PP). Individual Evaluation Activities to be performed are specified both in [Section 5.1 Evaluation Activities to be performed are specified both in [Section 5.1 Security Functional Requirements](#SFRs){.dynref} as well as in this Security Functional Requirements](#SFRs){.dynref} as well as in this section. section. The general model for evaluation of GPCPs against STs written to conform The general model for evaluation of GPCPs against STs written to conform to this [PP](#abbr_PP) is as follows: to this [PP](#abbr_PP) is as follows: After the [ST](#abbr_ST) has been approved for evaluation, the After the [ST](#abbr_ST) has been approved for evaluation, the [ITSEF](#abbr_ITSEF) will obtain the [TOE](#abbr_TOE), supporting [ITSEF](#abbr_ITSEF) will obtain the [TOE](#abbr_TOE), supporting environmental [IT](#abbr_IT), and the administrative/user guides for the environmental [IT](#abbr_IT), and the administrative/user guides for the [TOE](#abbr_TOE). The [ITSEF](#abbr_ITSEF) is expected to perform [TOE](#abbr_TOE). The [ITSEF](#abbr_ITSEF) is expected to perform actions mandated by the Common Evaluation Methodology ([CEM](#abbr_CEM)) actions mandated by the Common Evaluation Methodology ([CEM](#abbr_CEM)) for the ASE and ALC SARs. The [ITSEF](#abbr_ITSEF) also performs the for the ASE and ALC SARs. The [ITSEF](#abbr_ITSEF) also performs the Evaluation Activities contained within [Section 5.1 Security Functional Evaluation Activities contained within [Section 5.1 Security Functional Requirements](#SFRs){.dynref}, which are intended to be an Requirements](#SFRs){.dynref}, which are intended to be an interpretation of the other [CEM](#abbr_CEM) assurance requirements as interpretation of the other [CEM](#abbr_CEM) assurance requirements as they apply to the specific technology instantiated in the they apply to the specific technology instantiated in the [TOE](#abbr_TOE). The Evaluation Activities that are captured in [TOE](#abbr_TOE). The Evaluation Activities that are captured in [Section 5.1 Security Functional Requirements](#SFRs){.dynref} also [Section 5.1 Security Functional Requirements](#SFRs){.dynref} also provide clarification as to what the developer needs to provide to provide clarification as to what the developer needs to provide to demonstrate the [TOE](#abbr_TOE) is compliant with the [PP](#abbr_PP). demonstrate the [TOE](#abbr_TOE) is compliant with the [PP](#abbr_PP). ### 5.2.1 Class ASE: Security Target {#ase .indexable data-level="3"} ### 5.2.1 Class ASE: Security Target {#ase .indexable data-level="3"} As per ASE activities defined in [\[CEM\]](#bibCEM). As per ASE activities defined in [\[CEM\]](#bibCEM). ### 5.2.2 Class ADV: Development {#adv .indexable data-level="3"} ### 5.2.2 Class ADV: Development {#adv .indexable data-level="3"} The information about the [TOE](#abbr_TOE) is contained in the guidance The information about the [TOE](#abbr_TOE) is contained in the guidance documentation available to the end user as well as the [TSS](#abbr_TSS) documentation available to the end user as well as the [TSS](#abbr_TSS) portion of the [ST](#abbr_ST). The [TOE](#abbr_TOE) developer must portion of the [ST](#abbr_ST). The [TOE](#abbr_TOE) developer must concur with the description of the product that is contained in the concur with the description of the product that is contained in the [TSS](#abbr_TSS) as it relates to the functional requirements. The [TSS](#abbr_TSS) as it relates to the functional requirements. The Evaluation Activities contained in [Section 5.1 Security Functional Evaluation Activities contained in [Section 5.1 Security Functional Requirements](#SFRs){.dynref} should provide the [ST](#abbr_ST) Authors Requirements](#SFRs){.dynref} should provide the [ST](#abbr_ST) Authors with sufficient information to determine the appropriate content for the with sufficient information to determine the appropriate content for the [TSS](#abbr_TSS) section. [TSS](#abbr_TSS) section. ::: {#ADV_FSP.1 .comp} ::: {#ADV_FSP.1 .comp} #### ADV\_FSP.1 Basic Functional Specification (ADV\_FSP.1) #### ADV\_FSP.1 Basic Functional Specification (ADV\_FSP.1) The functional specification describes the [TSFIs](#abbr_TSFI). It is The functional specification describes the [TSFIs](#abbr_TSFI). It is not necessary to have a formal or complete specification of these not necessary to have a formal or complete specification of these interfaces. Additionally, because TOEs conforming to this [PP](#abbr_PP) interfaces. Additionally, because TOEs conforming to this [PP](#abbr_PP) will necessarily have interfaces to the Operational Environment that are will necessarily have interfaces to the Operational Environment that are not directly invokable by [TOE](#abbr_TOE) users, there is little point not directly invokable by [TOE](#abbr_TOE) users, there is little point specifying that such interfaces be described in and of themselves since specifying that such interfaces be described in and of themselves since only indirect testing of such interfaces may be possible. For this only indirect testing of such interfaces may be possible. For this [PP](#abbr_PP), the activities for this family should focus on [PP](#abbr_PP), the activities for this family should focus on understanding the interfaces presented in the [TSS](#abbr_TSS), KMD, and understanding the interfaces presented in the [TSS](#abbr_TSS), KMD, and any other supplemental evidence that may be required to satisfy the any other supplemental evidence that may be required to satisfy the [TSS](#abbr_TSS) Evaluation Activities, such as a non-public interface [TSS](#abbr_TSS) Evaluation Activities, such as a non-public interface specification, in response to the functional requirements and the specification, in response to the functional requirements and the interfaces presented in the AGD documentation. No additional interfaces presented in the AGD documentation. No additional \"functional specification\" documentation is necessary to satisfy the \"functional specification\" documentation is necessary to satisfy the Evaluation Activities specified. The interfaces that need to be Evaluation Activities specified. The interfaces that need to be evaluated are characterized through the information needed to perform evaluated are characterized through the information needed to perform the Evaluation Activities listed, rather than as an independent, the Evaluation Activities listed, rather than as an independent, abstract list. abstract list. #### Developer action elements: #### Developer action elements: ::: {.element} ::: {.element} ::: {#ADV_FSP.1.1D .reqid} ::: {#ADV_FSP.1.1D .reqid} [ADV\_FSP.1.1D](#ADV_FSP.1.1D){.abbr} [ADV\_FSP.1.1D](#ADV_FSP.1.1D){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The developer shall provide a functional specification. The developer shall provide a functional specification. ::: ::: ::: ::: #### Content and presentation elements: #### Content and presentation elements: ::: {.element} ::: {.element} ::: {#ADV_FSP.1.1C .reqid} ::: {#ADV_FSP.1.1C .reqid} [ADV\_FSP.1.1C](#ADV_FSP.1.1C){.abbr} [ADV\_FSP.1.1C](#ADV_FSP.1.1C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The developer shall provide a tracing from the functional specification The developer shall provide a tracing from the functional specification to the SFRs. to the SFRs. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[As indicated in the introduction to [Application Note: ]{.note-header}[As indicated in the introduction to this section, the functional specification comprises the information this section, the functional specification comprises the information contained in the [TSS](#abbr_TSS), KMD, and any additional supplemental contained in the [TSS](#abbr_TSS), KMD, and any additional supplemental documentation. The developer may reference a website accessible to documentation. The developer may reference a website accessible to application developers and the evaluator. The Evaluation Activities in application developers and the evaluator. The Evaluation Activities in the functional requirements point to evidence that should exist in the the functional requirements point to evidence that should exist in the documentation and [TSS](#abbr_TSS) section; since these are directly documentation and [TSS](#abbr_TSS) section; since these are directly associated with the SFRs, the tracing in element associated with the SFRs, the tracing in element [ADV\_FSP.1](#ADV_FSP.1).2D is implicitly already done and no additional [ADV\_FSP.1](#ADV_FSP.1).2D is implicitly already done and no additional documentation is necessary.]{.note} documentation is necessary.]{.note} ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#ADV_FSP.1.2C .reqid} ::: {#ADV_FSP.1.2C .reqid} [ADV\_FSP.1.2C](#ADV_FSP.1.2C){.abbr} [ADV\_FSP.1.2C](#ADV_FSP.1.2C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The functional specification shall describe the purpose and method of The functional specification shall describe the purpose and method of use for each [SFR](#abbr_SFR)-enforcing and [SFR](#abbr_SFR)-supporting use for each [SFR](#abbr_SFR)-enforcing and [SFR](#abbr_SFR)-supporting [TSFI](#abbr_TSFI). [TSFI](#abbr_TSFI). ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#ADV_FSP.1.3C .reqid} ::: {#ADV_FSP.1.3C .reqid} [ADV\_FSP.1.3C](#ADV_FSP.1.3C){.abbr} [ADV\_FSP.1.3C](#ADV_FSP.1.3C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The functional specification shall identify all parameters associated The functional specification shall identify all parameters associated with each [SFR](#abbr_SFR)-enforcing and [SFR](#abbr_SFR)-supporting with each [SFR](#abbr_SFR)-enforcing and [SFR](#abbr_SFR)-supporting [TSFI](#abbr_TSFI). [TSFI](#abbr_TSFI). ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#ADV_FSP.1.4C .reqid} ::: {#ADV_FSP.1.4C .reqid} [ADV\_FSP.1.4C](#ADV_FSP.1.4C){.abbr} [ADV\_FSP.1.4C](#ADV_FSP.1.4C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The functional specification shall provide rationale for the implicit The functional specification shall provide rationale for the implicit categorization of interfaces as [SFR](#abbr_SFR)-non-interfering. categorization of interfaces as [SFR](#abbr_SFR)-non-interfering. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#ADV_FSP.1.5C .reqid} ::: {#ADV_FSP.1.5C .reqid} [ADV\_FSP.1.5C](#ADV_FSP.1.5C){.abbr} [ADV\_FSP.1.5C](#ADV_FSP.1.5C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The tracing shall demonstrate that the SFRs trace to [TSFIs](#abbr_TSFI) The tracing shall demonstrate that the SFRs trace to [TSFIs](#abbr_TSFI) in the functional specification. in the functional specification. ::: ::: ::: ::: #### Evaluator action elements: #### Evaluator action elements: ::: {.element} ::: {.element} ::: {#ADV_FSP.1.1E .reqid} ::: {#ADV_FSP.1.1E .reqid} [ADV\_FSP.1.1E](#ADV_FSP.1.1E){.abbr} [ADV\_FSP.1.1E](#ADV_FSP.1.1E){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The evaluator shall confirm that the information provided meets all The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. requirements for content and presentation of evidence. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#ADV_FSP.1.2E .reqid} ::: {#ADV_FSP.1.2E .reqid} [ADV\_FSP.1.2E](#ADV_FSP.1.2E){.abbr} [ADV\_FSP.1.2E](#ADV_FSP.1.2E){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The evaluator shall determine that the functional specification is an The evaluator shall determine that the functional specification is an accurate and complete instantiation of the SFRs. accurate and complete instantiation of the SFRs. ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [ADV\_FSP.1](#ADV_FSP.1) [ADV\_FSP.1](#ADV_FSP.1) ::: ::: There are no specific Evaluation Activities associated with these SARs, There are no specific Evaluation Activities associated with these SARs, except ensuring the information is provided. The functional except ensuring the information is provided. The functional specification documentation is provided to support the evaluation specification documentation is provided to support the evaluation activities described in [Section 5.1 Security Functional activities described in [Section 5.1 Security Functional Requirements](#SFRs){.dynref}, and other activities described for AGD, Requirements](#SFRs){.dynref}, and other activities described for AGD, ATE, and AVA SARs. The requirements on the content of the functional ATE, and AVA SARs. The requirements on the content of the functional specification information is implicitly assessed by virtue of the other specification information is implicitly assessed by virtue of the other Evaluation Activities being performed; if the evaluator is unable to Evaluation Activities being performed; if the evaluator is unable to perform an activity because there is insufficient interface information, perform an activity because there is insufficient interface information, then an adequate functional specification has not been provided. then an adequate functional specification has not been provided. ::: ::: ::: ::: ::: ::: ### 5.2.3 Class AGD: Guidance Documentation {#agd .indexable data-level="3"} ### 5.2.3 Class AGD: Guidance Documentation {#agd .indexable data-level="3"} The guidance documents will be provided with the [ST](#abbr_ST). The guidance documents will be provided with the [ST](#abbr_ST). Guidance must include a description of how the [IT](#abbr_IT) personnel Guidance must include a description of how the [IT](#abbr_IT) personnel verifies that the Operational Environment can fulfill its role for the verifies that the Operational Environment can fulfill its role for the security functionality. The documentation should be in an informal style security functionality. The documentation should be in an informal style and readable by the [IT](#abbr_IT) personnel. Guidance must be provided and readable by the [IT](#abbr_IT) personnel. Guidance must be provided for every operational environment that the product supports as claimed for every operational environment that the product supports as claimed in the [ST](#abbr_ST). This guidance includes instructions to in the [ST](#abbr_ST). This guidance includes instructions to successfully install the [TSF](#abbr_TSF) in that environment; and successfully install the [TSF](#abbr_TSF) in that environment; and Instructions to manage the security of the [TSF](#abbr_TSF) as a product Instructions to manage the security of the [TSF](#abbr_TSF) as a product and as a component of the larger operational environment. Guidance and as a component of the larger operational environment. Guidance pertaining to particular security functionality is also provided; pertaining to particular security functionality is also provided; requirements on such guidance are contained in the Evaluation Activities requirements on such guidance are contained in the Evaluation Activities specified with each requirement. specified with each requirement. ::: {#AGD_OPE.1 .comp} ::: {#AGD_OPE.1 .comp} #### AGD\_OPE.1 Operational User Guidance (AGD\_OPE.1) #### AGD\_OPE.1 Operational User Guidance (AGD\_OPE.1) #### Developer action elements: #### Developer action elements: ::: {.element} ::: {.element} ::: {#AGD_OPE.1.1D .reqid} ::: {#AGD_OPE.1.1D .reqid} [AGD\_OPE.1.1D](#AGD_OPE.1.1D){.abbr} [AGD\_OPE.1.1D](#AGD_OPE.1.1D){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The developer shall provide operational user guidance. The developer shall provide operational user guidance. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[The operational user guidance does [Application Note: ]{.note-header}[The operational user guidance does not have to be contained in a single document. Guidance to users, not have to be contained in a single document. Guidance to users, administrators and application developers can be spread among documents administrators and application developers can be spread among documents or web pages. Rather than repeat information here, the developer should or web pages. Rather than repeat information here, the developer should review the Evaluation Activities for this component to ascertain the review the Evaluation Activities for this component to ascertain the specifics of the guidance that the evaluator will be checking for. This specifics of the guidance that the evaluator will be checking for. This will provide the necessary information for the preparation of acceptable will provide the necessary information for the preparation of acceptable guidance.]{.note} guidance.]{.note} ::: ::: ::: ::: ::: ::: #### Content and presentation elements: #### Content and presentation elements: ::: {.element} ::: {.element} ::: {#AGD_OPE.1.1C .reqid} ::: {#AGD_OPE.1.1C .reqid} [AGD\_OPE.1.1C](#AGD_OPE.1.1C){.abbr} [AGD\_OPE.1.1C](#AGD_OPE.1.1C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The operational user guidance shall describe, for each user role, the The operational user guidance shall describe, for each user role, the user-accessible functions and privileges that should be controlled in a user-accessible functions and privileges that should be controlled in a secure processing environment, including appropriate warnings. secure processing environment, including appropriate warnings. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[User and administrator are to be [Application Note: ]{.note-header}[User and administrator are to be considered in the definition of user role.]{.note} considered in the definition of user role.]{.note} ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#AGD_OPE.1.2C .reqid} ::: {#AGD_OPE.1.2C .reqid} [AGD\_OPE.1.2C](#AGD_OPE.1.2C){.abbr} [AGD\_OPE.1.2C](#AGD_OPE.1.2C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The operational user guidance shall describe, for each user role, how to The operational user guidance shall describe, for each user role, how to use the available interfaces provided by the [TOE](#abbr_TOE) in a use the available interfaces provided by the [TOE](#abbr_TOE) in a secure manner. secure manner. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#AGD_OPE.1.3C .reqid} ::: {#AGD_OPE.1.3C .reqid} [AGD\_OPE.1.3C](#AGD_OPE.1.3C){.abbr} [AGD\_OPE.1.3C](#AGD_OPE.1.3C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The operational user guidance shall describe, for each user role, the The operational user guidance shall describe, for each user role, the available functions and interfaces, in particular all security available functions and interfaces, in particular all security parameters under the control of the user, indicating secure values as parameters under the control of the user, indicating secure values as appropriate. appropriate. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This portion of the operational user [Application Note: ]{.note-header}[ This portion of the operational user guidance should be presented in the form of a checklist that can be guidance should be presented in the form of a checklist that can be quickly executed by [IT](#abbr_IT) personnel (or end-users, when quickly executed by [IT](#abbr_IT) personnel (or end-users, when necessary) and suitable for use in compliance activities. When possible, necessary) and suitable for use in compliance activities. When possible, this guidance is to be expressed in the eXtensible Configuration this guidance is to be expressed in the eXtensible Configuration Checklist Description Format ([XCCDF](#abbr_XCCDF)) to support security Checklist Description Format ([XCCDF](#abbr_XCCDF)) to support security automation. Minimally, it should be presented in a structured format automation. Minimally, it should be presented in a structured format which includes a title for each configuration item, instructions for which includes a title for each configuration item, instructions for achieving the secure configuration, and any relevant rationale. ]{.note} achieving the secure configuration, and any relevant rationale. ]{.note} ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#AGD_OPE.1.4C .reqid} ::: {#AGD_OPE.1.4C .reqid} [AGD\_OPE.1.4C](#AGD_OPE.1.4C){.abbr} [AGD\_OPE.1.4C](#AGD_OPE.1.4C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The operational user guidance shall, for each user role, clearly present The operational user guidance shall, for each user role, clearly present each type of security-relevant event relative to the user-accessible each type of security-relevant event relative to the user-accessible functions that need to be performed, including changing the security functions that need to be performed, including changing the security characteristics of entities under the control of the [TSF](#abbr_TSF). characteristics of entities under the control of the [TSF](#abbr_TSF). ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#AGD_OPE.1.5C .reqid} ::: {#AGD_OPE.1.5C .reqid} [AGD\_OPE.1.5C](#AGD_OPE.1.5C){.abbr} [AGD\_OPE.1.5C](#AGD_OPE.1.5C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The operational user guidance shall identify all possible modes of The operational user guidance shall identify all possible modes of operation of the [TOE](#abbr_TOE) (including operation following failure operation of the [TOE](#abbr_TOE) (including operation following failure or operational error), their consequences, and implications for or operational error), their consequences, and implications for maintaining secure operation. maintaining secure operation. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#AGD_OPE.1.6C .reqid} ::: {#AGD_OPE.1.6C .reqid} [AGD\_OPE.1.6C](#AGD_OPE.1.6C){.abbr} [AGD\_OPE.1.6C](#AGD_OPE.1.6C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The operational user guidance shall, for each user role, describe the The operational user guidance shall, for each user role, describe the security measures to be followed in order to fulfill the security security measures to be followed in order to fulfill the security objectives for the operational environment as described in the objectives for the operational environment as described in the [ST](#abbr_ST). [ST](#abbr_ST). ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#AGD_OPE.1.7C .reqid} ::: {#AGD_OPE.1.7C .reqid} [AGD\_OPE.1.7C](#AGD_OPE.1.7C){.abbr} [AGD\_OPE.1.7C](#AGD_OPE.1.7C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The operational user guidance shall be clear and reasonable. The operational user guidance shall be clear and reasonable. ::: ::: ::: ::: #### Evaluator action elements: #### Evaluator action elements: ::: {.element} ::: {.element} ::: {#AGD_OPE.1.1E .reqid} ::: {#AGD_OPE.1.1E .reqid} [AGD\_OPE.1.1E](#AGD_OPE.1.1E){.abbr} [AGD\_OPE.1.1E](#AGD_OPE.1.1E){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The evaluator shall confirm that the information provided meets all The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. requirements for content and presentation of evidence. ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [AGD\_OPE.1](#AGD_OPE.1) [AGD\_OPE.1](#AGD_OPE.1) ::: ::: Some of the contents of the operational guidance are verified by the Some of the contents of the operational guidance are verified by the Evaluation Activities in [Section 5.1 Security Functional Evaluation Activities in [Section 5.1 Security Functional Requirements](#SFRs){.dynref} and evaluation of the [TOE](#abbr_TOE) Requirements](#SFRs){.dynref} and evaluation of the [TOE](#abbr_TOE) according to the [\[CEM\]](#bibCEM). The following additional according to the [\[CEM\]](#bibCEM). The following additional information is also required: information is also required: - If cryptographic functions are provided by the [TOE](#abbr_TOE), the - If cryptographic functions are provided by the [TOE](#abbr_TOE), the operational guidance shall contain instructions for configuring the operational guidance shall contain instructions for configuring the cryptographic engine associated with the evaluated configuration of cryptographic engine associated with the evaluated configuration of the [TOE](#abbr_TOE). It shall provide a warning to the the [TOE](#abbr_TOE). It shall provide a warning to the administrator that use of other cryptographic engines was not administrator that use of other cryptographic engines was not evaluated nor tested during the [CC](#abbr_CC) evaluation of the evaluated nor tested during the [CC](#abbr_CC) evaluation of the [TOE](#abbr_TOE). [TOE](#abbr_TOE). - If the [TOE](#abbr_TOE) supports firmware updates, the documentation - If the [TOE](#abbr_TOE) supports firmware updates, the documentation must describe the process for verifying updates to the must describe the process for verifying updates to the [TOE](#abbr_TOE) by verifying a digital signature -- this may be [TOE](#abbr_TOE) by verifying a digital signature -- this may be done by the [TOE](#abbr_TOE) or the underlying platform. The done by the [TOE](#abbr_TOE) or the underlying platform. The evaluator will verify that this process includes the following evaluator will verify that this process includes the following steps: Instructions for obtaining the update itself. This should steps: Instructions for obtaining the update itself. This should include instructions for making the update accessible to the include instructions for making the update accessible to the [TOE](#abbr_TOE) (e.g., placement in a specific directory). [TOE](#abbr_TOE) (e.g., placement in a specific directory). Instructions for initiating the update process, as well as Instructions for initiating the update process, as well as discerning whether the process was successful or unsuccessful. This discerning whether the process was successful or unsuccessful. This includes generation of the hash/digital signature. includes generation of the hash/digital signature. The [TOE](#abbr_TOE) will likely contain security functionality that The [TOE](#abbr_TOE) will likely contain security functionality that does not fall in the scope of evaluation under this [PP](#abbr_PP). The does not fall in the scope of evaluation under this [PP](#abbr_PP). The operational guidance shall make it clear to an administrator which operational guidance shall make it clear to an administrator which security functionality is covered by the evaluation activities. security functionality is covered by the evaluation activities. ::: ::: ::: ::: ::: ::: ::: {#AGD_PRE.1 .comp} ::: {#AGD_PRE.1 .comp} #### AGD\_PRE.1 Preparative Procedures (AGD\_PRE.1) #### AGD\_PRE.1 Preparative Procedures (AGD\_PRE.1) #### Developer action elements: #### Developer action elements: ::: {.element} ::: {.element} ::: {#AGD_PRE.1.1D .reqid} ::: {#AGD_PRE.1.1D .reqid} [AGD\_PRE.1.1D](#AGD_PRE.1.1D){.abbr} [AGD\_PRE.1.1D](#AGD_PRE.1.1D){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The developer shall provide the [TOE](#abbr_TOE), including its The developer shall provide the [TOE](#abbr_TOE), including its preparative procedures. preparative procedures. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[As with the operational guidance, the [Application Note: ]{.note-header}[As with the operational guidance, the developer should look to the Evaluation Activities to determine the developer should look to the Evaluation Activities to determine the required content with respect to preparative procedures.]{.note} required content with respect to preparative procedures.]{.note} ::: ::: ::: ::: ::: ::: #### Content and presentation elements: #### Content and presentation elements: ::: {.element} ::: {.element} ::: {#AGD_PRE.1.1C .reqid} ::: {#AGD_PRE.1.1C .reqid} [AGD\_PRE.1.1C](#AGD_PRE.1.1C){.abbr} [AGD\_PRE.1.1C](#AGD_PRE.1.1C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The preparative procedures shall describe all the steps necessary for The preparative procedures shall describe all the steps necessary for secure acceptance of the delivered [TOE](#abbr_TOE) in accordance with secure acceptance of the delivered [TOE](#abbr_TOE) in accordance with the developer\'s delivery procedures. the developer\'s delivery procedures. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#AGD_PRE.1.2C .reqid} ::: {#AGD_PRE.1.2C .reqid} [AGD\_PRE.1.2C](#AGD_PRE.1.2C){.abbr} [AGD\_PRE.1.2C](#AGD_PRE.1.2C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The preparative procedures shall describe all the steps necessary for The preparative procedures shall describe all the steps necessary for secure installation of the [TOE](#abbr_TOE) and for the secure secure installation of the [TOE](#abbr_TOE) and for the secure preparation of the operational environment in accordance with the preparation of the operational environment in accordance with the security objectives for the operational environment as described in the security objectives for the operational environment as described in the [ST](#abbr_ST). [ST](#abbr_ST). ::: ::: ::: ::: #### Evaluator action elements: #### Evaluator action elements: ::: {.element} ::: {.element} ::: {#AGD_PRE.1.1E .reqid} ::: {#AGD_PRE.1.1E .reqid} [AGD\_PRE.1.1E](#AGD_PRE.1.1E){.abbr} [AGD\_PRE.1.1E](#AGD_PRE.1.1E){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The evaluator shall confirm that the information provided meets all The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. requirements for content and presentation of evidence. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#AGD_PRE.1.2E .reqid} ::: {#AGD_PRE.1.2E .reqid} [AGD\_PRE.1.2E](#AGD_PRE.1.2E){.abbr} [AGD\_PRE.1.2E](#AGD_PRE.1.2E){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The evaluator shall apply the preparative procedures to confirm that the The evaluator shall apply the preparative procedures to confirm that the [TOE](#abbr_TOE) can be prepared securely for operation. [TOE](#abbr_TOE) can be prepared securely for operation. ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [AGD\_PRE.1](#AGD_PRE.1) [AGD\_PRE.1](#AGD_PRE.1) ::: ::: As indicated in the introduction above, there are significant As indicated in the introduction above, there are significant expectations with respect to the documentation---especially when expectations with respect to the documentation---especially when configuring the operational environment to support [TOE](#abbr_TOE) configuring the operational environment to support [TOE](#abbr_TOE) functional requirements. functional requirements. ::: ::: ::: ::: ::: ::: ### 5.2.4 Class ALC: Life-cycle Support {#alc .indexable data-level="3"} ### 5.2.4 Class ALC: Life-cycle Support {#alc .indexable data-level="3"} At the assurance level provided for TOEs conformant to this At the assurance level provided for TOEs conformant to this [PP](#abbr_PP), life-cycle support is limited to end-user-visible [PP](#abbr_PP), life-cycle support is limited to end-user-visible aspects of the life-cycle, rather than an examination of the aspects of the life-cycle, rather than an examination of the [TOE](#abbr_TOE) vendor's development and configuration management [TOE](#abbr_TOE) vendor's development and configuration management process. This is not meant to diminish the critical role that a process. This is not meant to diminish the critical role that a developer's practices play in contributing to the overall developer's practices play in contributing to the overall trustworthiness of a product; rather, it is a reflection on the trustworthiness of a product; rather, it is a reflection on the information to be made available for evaluation at this assurance level. information to be made available for evaluation at this assurance level. ::: {#ALC_CMC.1 .comp} ::: {#ALC_CMC.1 .comp} #### ALC\_CMC.1 Labeling of the TOE (ALC\_CMC.1) #### ALC\_CMC.1 Labeling of the TOE (ALC\_CMC.1) This component is targeted at identifying the [TOE](#abbr_TOE) such that This component is targeted at identifying the [TOE](#abbr_TOE) such that it can be distinguished from other products or versions from the same it can be distinguished from other products or versions from the same vendor and can be easily specified when being procured by an end user. vendor and can be easily specified when being procured by an end user. #### Developer action elements: #### Developer action elements: ::: {.element} ::: {.element} ::: {#ALC_CMC.1.1D .reqid} ::: {#ALC_CMC.1.1D .reqid} [ALC\_CMC.1.1D](#ALC_CMC.1.1D){.abbr} [ALC\_CMC.1.1D](#ALC_CMC.1.1D){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The developer shall provide the [TOE](#abbr_TOE) and a reference for the The developer shall provide the [TOE](#abbr_TOE) and a reference for the [TOE](#abbr_TOE). [TOE](#abbr_TOE). ::: ::: ::: ::: #### Content and presentation elements: #### Content and presentation elements: ::: {.element} ::: {.element} ::: {#ALC_CMC.1.1C .reqid} ::: {#ALC_CMC.1.1C .reqid} [ALC\_CMC.1.1C](#ALC_CMC.1.1C){.abbr} [ALC\_CMC.1.1C](#ALC_CMC.1.1C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TOE](#abbr_TOE) shall be labeled with a unique reference. The [TOE](#abbr_TOE) shall be labeled with a unique reference. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ Unique reference information [Application Note: ]{.note-header}[ Unique reference information includes: ]{.note} includes: ]{.note} - [TOE](#abbr_TOE) Model Name - [TOE](#abbr_TOE) Model Name - [TOE](#abbr_TOE) Version - [TOE](#abbr_TOE) Version - [TOE](#abbr_TOE) Description - [TOE](#abbr_TOE) Description - Software Identification ([SWID](#abbr_SWID)) tags, if available - Software Identification ([SWID](#abbr_SWID)) tags, if available ::: ::: ::: ::: ::: ::: #### Evaluator action elements: #### Evaluator action elements: ::: {.element} ::: {.element} ::: {#ALC_CMC.1.1E .reqid} ::: {#ALC_CMC.1.1E .reqid} [ALC\_CMC.1.1E](#ALC_CMC.1.1E){.abbr} [ALC\_CMC.1.1E](#ALC_CMC.1.1E){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The evaluator shall confirm that the information provided meets all The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. requirements for content and presentation of evidence. ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [ALC\_CMC.1](#ALC_CMC.1) [ALC\_CMC.1](#ALC_CMC.1) ::: ::: The evaluator will check the [ST](#abbr_ST) to ensure that it contains The evaluator will check the [ST](#abbr_ST) to ensure that it contains sufficient information to specifically identify the the [TOE](#abbr_TOE) sufficient information to specifically identify the the [TOE](#abbr_TOE) and the version that meets the requirements of the [ST](#abbr_ST). and the version that meets the requirements of the [ST](#abbr_ST). Further, the evaluator will check the AGD guidance and [TOE](#abbr_TOE) Further, the evaluator will check the AGD guidance and [TOE](#abbr_TOE) samples received for testing to ensure that the version number is samples received for testing to ensure that the version number is consistent with that in the [ST](#abbr_ST). If the vendor maintains a consistent with that in the [ST](#abbr_ST). If the vendor maintains a web site advertising the [TOE](#abbr_TOE), the evaluator will examine web site advertising the [TOE](#abbr_TOE), the evaluator will examine the information on the web site to ensure that the information in the the information on the web site to ensure that the information in the [ST](#abbr_ST) is sufficient to distinguish the product. [ST](#abbr_ST) is sufficient to distinguish the product. ::: ::: ::: ::: ::: ::: ::: {#ALC_CMS.1 .comp} ::: {#ALC_CMS.1 .comp} #### ALC\_CMS.1 TOE CM Coverage (ALC\_CMS.1) #### ALC\_CMS.1 TOE CM Coverage (ALC\_CMS.1) Given the scope of the [TOE](#abbr_TOE) and its associated evaluation Given the scope of the [TOE](#abbr_TOE) and its associated evaluation evidence requirements, this component's Evaluation Activities are evidence requirements, this component's Evaluation Activities are covered by the Evaluation Activities listed for covered by the Evaluation Activities listed for [ALC\_CMC.1](#ALC_CMC.1). [ALC\_CMC.1](#ALC_CMC.1). #### Developer action elements: #### Developer action elements: ::: {.element} ::: {.element} ::: {#ALC_CMS.1.1D .reqid} ::: {#ALC_CMS.1.1D .reqid} [ALC\_CMS.1.1D](#ALC_CMS.1.1D){.abbr} [ALC\_CMS.1.1D](#ALC_CMS.1.1D){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The developer shall provide a configuration list for the The developer shall provide a configuration list for the [TOE](#abbr_TOE). [TOE](#abbr_TOE). ::: ::: ::: ::: #### Content and presentation elements: #### Content and presentation elements: ::: {.element} ::: {.element} ::: {#ALC_CMS.1.1C .reqid} ::: {#ALC_CMS.1.1C .reqid} [ALC\_CMS.1.1C](#ALC_CMS.1.1C){.abbr} [ALC\_CMS.1.1C](#ALC_CMS.1.1C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The configuration list shall include the following: the [TOE](#abbr_TOE) The configuration list shall include the following: the [TOE](#abbr_TOE) itself; and the evaluation evidence required by the SARs. itself; and the evaluation evidence required by the SARs. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#ALC_CMS.1.2C .reqid} ::: {#ALC_CMS.1.2C .reqid} [ALC\_CMS.1.2C](#ALC_CMS.1.2C){.abbr} [ALC\_CMS.1.2C](#ALC_CMS.1.2C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The configuration list shall uniquely identify the configuration items. The configuration list shall uniquely identify the configuration items. ::: ::: ::: ::: #### Evaluator action elements: #### Evaluator action elements: ::: {.element} ::: {.element} ::: {#ALC_CMS.1.1E .reqid} ::: {#ALC_CMS.1.1E .reqid} [ALC\_CMS.1.1E](#ALC_CMS.1.1E){.abbr} [ALC\_CMS.1.1E](#ALC_CMS.1.1E){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The evaluator shall confirm that the information provided meets all The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. requirements for content and presentation of evidence. ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [ALC\_CMS.1](#ALC_CMS.1) [ALC\_CMS.1](#ALC_CMS.1) ::: ::: The \"evaluation evidence required by the SARs\" in this [PP](#abbr_PP) The \"evaluation evidence required by the SARs\" in this [PP](#abbr_PP) is limited to the information in the [ST](#abbr_ST) coupled with the is limited to the information in the [ST](#abbr_ST) coupled with the guidance provided to administrators and users under the AGD guidance provided to administrators and users under the AGD requirements. By ensuring that the [OS](#abbr_OS) is specifically requirements. By ensuring that the [OS](#abbr_OS) is specifically identified and that this identification is consistent in the identified and that this identification is consistent in the [ST](#abbr_ST) and in the AGD guidance (as done in the Evaluation [ST](#abbr_ST) and in the AGD guidance (as done in the Evaluation Activity for [ALC\_CMC.1](#ALC_CMC.1)), the evaluator implicitly Activity for [ALC\_CMC.1](#ALC_CMC.1)), the evaluator implicitly confirms the information required by this component. Life-cycle support confirms the information required by this component. Life-cycle support is targeted aspects of the developer's life-cycle and instructions to is targeted aspects of the developer's life-cycle and instructions to providers of applications for the developer's devices, rather than an providers of applications for the developer's devices, rather than an in-depth examination of the [TSF](#abbr_TSF) manufacturer's development in-depth examination of the [TSF](#abbr_TSF) manufacturer's development and configuration management process. This is not meant to diminish the and configuration management process. This is not meant to diminish the critical role that a developer's practices play in contributing to the critical role that a developer's practices play in contributing to the overall trustworthiness of a product; rather, it's a reflection on the overall trustworthiness of a product; rather, it's a reflection on the information to be made available for evaluation. information to be made available for evaluation. The evaluator will ensure that the developer has identified (in guidance The evaluator will ensure that the developer has identified (in guidance documentation for application developers concerning the targeted documentation for application developers concerning the targeted platform) one or more development environments appropriate for use in platform) one or more development environments appropriate for use in developing applications for the developer's platform. For each of these developing applications for the developer's platform. For each of these development environments, the developer shall provide information on how development environments, the developer shall provide information on how to configure the environment to ensure that buffer overflow protection to configure the environment to ensure that buffer overflow protection mechanisms in the environment(s) are invoked (e.g., compiler and linker mechanisms in the environment(s) are invoked (e.g., compiler and linker flags). The evaluator will ensure that this documentation also includes flags). The evaluator will ensure that this documentation also includes an indication of whether such protections are on by default, or have to an indication of whether such protections are on by default, or have to be specifically enabled. The evaluator will ensure that the be specifically enabled. The evaluator will ensure that the [TSF](#abbr_TSF) is uniquely identified (with respect to other products [TSF](#abbr_TSF) is uniquely identified (with respect to other products from the [TSF](#abbr_TSF) vendor), and that documentation provided by from the [TSF](#abbr_TSF) vendor), and that documentation provided by the developer in association with the requirements in the [ST](#abbr_ST) the developer in association with the requirements in the [ST](#abbr_ST) is associated with the [TSF](#abbr_TSF) using this unique is associated with the [TSF](#abbr_TSF) using this unique identification. identification. ::: ::: ::: ::: ::: ::: ::: {#ALC_TSU_EXT.1 .comp} ::: {#ALC_TSU_EXT.1 .comp} #### ALC\_TSU\_EXT.1 Timely Security Updates #### ALC\_TSU\_EXT.1 Timely Security Updates This component requires the [TOE](#abbr_TOE) developer, in conjunction This component requires the [TOE](#abbr_TOE) developer, in conjunction with any other necessary parties, to provide information as to how the with any other necessary parties, to provide information as to how the [TOE](#abbr_TOE) is updated to address security issues in a timely [TOE](#abbr_TOE) is updated to address security issues in a timely manner. The documentation describes the process of providing updates to manner. The documentation describes the process of providing updates to the public from the time a security flaw is reported/discovered, to the the public from the time a security flaw is reported/discovered, to the time an update is released. This description includes the parties time an update is released. This description includes the parties involved (e.g., developer/[OEM](#abbr_OEM), component manufacturers) and involved (e.g., developer/[OEM](#abbr_OEM), component manufacturers) and the steps that are performed (e.g., developer testing), including worst the steps that are performed (e.g., developer testing), including worst case time periods, before an update is made available to the public. case time periods, before an update is made available to the public. For [TOE](#abbr_TOE) implementations with immutable firmware, update For [TOE](#abbr_TOE) implementations with immutable firmware, update might not be possible other than through replacement of the entire might not be possible other than through replacement of the entire device. In this case, delivery of a new device with the necessary device. In this case, delivery of a new device with the necessary security fixes would constitute deployment of the security update. security fixes would constitute deployment of the security update. #### Developer action elements: #### Developer action elements: ::: {.element} ::: {.element} ::: {#ALC_TSU_EXT.1.1D .reqid} ::: {#ALC_TSU_EXT.1.1D .reqid} [ALC\_TSU\_EXT.1.1D](#ALC_TSU_EXT.1.1D){.abbr} [ALC\_TSU\_EXT.1.1D](#ALC_TSU_EXT.1.1D){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The developer shall provide a description in the [TSS](#abbr_TSS) of how The developer shall provide a description in the [TSS](#abbr_TSS) of how timely security updates are made to the [TOE](#abbr_TOE). timely security updates are made to the [TOE](#abbr_TOE). ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#ALC_TSU_EXT.1.2D .reqid} ::: {#ALC_TSU_EXT.1.2D .reqid} [ALC\_TSU\_EXT.1.2D](#ALC_TSU_EXT.1.2D){.abbr} [ALC\_TSU\_EXT.1.2D](#ALC_TSU_EXT.1.2D){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The developer shall provide a description in the [TSS](#abbr_TSS) of how The developer shall provide a description in the [TSS](#abbr_TSS) of how users are notified when updates change security properties or the users are notified when updates change security properties or the configuration of the product. configuration of the product. ::: ::: ::: ::: #### Content and presentation elements: #### Content and presentation elements: ::: {.element} ::: {.element} ::: {#ALC_TSU_EXT.1.1C .reqid} ::: {#ALC_TSU_EXT.1.1C .reqid} [ALC\_TSU\_EXT.1.1C](#ALC_TSU_EXT.1.1C){.abbr} [ALC\_TSU\_EXT.1.1C](#ALC_TSU_EXT.1.1C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The description shall include the process for creating and deploying The description shall include the process for creating and deploying security updates for [TOE](#abbr_TOE) firmware. security updates for [TOE](#abbr_TOE) firmware. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#ALC_TSU_EXT.1.2C .reqid} ::: {#ALC_TSU_EXT.1.2C .reqid} [ALC\_TSU\_EXT.1.2C](#ALC_TSU_EXT.1.2C){.abbr} [ALC\_TSU\_EXT.1.2C](#ALC_TSU_EXT.1.2C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The description shall include the mechanisms publicly available for The description shall include the mechanisms publicly available for reporting security issues pertaining to the [TOE](#abbr_TOE). reporting security issues pertaining to the [TOE](#abbr_TOE). ::: {.appnote} ::: {.appnote} [ Note: ]{.note-header}[ The reporting mechanism could include web [ Note: ]{.note-header}[ The reporting mechanism could include web sites, email addresses, as well as a means to protect the sensitive sites, email addresses, as well as a means to protect the sensitive nature of the report (e.g., public keys that could be used to encrypt nature of the report (e.g., public keys that could be used to encrypt the details of a proof-of-concept exploit). ]{.note} the details of a proof-of-concept exploit). ]{.note} ::: ::: ::: ::: ::: ::: #### Evaluator action elements: #### Evaluator action elements: ::: {.element} ::: {.element} ::: {#ALC_TSU_EXT.1.1E .reqid} ::: {#ALC_TSU_EXT.1.1E .reqid} [ALC\_TSU\_EXT.1.1E](#ALC_TSU_EXT.1.1E){.abbr} [ALC\_TSU\_EXT.1.1E](#ALC_TSU_EXT.1.1E){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The evaluator shall confirm that the information provided meets all The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. requirements for content and presentation of evidence. ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [ALC\_TSU\_EXT.1](#ALC_TSU_EXT.1) [ALC\_TSU\_EXT.1](#ALC_TSU_EXT.1) ::: ::: The evaluator will verify that the [TSS](#abbr_TSS) contains a The evaluator will verify that the [TSS](#abbr_TSS) contains a description of the timely security update process used by the developer description of the timely security update process used by the developer to create and deploy security updates for [TOE](#abbr_TOE) firmware. The to create and deploy security updates for [TOE](#abbr_TOE) firmware. The evaluator will also verify that, in addition to the [TOE](#abbr_TOE) evaluator will also verify that, in addition to the [TOE](#abbr_TOE) developer's process, any third-party processes are also addressed in the developer's process, any third-party processes are also addressed in the description. The evaluator will also verify that each mechanism for description. The evaluator will also verify that each mechanism for deployment of security updates is described. deployment of security updates is described. The evaluator will verify that, for each deployment mechanism described The evaluator will verify that, for each deployment mechanism described for the update process, the [TSS](#abbr_TSS) lists a time between public for the update process, the [TSS](#abbr_TSS) lists a time between public disclosure of a vulnerability and public availability of the security disclosure of a vulnerability and public availability of the security update to the [TOE](#abbr_TOE) patching this vulnerability. The update to the [TOE](#abbr_TOE) patching this vulnerability. The evaluator will verify that this time is expressed in a number or range evaluator will verify that this time is expressed in a number or range of days. of days. The evaluator will verify that this description includes the publicly The evaluator will verify that this description includes the publicly available mechanisms (including either an email address or website) for available mechanisms (including either an email address or website) for reporting security issues related to the [TOE](#abbr_TOE). The evaluator reporting security issues related to the [TOE](#abbr_TOE). The evaluator shall verify that the description of this mechanism includes a method shall verify that the description of this mechanism includes a method for protecting the report either using a public key for encrypting email for protecting the report either using a public key for encrypting email or a trusted channel for a website. or a trusted channel for a website. ::: ::: ::: ::: ::: ::: ### 5.2.5 Class ATE: Tests {#ate .indexable data-level="3"} ### 5.2.5 Class ATE: Tests {#ate .indexable data-level="3"} Testing is specified for functional aspects of the system as well as Testing is specified for functional aspects of the system as well as aspects that take advantage of design or implementation weaknesses. The aspects that take advantage of design or implementation weaknesses. The former is done through the ATE\_IND family, while the latter is through former is done through the ATE\_IND family, while the latter is through the AVA\_VAN family. At the assurance level specified in this the AVA\_VAN family. At the assurance level specified in this [PP](#abbr_PP), testing is based on advertised functionality and [PP](#abbr_PP), testing is based on advertised functionality and interfaces with dependency on the availability of design information. interfaces with dependency on the availability of design information. One of the primary outputs of the evaluation process is the test report One of the primary outputs of the evaluation process is the test report as specified in the following requirements. as specified in the following requirements. ::: {#ATE_IND.1 .comp} ::: {#ATE_IND.1 .comp} #### ATE\_IND.1 Independent Testing -- Conformance (ATE\_IND.1) #### ATE\_IND.1 Independent Testing -- Conformance (ATE\_IND.1) Testing is performed to confirm the functionality described in the Testing is performed to confirm the functionality described in the [TSS](#abbr_TSS) as well as the administrative (including configuration [TSS](#abbr_TSS) as well as the administrative (including configuration and operational) documentation provided. The focus of the testing is to and operational) documentation provided. The focus of the testing is to confirm that the requirements specified in [Section 5.1 Security confirm that the requirements specified in [Section 5.1 Security Functional Requirements](#SFRs){.dynref} being met, although some Functional Requirements](#SFRs){.dynref} being met, although some additional testing is specified for SARs in [Section 5.2 Security additional testing is specified for SARs in [Section 5.2 Security Assurance Requirements](#SARs){.dynref}. The Evaluation Activities Assurance Requirements](#SARs){.dynref}. The Evaluation Activities identify the additional testing activities associated with these identify the additional testing activities associated with these components. The evaluator produces a test report documenting the plan components. The evaluator produces a test report documenting the plan for and results of testing, as well as coverage arguments focused on the for and results of testing, as well as coverage arguments focused on the hardware configurations that are claiming conformance to this hardware configurations that are claiming conformance to this [PP](#abbr_PP). Given the scope of the [TOE](#abbr_TOE) and its [PP](#abbr_PP). Given the scope of the [TOE](#abbr_TOE) and its associated evaluation evidence requirements, this component's Evaluation associated evaluation evidence requirements, this component's Evaluation Activities are covered by the Evaluation Activities listed for Activities are covered by the Evaluation Activities listed for [ALC\_CMC.1](#ALC_CMC.1). [ALC\_CMC.1](#ALC_CMC.1). #### Developer action elements: #### Developer action elements: ::: {.element} ::: {.element} ::: {#ATE_IND.1.1D .reqid} ::: {#ATE_IND.1.1D .reqid} [ATE\_IND.1.1D](#ATE_IND.1.1D){.abbr} [ATE\_IND.1.1D](#ATE_IND.1.1D){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The developer shall provide the [TOE](#abbr_TOE) for testing. The developer shall provide the [TOE](#abbr_TOE) for testing. ::: ::: ::: ::: #### Content and presentation elements: #### Content and presentation elements: ::: {.element} ::: {.element} ::: {#ATE_IND.1.1C .reqid} ::: {#ATE_IND.1.1C .reqid} [ATE\_IND.1.1C](#ATE_IND.1.1C){.abbr} [ATE\_IND.1.1C](#ATE_IND.1.1C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TOE](#abbr_TOE) shall be suitable for testing. The [TOE](#abbr_TOE) shall be suitable for testing. ::: ::: ::: ::: #### Evaluator action elements: #### Evaluator action elements: ::: {.element} ::: {.element} ::: {#ATE_IND.1.1E .reqid} ::: {#ATE_IND.1.1E .reqid} [ATE\_IND.1.1E](#ATE_IND.1.1E){.abbr} [ATE\_IND.1.1E](#ATE_IND.1.1E){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The evaluator *shall confirm* that the information provided meets all The evaluator *shall confirm* that the information provided meets all requirements for content and presentation of evidence. requirements for content and presentation of evidence. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#ATE_IND.1.2E .reqid} ::: {#ATE_IND.1.2E .reqid} [ATE\_IND.1.2E](#ATE_IND.1.2E){.abbr} [ATE\_IND.1.2E](#ATE_IND.1.2E){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The evaluator shall test a subset of the [TSF](#abbr_TSF) to confirm The evaluator shall test a subset of the [TSF](#abbr_TSF) to confirm that the [TSF](#abbr_TSF) operates as specified. that the [TSF](#abbr_TSF) operates as specified. ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [ATE\_IND.1](#ATE_IND.1) [ATE\_IND.1](#ATE_IND.1) ::: ::: The evaluator will prepare a test plan and report documenting the The evaluator will prepare a test plan and report documenting the testing aspects of the system, including any application crashes during testing aspects of the system, including any application crashes during testing. The evaluator shall determine the root cause of any application testing. The evaluator shall determine the root cause of any application crashes and include that information in the report. The test plan covers crashes and include that information in the report. The test plan covers all of the testing actions contained in the [\[CEM\]](#bibCEM) and the all of the testing actions contained in the [\[CEM\]](#bibCEM) and the body of this [PP](#abbr_PP)'s Assurance Activities. body of this [PP](#abbr_PP)'s Assurance Activities. While it is not necessary to have one test case per test listed in an While it is not necessary to have one test case per test listed in an Assurance Activity, the evaluator must document in the test plan that Assurance Activity, the evaluator must document in the test plan that each applicable testing requirement in the [ST](#abbr_ST) is covered. each applicable testing requirement in the [ST](#abbr_ST) is covered. The test plan identifies the platforms to be tested, and for those The test plan identifies the platforms to be tested, and for those platforms not included in the test plan but included in the platforms not included in the test plan but included in the [ST](#abbr_ST), the test plan provides a justification for not testing [ST](#abbr_ST), the test plan provides a justification for not testing the platforms. This justification must address the differences between the platforms. This justification must address the differences between the tested platforms and the untested platforms, and make an argument the tested platforms and the untested platforms, and make an argument that the differences do not affect the testing to be performed. It is that the differences do not affect the testing to be performed. It is not sufficient to merely assert that the differences have no affect; not sufficient to merely assert that the differences have no affect; rationale must be provided. If all platforms claimed in the rationale must be provided. If all platforms claimed in the [ST](#abbr_ST) are tested, then no rationale is necessary. The test plan [ST](#abbr_ST) are tested, then no rationale is necessary. The test plan describes the composition of each platform to be tested, and any setup describes the composition of each platform to be tested, and any setup that is necessary beyond what is contained in the AGD documentation. It that is necessary beyond what is contained in the AGD documentation. It should be noted that the evaluator is expected to follow the AGD should be noted that the evaluator is expected to follow the AGD documentation for installation and setup of each platform either as part documentation for installation and setup of each platform either as part of a test or as a standard pre-test condition. This may include special of a test or as a standard pre-test condition. This may include special test drivers or tools. For each driver or tool, an argument (not just an test drivers or tools. For each driver or tool, an argument (not just an assertion) should be provided that the driver or tool will not adversely assertion) should be provided that the driver or tool will not adversely affect the performance of the functionality by the [OS](#abbr_OS) and affect the performance of the functionality by the [OS](#abbr_OS) and its platform. its platform. This also includes the configuration of the cryptographic engine to be This also includes the configuration of the cryptographic engine to be used. The cryptographic algorithms implemented by this engine are those used. The cryptographic algorithms implemented by this engine are those specified by this [PP](#abbr_PP) and used by the cryptographic protocols specified by this [PP](#abbr_PP) and used by the cryptographic protocols being evaluated (IPsec, [TLS](#abbr_TLS)). The test plan identifies being evaluated (IPsec, [TLS](#abbr_TLS)). The test plan identifies high-level test objectives as well as the test procedures to be followed high-level test objectives as well as the test procedures to be followed to achieve those objectives. These procedures include expected results. to achieve those objectives. These procedures include expected results. The test report (which could just be an annotated version of the test The test report (which could just be an annotated version of the test plan) details the activities that took place when the test procedures plan) details the activities that took place when the test procedures were executed, and includes the actual results of the tests. This shall were executed, and includes the actual results of the tests. This shall be a cumulative account, so if there was a test run that resulted in a be a cumulative account, so if there was a test run that resulted in a failure; a fix installed; and then a successful re-run of the test, the failure; a fix installed; and then a successful re-run of the test, the report would show a "fail" and "pass" result (and the supporting report would show a "fail" and "pass" result (and the supporting details), and not just the "pass" result. details), and not just the "pass" result. ::: ::: ::: ::: ::: ::: ### 5.2.6 Class AVA: Vulnerability Assessment {#ava .indexable data-level="3"} ### 5.2.6 Class AVA: Vulnerability Assessment {#ava .indexable data-level="3"} For the first generation of this protection profile, the evaluation lab For the first generation of this protection profile, the evaluation lab is expected to survey open sources to discover what vulnerabilities have is expected to survey open sources to discover what vulnerabilities have been discovered in these types of products. In most cases, these been discovered in these types of products. In most cases, these vulnerabilities will require sophistication beyond that of a basic vulnerabilities will require sophistication beyond that of a basic attacker. Until penetration tools are created and uniformly distributed attacker. Until penetration tools are created and uniformly distributed to the evaluation labs, the evaluator will not be expected to test for to the evaluation labs, the evaluator will not be expected to test for these vulnerabilities in the [TOE](#abbr_TOE). The labs will be expected these vulnerabilities in the [TOE](#abbr_TOE). The labs will be expected to comment on the likelihood of these vulnerabilities given the to comment on the likelihood of these vulnerabilities given the documentation provided by the vendor. This information will be used in documentation provided by the vendor. This information will be used in the development of penetration testing tools and for the development of the development of penetration testing tools and for the development of future protection profiles. future protection profiles. ::: {#AVA_VAN.1 .comp} ::: {#AVA_VAN.1 .comp} #### AVA\_VAN.1 Vulnerability Survey (AVA\_VAN.1) #### AVA\_VAN.1 Vulnerability Survey (AVA\_VAN.1) #### Developer action elements: #### Developer action elements: ::: {.element} ::: {.element} ::: {#AVA_VAN.1.1D .reqid} ::: {#AVA_VAN.1.1D .reqid} [AVA\_VAN.1.1D](#AVA_VAN.1.1D){.abbr} [AVA\_VAN.1.1D](#AVA_VAN.1.1D){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The developer shall provide the [TOE](#abbr_TOE) for testing. The developer shall provide the [TOE](#abbr_TOE) for testing. ::: ::: ::: ::: #### Content and presentation elements: #### Content and presentation elements: ::: {.element} ::: {.element} ::: {#AVA_VAN.1.1C .reqid} ::: {#AVA_VAN.1.1C .reqid} [AVA\_VAN.1.1C](#AVA_VAN.1.1C){.abbr} [AVA\_VAN.1.1C](#AVA_VAN.1.1C){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TOE](#abbr_TOE) shall be suitable for testing. The [TOE](#abbr_TOE) shall be suitable for testing. ::: ::: ::: ::: #### Evaluator action elements: #### Evaluator action elements: ::: {.element} ::: {.element} ::: {#AVA_VAN.1.1E .reqid} ::: {#AVA_VAN.1.1E .reqid} [AVA\_VAN.1.1E](#AVA_VAN.1.1E){.abbr} [AVA\_VAN.1.1E](#AVA_VAN.1.1E){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The evaluator shall confirm that the information provided meets all The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. requirements for content and presentation of evidence. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#AVA_VAN.1.2E .reqid} ::: {#AVA_VAN.1.2E .reqid} [AVA\_VAN.1.2E](#AVA_VAN.1.2E){.abbr} [AVA\_VAN.1.2E](#AVA_VAN.1.2E){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The evaluator shall perform a search of public domain sources to The evaluator shall perform a search of public domain sources to identify potential vulnerabilities in the [TOE](#abbr_TOE). identify potential vulnerabilities in the [TOE](#abbr_TOE). ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[Public domain sources include the [Application Note: ]{.note-header}[Public domain sources include the Common Vulnerabilities and Exposures (CVE) dictionary for publicly known Common Vulnerabilities and Exposures (CVE) dictionary for publicly known vulnerabilities.]{.note} vulnerabilities.]{.note} ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#AVA_VAN.1.3E .reqid} ::: {#AVA_VAN.1.3E .reqid} [AVA\_VAN.1.3E](#AVA_VAN.1.3E){.abbr} [AVA\_VAN.1.3E](#AVA_VAN.1.3E){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The evaluator shall conduct penetration testing, based on the identified The evaluator shall conduct penetration testing, based on the identified potential vulnerabilities, to determine that the [TOE](#abbr_TOE) is potential vulnerabilities, to determine that the [TOE](#abbr_TOE) is resistant to attacks performed by an attacker possessing Basic attack resistant to attacks performed by an attacker possessing Basic attack potential. potential. ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [AVA\_VAN.1](#AVA_VAN.1) [AVA\_VAN.1](#AVA_VAN.1) ::: ::: The evaluator will generate a report to document their findings with The evaluator will generate a report to document their findings with respect to this requirement. This report could physically be part of the respect to this requirement. This report could physically be part of the overall test report mentioned in ATE\_IND, or a separate document. The overall test report mentioned in ATE\_IND, or a separate document. The evaluator performs a search of public information to find evaluator performs a search of public information to find vulnerabilities that have been found in similar applications with a vulnerabilities that have been found in similar applications with a particular focus on network protocols the application uses and document particular focus on network protocols the application uses and document formats it parses. The evaluator documents the sources consulted and the formats it parses. The evaluator documents the sources consulted and the vulnerabilities found in the report. vulnerabilities found in the report. For each vulnerability found, the evaluator either provides a rationale For each vulnerability found, the evaluator either provides a rationale with respect to its non-applicability, or the evaluator formulates a with respect to its non-applicability, or the evaluator formulates a test (using the guidelines provided in ATE\_IND) to confirm the test (using the guidelines provided in ATE\_IND) to confirm the vulnerability, if suitable. Suitability is determined by assessing the vulnerability, if suitable. Suitability is determined by assessing the attack vector needed to take advantage of the vulnerability. If attack vector needed to take advantage of the vulnerability. If exploiting the vulnerability requires expert skills and an electron exploiting the vulnerability requires expert skills and an electron microscope, for instance, then a test would not be suitable and an microscope, for instance, then a test would not be suitable and an appropriate justification would be formulated. appropriate justification would be formulated. ::: ::: ::: ::: ::: ::: Appendix A - Optional Requirements {#opt-app .indexable data-level="A"} Appendix A - Optional Requirements {#opt-app .indexable data-level="A"} ================================== ================================== As indicated in the introduction to this [PP](#abbr_PP), the baseline As indicated in the introduction to this [PP](#abbr_PP), the baseline requirements (those that must be performed by the [TOE](#abbr_TOE)) are requirements (those that must be performed by the [TOE](#abbr_TOE)) are contained in the body of this [PP](#abbr_PP). This appendix contains contained in the body of this [PP](#abbr_PP). This appendix contains three other types of optional requirements that may be included in the three other types of optional requirements that may be included in the [ST](#abbr_ST), but are not required in order to conform to this [ST](#abbr_ST), but are not required in order to conform to this [PP](#abbr_PP). However, applied modules, packages and/or use cases may [PP](#abbr_PP). However, applied modules, packages and/or use cases may refine specific requirements as mandatory.\ refine specific requirements as mandatory.\ \ \ The first type ([A.1 Strictly Optional The first type ([A.1 Strictly Optional Requirements](#optional-reqs){.dynref}) are strictly optional Requirements](#optional-reqs){.dynref}) are strictly optional requirements that are independent of the [TOE](#abbr_TOE) implementing requirements that are independent of the [TOE](#abbr_TOE) implementing any function. If the [TOE](#abbr_TOE) fulfills any of these requirements any function. If the [TOE](#abbr_TOE) fulfills any of these requirements or supports a certain functionality, the vendor is encouraged to include or supports a certain functionality, the vendor is encouraged to include the SFRs in the [ST](#abbr_ST), but are not required in order to conform the SFRs in the [ST](#abbr_ST), but are not required in order to conform to this [PP](#abbr_PP).\ to this [PP](#abbr_PP).\ \ \ The second type ([A.2 Objective Requirements](#objective-reqs){.dynref}) The second type ([A.2 Objective Requirements](#objective-reqs){.dynref}) are objective requirements that describe security functionality not yet are objective requirements that describe security functionality not yet widely available in commercial technology. The requirements are not widely available in commercial technology. The requirements are not currently mandated in the body of this [PP](#abbr_PP), but will be currently mandated in the body of this [PP](#abbr_PP), but will be included in the baseline requirements in future versions of this included in the baseline requirements in future versions of this [PP](#abbr_PP). Adoption by vendors is encouraged and expected as soon [PP](#abbr_PP). Adoption by vendors is encouraged and expected as soon as possible.\ as possible.\ \ \ The third type ([A.3 Implementation-Based The third type ([A.3 Implementation-Based Requirements](#feat-based-reqs){.dynref}) are dependent on the Requirements](#feat-based-reqs){.dynref}) are dependent on the [TOE](#abbr_TOE) implementing a particular function. If the [TOE](#abbr_TOE) implementing a particular function. If the [TOE](#abbr_TOE) fulfills any of these requirements, the vendor must [TOE](#abbr_TOE) fulfills any of these requirements, the vendor must either add the related [SFR](#abbr_SFR) or disable the functionality for either add the related [SFR](#abbr_SFR) or disable the functionality for the evaluated configuration. the evaluated configuration. A.1 Strictly Optional Requirements {#optional-reqs .indexable data-level="2"} A.1 Strictly Optional Requirements {#optional-reqs .indexable data-level="2"} ---------------------------------- ---------------------------------- ### A.1.1 Auditable Events for Strictly Optional Requirements {#optional-reqs-audit . ### A.1.1 Auditable Events for Strictly Optional Requirements {#optional-reqs-audit . ----------------------------------------------------------------------------------- ----------------------------------------------------------------------------------- Requirement Auditable Events Addition Requirement Auditable Events Addition ----------------------------------- -------------------------------------- -------- ----------------------------------- -------------------------------------- -------- [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5) No events specified. N/A [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5) No events specified. N/A [FCS\_ENT\_EXT.1](#FCS_ENT_EXT.1) No events specified. N/A [FCS\_ENT\_EXT.1](#FCS_ENT_EXT.1) No events specified. N/A [FCS\_SLT\_EXT.1](#FCS_SLT_EXT.1) No events specified. N/A [FCS\_SLT\_EXT.1](#FCS_SLT_EXT.1) No events specified. N/A [FCS\_STG\_EXT.1](#FCS_STG_EXT.1) No events specified. N/A [FCS\_STG\_EXT.1](#FCS_STG_EXT.1) No events specified. N/A [FDP\_TEE\_EXT.1](#FDP_TEE_EXT.1) No events specified. N/A [FDP\_TEE\_EXT.1](#FDP_TEE_EXT.1) No events specified. N/A [FIA\_TRT\_EXT.1](#FIA_TRT_EXT.1) Authentication throttling triggered. None.\ [FIA\_TRT\_EXT.1](#FIA_TRT_EXT.1) Authentication throttling triggered. None.\ ----------------------------------------------------------------------------------- ----------------------------------------------------------------------------------- : [Table [5]{.counter}]{#t-audit-optional .ctr : [Table [5]{.counter}]{#t-audit-optional .ctr data-myid="t-audit-optional" data-counter-type="ct-Table"}: Auditable data-myid="t-audit-optional" data-counter-type="ct-Table"}: Auditable Events for Optional Requirements Events for Optional Requirements ### A.1.2 Class: Cryptographic Support (FCS) {#fcs-optional .indexable data-level="3" ### A.1.2 Class: Cryptographic Support (FCS) {#fcs-optional .indexable data-level="3" ::: {#FCS_CKM_EXT.5 .comp} ::: {#FCS_CKM_EXT.5 .comp} #### FCS\_CKM\_EXT.5 Cryptographic Key Derivation #### FCS\_CKM\_EXT.5 Cryptographic Key Derivation ::: {.element} ::: {.element} ::: {#FCS_CKM_EXT.5.1 .reqid} ::: {#FCS_CKM_EXT.5.1 .reqid} [FCS\_CKM\_EXT.5.1](#FCS_CKM_EXT.5.1){.abbr} [FCS\_CKM\_EXT.5.1](#FCS_CKM_EXT.5.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall derive cryptographic keys of type The [TSF](#abbr_TSF) shall derive cryptographic keys of type \[**assignment**: [key type]{.assignable-content}\] from input \[**assignment**: [key type]{.assignable-content}\] from input parameters \[**selection**: [Input parameters]{.selection-content}\] in parameters \[**selection**: [Input parameters]{.selection-content}\] in accordance with a specified key derivation algorithm \[**selection**: accordance with a specified key derivation algorithm \[**selection**: [Key derivation algorithm]{.selection-content}\] and specified [Key derivation algorithm]{.selection-content}\] and specified cryptographic key sizes \[**selection**: [Cryptographic key cryptographic key sizes \[**selection**: [Cryptographic key sizes]{.selection-content}\] that meet the following: \[**selection**: sizes]{.selection-content}\] that meet the following: \[**selection**: [List of standards]{.selection-content}\] [List of standards]{.selection-content}\] ----------------------------------------------------------------------------------- ----------------------------------------------------------------------------------- Identifier Input parameters Key derivation algor Identifier Input parameters Key derivation algor ------------------------ ------------------------------------- -------------------- ------------------------ ------------------------------------- -------------------- [KDF](#abbr_KDF)-CTR \[**selection**: *Direct Generation [KDF](#abbr_KDF) in [KDF](#abbr_KDF)-CTR \[**selection**: *Direct Generation [KDF](#abbr_KDF) in from a Random Bit Generator as *[CMAC](#abbr_CMAC)- from a Random Bit Generator as *[CMAC](#abbr_CMAC)- specified in *[CMAC](#abbr_CMAC)- specified in *[CMAC](#abbr_CMAC)- [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1)*, *[HMAC](#abbr_HMAC)- [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1)*, *[HMAC](#abbr_HMAC)- *Concatenated keys*\] PRF *Concatenated keys*\] PRF [KDF](#abbr_KDF)-FB \[**selection**: *Direct Generation [KDF](#abbr_KDF) in [KDF](#abbr_KDF)-FB \[**selection**: *Direct Generation [KDF](#abbr_KDF) in from a Random Bit Generator as *[CMAC](#abbr_CMAC)- from a Random Bit Generator as *[CMAC](#abbr_CMAC)- specified in *[CMAC](#abbr_CMAC)- specified in *[CMAC](#abbr_CMAC)- [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1)*, *[HMAC](#abbr_HMAC)- [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1)*, *[HMAC](#abbr_HMAC)- *Concatenated keys*\] PRF *Concatenated keys*\] PRF [KDF](#abbr_KDF)-DPI \[**selection**: *Direct Generation [KDF](#abbr_KDF) in [KDF](#abbr_KDF)-DPI \[**selection**: *Direct Generation [KDF](#abbr_KDF) in from a Random Bit Generator as \[**selection**: *[C from a Random Bit Generator as \[**selection**: *[C specified in *[CMAC](#abbr_CMAC)- specified in *[CMAC](#abbr_CMAC)- [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1)*, *[HMAC](#abbr_HMAC)- [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1)*, *[HMAC](#abbr_HMAC)- *Concatenated keys*\] *[HMAC](#abbr_HMAC)- *Concatenated keys*\] *[HMAC](#abbr_HMAC)- [KDF](#abbr_KDF)-XOR Intermediary keys \[**selection**: *ex [KDF](#abbr_KDF)-XOR Intermediary keys \[**selection**: *ex *[SHA](#abbr_SHA)-25 *[SHA](#abbr_SHA)-25 [KDF](#abbr_KDF)-ENC Two keys Encryption using \[* [KDF](#abbr_KDF)-ENC Two keys Encryption using \[* *[AES](#abbr_AES)-GC *[AES](#abbr_AES)-GC *[AES](#abbr_AES)-KW *[AES](#abbr_AES)-KW [KDF](#abbr_KDF)-HASH Shared secret, salt, output length, \[**assignment**: [H [KDF](#abbr_KDF)-HASH Shared secret, salt, output length, \[**assignment**: [H fixed information [FCS\_COP.1/Hash](#F fixed information [FCS\_COP.1/Hash](#F [KDF](#abbr_KDF)-MAC Shared secret, salt, IV, output \[**assignment**: [k [KDF](#abbr_KDF)-MAC Shared secret, salt, IV, output \[**assignment**: [k length, fixed information [FCS\_COP.1/KeyedHas length, fixed information [FCS\_COP.1/KeyedHas [KDF](#abbr_KDF)-PBKDF Password, salt, iteration count \[**selection**: *[H [KDF](#abbr_KDF)-PBKDF Password, salt, iteration count \[**selection**: *[H *[HMAC](#abbr_HMAC)- *[HMAC](#abbr_HMAC)- *[HMAC](#abbr_HMAC)- *[HMAC](#abbr_HMAC)- *[HMAC](#abbr_HMAC)- *[HMAC](#abbr_HMAC)- *[HMAC](#abbr_HMAC)- *[HMAC](#abbr_HMAC)- *[HMAC](#abbr_HMAC)- *[HMAC](#abbr_HMAC)- ----------------------------------------------------------------------------------- ----------------------------------------------------------------------------------- : [Table [6]{.counter}]{#fcs-ckm-keydrv-sels .ctr : [Table [6]{.counter}]{#fcs-ckm-keydrv-sels .ctr data-myid="fcs-ckm-keydrv-sels" data-counter-type="ct-Table"}: Choices data-myid="fcs-ckm-keydrv-sels" data-counter-type="ct-Table"}: Choices for completion of the assignment operations in for completion of the assignment operations in [FCS\_CKM\_EXT.5.1](#FCS_CKM_EXT.5.1) [FCS\_CKM\_EXT.5.1](#FCS_CKM_EXT.5.1) ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ The \"key type\" assignment should [Application Note: ]{.note-header}[ The \"key type\" assignment should indicate the type type of key being derived, e.g. \"*symmetric*,\" indicate the type type of key being derived, e.g. \"*symmetric*,\" \"*asymmetric*,\" or \"*[HMAC](#abbr_HMAC)*.\"]{.note} \"*asymmetric*,\" or \"*[HMAC](#abbr_HMAC)*.\"]{.note} This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if key This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if key derivation is a service provided by the [TOE](#abbr_TOE) to tenant derivation is a service provided by the [TOE](#abbr_TOE) to tenant software, or if it is used by the [TOE](#abbr_TOE) itself to support or software, or if it is used by the [TOE](#abbr_TOE) itself to support or implement [PP](#abbr_PP)-specified security functionality. implement [PP](#abbr_PP)-specified security functionality. If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then [FCS\_CKM.4](#FCS_CKM.4) must also be claimed. [FCS\_CKM.4](#FCS_CKM.4) must also be claimed. If \"*[KDF](#abbr_KDF)-XOR*\" and at least one of the [SHA](#abbr_SHA) If \"*[KDF](#abbr_KDF)-XOR*\" and at least one of the [SHA](#abbr_SHA) hashes is selected, then [FCS\_COP.1/Hash](#FCS_COP.1/Hash) must be hashes is selected, then [FCS\_COP.1/Hash](#FCS_COP.1/Hash) must be claimed. claimed. If \"*[KDF](#abbr_KDF)-HASH*\" or \"*[KDF](#abbr_KDF)-MAC*\" is If \"*[KDF](#abbr_KDF)-HASH*\" or \"*[KDF](#abbr_KDF)-MAC*\" is selected, then [FCS\_COP.1/Hash](#FCS_COP.1/Hash) must be claimed. selected, then [FCS\_COP.1/Hash](#FCS_COP.1/Hash) must be claimed. If \"*[KDF](#abbr_KDF)-MAC*\" is selected, then If \"*[KDF](#abbr_KDF)-MAC*\" is selected, then [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) must be claimed. [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) must be claimed. If \"*[KDF](#abbr_KDF)-PBKDF*\" is selected, then If \"*[KDF](#abbr_KDF)-PBKDF*\" is selected, then [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) must be claimed. [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) must be claimed. If \"*[KDF](#abbr_KDF)-CTR*,\" \"*[KDF](#abbr_KDF)-FB*,\" or If \"*[KDF](#abbr_KDF)-CTR*,\" \"*[KDF](#abbr_KDF)-FB*,\" or \"*[KDF](#abbr_KDF)-DPI*\" is selected, then \"*[KDF](#abbr_KDF)-DPI*\" is selected, then [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) must be claimed. [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) must be claimed. If \"*[KDF](#abbr_KDF)-CTR*,\" \"*[KDF](#abbr_KDF)-FB*,\" or If \"*[KDF](#abbr_KDF)-CTR*,\" \"*[KDF](#abbr_KDF)-FB*,\" or \"*[KDF](#abbr_KDF)-DPI*\" is selected, and [HMAC](#abbr_HMAC) is \"*[KDF](#abbr_KDF)-DPI*\" is selected, and [HMAC](#abbr_HMAC) is selected as part of the key derivation algorithm, then selected as part of the key derivation algorithm, then [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) must be claimed. [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) must be claimed. For Authorization Factor Submasks, the key size to be used in the For Authorization Factor Submasks, the key size to be used in the [HMAC](#abbr_HMAC) falls into a range between L1 and L2 defined in [HMAC](#abbr_HMAC) falls into a range between L1 and L2 defined in [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 10118 for the appropriate hash [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 10118 for the appropriate hash function (for example for [SHA](#abbr_SHA)-256 L1 = 512, L2 = 256) where function (for example for [SHA](#abbr_SHA)-256 L1 = 512, L2 = 256) where L2 \<= k \<= L1. L2 \<= k \<= L1. [NIST](#abbr_NIST) SP 800-131A Rev 1 allows the use of [NIST](#abbr_NIST) SP 800-131A Rev 1 allows the use of [SHA](#abbr_SHA)-1 in these use cases. [SHA](#abbr_SHA)-1 in these use cases. [KDF](#abbr_KDF)-ENC and [KDF](#abbr_KDF)-XOR create an "inverted key [KDF](#abbr_KDF)-ENC and [KDF](#abbr_KDF)-XOR create an "inverted key hierarchy" in which the [TSF](#abbr_TSF) will combine two or more keys hierarchy" in which the [TSF](#abbr_TSF) will combine two or more keys to create a third key. These same KDFs may also use a submask key as to create a third key. These same KDFs may also use a submask key as input, which could be an authorization factor or derived from a input, which could be an authorization factor or derived from a [PBKDF](#abbr_PBKDF). In these cases the [ST](#abbr_ST) Author must [PBKDF](#abbr_PBKDF). In these cases the [ST](#abbr_ST) Author must explicitly declare this option and should present a reasonable argument explicitly declare this option and should present a reasonable argument that the entropy of the inputs to the KDFs will result in full entropy that the entropy of the inputs to the KDFs will result in full entropy of the expected output. of the expected output. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5) [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall check that the [TSS](#abbr_TSS) includes a The evaluator shall check that the [TSS](#abbr_TSS) includes a description of the key derivation functions and shall check that this description of the key derivation functions and shall check that this uses a key derivation algorithm and key sizes according to the uses a key derivation algorithm and key sizes according to the specification selected in [Table specification selected in [Table [6]{.counter}](#fcs-ckm-keydrv-sels){.fcs-ckm-keydrv-sels-ref}. The [6]{.counter}](#fcs-ckm-keydrv-sels){.fcs-ckm-keydrv-sels-ref}. The evaluator shall confirm that the [TSS](#abbr_TSS) supports the selected evaluator shall confirm that the [TSS](#abbr_TSS) supports the selected methods. methods. If key combination is used to form a KEK, the evaluator shall verify If key combination is used to form a KEK, the evaluator shall verify that the [TSS](#abbr_TSS) describes the method of combination and that that the [TSS](#abbr_TSS) describes the method of combination and that this method is either an [XOR](#abbr_XOR), a [KDF](#abbr_KDF), or this method is either an [XOR](#abbr_XOR), a [KDF](#abbr_KDF), or encryption. encryption. If a [KDF](#abbr_KDF) is used to form a KEK, the evaluator shall ensure If a [KDF](#abbr_KDF) is used to form a KEK, the evaluator shall ensure that the [TSS](#abbr_TSS) includes a description of the key derivation that the [TSS](#abbr_TSS) includes a description of the key derivation function and shall verify the key derivation uses an approved derivation function and shall verify the key derivation uses an approved derivation mode and key expansion algorithm according to SP 800-108. mode and key expansion algorithm according to SP 800-108. If key concatenation is used to derive KEKs, the evaluator shall ensure If key concatenation is used to derive KEKs, the evaluator shall ensure the [TSS](#abbr_TSS) includes a description of the randomness extraction the [TSS](#abbr_TSS) includes a description of the randomness extraction step, including the following: step, including the following: - The description must include how an approved untruncated - The description must include how an approved untruncated [MAC](#abbr_MAC) function is being used for the randomness [MAC](#abbr_MAC) function is being used for the randomness extraction step and the evaluator must verify the [TSS](#abbr_TSS) extraction step and the evaluator must verify the [TSS](#abbr_TSS) describes that the output length (in bits) of the [MAC](#abbr_MAC) describes that the output length (in bits) of the [MAC](#abbr_MAC) function is at least as large as the targeted security strength (in function is at least as large as the targeted security strength (in bits) of the parameter set employed by the key establishment scheme bits) of the parameter set employed by the key establishment scheme (see Tables 1-3 of SP 800-56C). (see Tables 1-3 of SP 800-56C). - The description must include how the [MAC](#abbr_MAC) function being - The description must include how the [MAC](#abbr_MAC) function being used for the randomness extraction step is related to the PRF used used for the randomness extraction step is related to the PRF used in the key expansion and verify the [TSS](#abbr_TSS) description in the key expansion and verify the [TSS](#abbr_TSS) description includes the correct [MAC](#abbr_MAC) function: includes the correct [MAC](#abbr_MAC) function: - If an [HMAC](#abbr_HMAC)-hash is used in the randomness - If an [HMAC](#abbr_HMAC)-hash is used in the randomness extraction step, then the same [HMAC](#abbr_HMAC)-hash (with the extraction step, then the same [HMAC](#abbr_HMAC)-hash (with the same hash function hash) is used as the PRF in the key expansion same hash function hash) is used as the PRF in the key expansion step. step. - If an [AES](#abbr_AES)-CMAC (with key length 128, 192, or 256 - If an [AES](#abbr_AES)-CMAC (with key length 128, 192, or 256 bits) is used in the randomness extraction step, then bits) is used in the randomness extraction step, then [AES](#abbr_AES)-CMAC with a 128-bit key is used as the PRF in [AES](#abbr_AES)-CMAC with a 128-bit key is used as the PRF in the key expansion step. the key expansion step. - The description must include the lengths of the salt values being - The description must include the lengths of the salt values being used in the randomness extraction step and the evaluator shall used in the randomness extraction step and the evaluator shall verify the [TSS](#abbr_TSS) description includes correct salt verify the [TSS](#abbr_TSS) description includes correct salt lengths: lengths: - If an [HMAC](#abbr_HMAC)-hash is being used as the - If an [HMAC](#abbr_HMAC)-hash is being used as the [MAC](#abbr_MAC), the salt length can be any value up to the [MAC](#abbr_MAC), the salt length can be any value up to the maximum bit length permitted for input to the hash function maximum bit length permitted for input to the hash function hash. hash. - If an [AES](#abbr_AES)-CMAC is being used as the - If an [AES](#abbr_AES)-CMAC is being used as the [MAC](#abbr_MAC), the salt length shall be the same length as [MAC](#abbr_MAC), the salt length shall be the same length as the [AES](#abbr_AES) key (i.e. 128, 192, or 256 bits). the [AES](#abbr_AES) key (i.e. 128, 192, or 256 bits). ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall verify that the AGD instructs the administrator how The evaluator shall verify that the AGD instructs the administrator how to configure the [TOE](#abbr_TOE) to use the selected key types for all to configure the [TOE](#abbr_TOE) to use the selected key types for all uses identified in the [ST](#abbr_ST). uses identified in the [ST](#abbr_ST). ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: The evaluator shall examine the KMD to ensure that: The evaluator shall examine the KMD to ensure that: - The KMD describes the complete key derivation chain and the - The KMD describes the complete key derivation chain and the description must be consistent with the description in the description must be consistent with the description in the [TSS](#abbr_TSS). For all key derivations the [TOE](#abbr_TOE) must [TSS](#abbr_TSS). For all key derivations the [TOE](#abbr_TOE) must use a method as described in the [PP](#abbr_PP) table. There should use a method as described in the [PP](#abbr_PP) table. There should be no uncertainty about how a key is derived from another in the be no uncertainty about how a key is derived from another in the chain. chain. - The length of the key derivation key is defined by the PRF. The - The length of the key derivation key is defined by the PRF. The evaluator should check whether the key derivation key length is evaluator should check whether the key derivation key length is consistent with the length provided by the selected PRF. consistent with the length provided by the selected PRF. - If a key is used as an input to several KDFs, each invocation must - If a key is used as an input to several KDFs, each invocation must use a distinct context string. If the output of a [KDF](#abbr_KDF) use a distinct context string. If the output of a [KDF](#abbr_KDF) execution is used for multiple cryptographic keys, those keys must execution is used for multiple cryptographic keys, those keys must be disjoint segments of the output. be disjoint segments of the output. - If keys are combined, the [ST](#abbr_ST) Author shall describe which - If keys are combined, the [ST](#abbr_ST) Author shall describe which method of combination is used in order to justify that the effective method of combination is used in order to justify that the effective entropy of each factor is preserved. entropy of each factor is preserved. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The following tests require the developer to provide access to a test The following tests require the developer to provide access to a test platform that provides the evaluator with tools that are typically not platform that provides the evaluator with tools that are typically not found on factory products. found on factory products. The evaluator shall perform one or more of the following tests to verify The evaluator shall perform one or more of the following tests to verify the correctness of the key derivation function, depending on the the correctness of the key derivation function, depending on the specific functions that are supported: specific functions that are supported: Preconditions for testing: Preconditions for testing: - Specification of input parameter to the key derivation function to - Specification of input parameter to the key derivation function to be tested be tested - Specification of further required input parameters - Specification of further required input parameters - Access to derived keys - Access to derived keys The following table maps the data fields in the tests below to the The following table maps the data fields in the tests below to the notations used in SP 800-108 and SP 800-56C notations used in SP 800-108 and SP 800-56C Data Fields Data Fields ::: ::: ::: ::: ::: ::: Notations Notations SP 800-108 SP 800-108 SP 800-56C SP 800-56C Pseudorandom function Pseudorandom function PRF PRF PRF PRF Counter length Counter length r r r r Length of output of PRF Length of output of PRF r r r r Length of derived keying material Length of derived keying material L L L L Length of input values Length of input values I\_length I\_length I\_length I\_length Pseudorandom input values I Pseudorandom input values I K1 (key derivation key) K1 (key derivation key) Z (shared secret) Z (shared secret) Pseudorandom salt values Pseudorandom salt values S S Randomness extraction [MAC](#abbr_MAC) Randomness extraction [MAC](#abbr_MAC) n/a n/a [MAC](#abbr_MAC) [MAC](#abbr_MAC) The below tests are derived from Key Derivation using Pseudorandom The below tests are derived from Key Derivation using Pseudorandom Functions (SP 800-108) Validation System (KBKDFVS), Updated 4 January Functions (SP 800-108) Validation System (KBKDFVS), Updated 4 January 2016, Section 6.2, from the National Institute of Standards and 2016, Section 6.2, from the National Institute of Standards and Technology. Technology. **[KDF](#abbr_KDF)-CTR: Counter Mode Tests:** **[KDF](#abbr_KDF)-CTR: Counter Mode Tests:** The evaluator shall determine the following characteristics of the key The evaluator shall determine the following characteristics of the key derivation function: derivation function: - One or more pseudorandom functions that are supported by the - One or more pseudorandom functions that are supported by the implementation (PRF). implementation (PRF). - One or more of the values {8, 16, 24, 32} that equal the length of - One or more of the values {8, 16, 24, 32} that equal the length of the binary representation of the counter (r). the binary representation of the counter (r). - The length (in bits) of the output of the PRF (h). - The length (in bits) of the output of the PRF (h). - Minimum and maximum values for the length (in bits) of the derived - Minimum and maximum values for the length (in bits) of the derived keying material (L). These values can be equal if only one value of keying material (L). These values can be equal if only one value of L is supported. These must be evenly divisible by h. L is supported. These must be evenly divisible by h. - Up to two values of L that are NOT evenly divisible by h. - Up to two values of L that are NOT evenly divisible by h. - Location of the counter relative to fixed input data: before, after, - Location of the counter relative to fixed input data: before, after, or in the middle. or in the middle. - Counter before fixed input data: fixed input data string length - Counter before fixed input data: fixed input data string length (in bytes), fixed input data string value. (in bytes), fixed input data string value. - Counter after fixed input data: fixed input data string length - Counter after fixed input data: fixed input data string length (in bytes), fixed input data string value. (in bytes), fixed input data string value. - Counter in the middle of fixed input data: length of data before - Counter in the middle of fixed input data: length of data before counter (in bytes), length of data after counter (in bytes), counter (in bytes), length of data after counter (in bytes), value of string input before counter, value of string input value of string input before counter, value of string input after counter. after counter. - The length (I\_length) of the input values I. - The length (I\_length) of the input values I. For each supported combination of I\_length, [MAC](#abbr_MAC), salt, For each supported combination of I\_length, [MAC](#abbr_MAC), salt, PRF, counter location, value of r, and value of L, the evaluator shall PRF, counter location, value of r, and value of L, the evaluator shall generate 10 test vectors that include pseudorandom input values I, and generate 10 test vectors that include pseudorandom input values I, and pseudorandom salt values. If there is only one value of L that is evenly pseudorandom salt values. If there is only one value of L that is evenly divisible by h, the evaluator shall generate 20 test vectors for it. For divisible by h, the evaluator shall generate 20 test vectors for it. For each test vector, the evaluator shall supply this data to the each test vector, the evaluator shall supply this data to the [TOE](#abbr_TOE) in order to produce the keying material output. [TOE](#abbr_TOE) in order to produce the keying material output. The results from each test may either be obtained by the evaluator The results from each test may either be obtained by the evaluator directly or by supplying the inputs to the implementer and receiving the directly or by supplying the inputs to the implementer and receiving the results in response. To determine correctness, the evaluator shall results in response. To determine correctness, the evaluator shall compare the resulting values to those obtained by submitting the same compare the resulting values to those obtained by submitting the same inputs to a known good implementation. inputs to a known good implementation. **[KDF](#abbr_KDF)-FB: Feedback Mode Tests:** **[KDF](#abbr_KDF)-FB: Feedback Mode Tests:** The evaluator shall determine the following characteristics of the key The evaluator shall determine the following characteristics of the key derivation function: derivation function: - One or more pseudorandom functions that are supported by the - One or more pseudorandom functions that are supported by the implementation (PRF). implementation (PRF). - The length (in bits) of the output of the PRF (h). - The length (in bits) of the output of the PRF (h). - Minimum and maximum values for the length (in bits) of the derived - Minimum and maximum values for the length (in bits) of the derived keying material (L). These values can be equal if only one value of keying material (L). These values can be equal if only one value of L is supported. These must be evenly divisible by h. L is supported. These must be evenly divisible by h. - Up to two values of L that are NOT evenly divisible by h. - Up to two values of L that are NOT evenly divisible by h. - Whether or not zero-length IVs are supported. - Whether or not zero-length IVs are supported. - Whether or not a counter is used, and if so: - Whether or not a counter is used, and if so: - One or more of the values {8, 16, 24, 32} that equal the length - One or more of the values {8, 16, 24, 32} that equal the length of the binary representation of the counter (r). of the binary representation of the counter (r). - Location of the counter relative to fixed input data: before, - Location of the counter relative to fixed input data: before, after, or in the middle. after, or in the middle. - Counter before fixed input data: fixed input data string - Counter before fixed input data: fixed input data string length (in bytes), fixed input data string value. length (in bytes), fixed input data string value. - Counter after fixed input data: fixed input data string - Counter after fixed input data: fixed input data string length (in bytes), fixed input data string value. length (in bytes), fixed input data string value. - Counter in the middle of fixed input data: length of data - Counter in the middle of fixed input data: length of data before counter (in bytes), length of data after counter (in before counter (in bytes), length of data after counter (in bytes), value of string input before counter, value of bytes), value of string input before counter, value of string input after counter. string input after counter. - The length (I\_length) of the input values L. - The length (I\_length) of the input values L. For each supported combination of I\_length, [MAC](#abbr_MAC), salt, For each supported combination of I\_length, [MAC](#abbr_MAC), salt, PRF, counter location (if a counter is used), value of r (if a counter PRF, counter location (if a counter is used), value of r (if a counter is used), and value of L, the evaluator shall generate 10 test vectors is used), and value of L, the evaluator shall generate 10 test vectors that include pseudorandom input values I and pseudorandom salt values. that include pseudorandom input values I and pseudorandom salt values. If the [KDF](#abbr_KDF) supports zero-length IVs, five of these test If the [KDF](#abbr_KDF) supports zero-length IVs, five of these test vectors will be accompanied by pseudorandom IVs and the other five will vectors will be accompanied by pseudorandom IVs and the other five will use zero-length IVs. If zero-length IVs are not supported, each test use zero-length IVs. If zero-length IVs are not supported, each test vector will be accompanied by an pseudorandom IV. If there is only one vector will be accompanied by an pseudorandom IV. If there is only one value of L that is evenly divisible by h, the evaluator shall generate value of L that is evenly divisible by h, the evaluator shall generate 20 test vectors for it. 20 test vectors for it. For each test vector, the evaluator shall supply this data to the For each test vector, the evaluator shall supply this data to the [TOE](#abbr_TOE) in order to produce the keying material output. The [TOE](#abbr_TOE) in order to produce the keying material output. The results from each test may either be obtained by the evaluator directly results from each test may either be obtained by the evaluator directly or by supplying the inputs to the implementer and receiving the results or by supplying the inputs to the implementer and receiving the results in response. To determine correctness, the evaluator shall compare the in response. To determine correctness, the evaluator shall compare the resulting values to those obtained by submitting the same inputs to a resulting values to those obtained by submitting the same inputs to a known good implementation. known good implementation. **[KDF](#abbr_KDF)-DPI: Double Pipeline Iteration Mode Tests:** **[KDF](#abbr_KDF)-DPI: Double Pipeline Iteration Mode Tests:** The evaluator shall determine the following characteristics of the key The evaluator shall determine the following characteristics of the key derivation function: derivation function: - One or more pseudorandom functions that are supported by the - One or more pseudorandom functions that are supported by the implementation (PRF). implementation (PRF). - The length (in bits) of the output of the PRF (h). - The length (in bits) of the output of the PRF (h). - Minimum and maximum values for the length (in bits) of the derived - Minimum and maximum values for the length (in bits) of the derived keying material (L). These values can be equal if only one value of keying material (L). These values can be equal if only one value of L is supported. These must be evenly divisible by h. L is supported. These must be evenly divisible by h. - Up to two values of L that are NOT evenly divisible by h. - Up to two values of L that are NOT evenly divisible by h. - Whether or not a counter is used, and if so: - Whether or not a counter is used, and if so: - One or more of the values {8, 16, 24, 32} that equal the length - One or more of the values {8, 16, 24, 32} that equal the length of the binary representation of the counter (r). of the binary representation of the counter (r). - Location of the counter relative to fixed input data: before, - Location of the counter relative to fixed input data: before, after, or in the middle. after, or in the middle. - Counter before fixed input data: fixed input data string - Counter before fixed input data: fixed input data string length (in bytes), fixed input data string value. length (in bytes), fixed input data string value. - Counter after fixed input data: fixed input data string - Counter after fixed input data: fixed input data string length (in bytes), fixed input data string value. length (in bytes), fixed input data string value. - Counter in the middle of fixed input data: length of data - Counter in the middle of fixed input data: length of data before counter (in bytes), length of data after counter (in before counter (in bytes), length of data after counter (in bytes), value of string input before counter, value of bytes), value of string input before counter, value of string input after counter. string input after counter. - The length (I\_length) of the input values I. - The length (I\_length) of the input values I. For each supported combination of I\_length, [MAC](#abbr_MAC), salt, For each supported combination of I\_length, [MAC](#abbr_MAC), salt, PRF, counter location (if a counter is used), value of r (if a counter PRF, counter location (if a counter is used), value of r (if a counter is used), and value of L, the evaluator shall generate 10 test vectors is used), and value of L, the evaluator shall generate 10 test vectors that include pseudorandom input values I, and pseudorandom salt values. that include pseudorandom input values I, and pseudorandom salt values. If there is only one value of L that is evenly divisible by h, the If there is only one value of L that is evenly divisible by h, the evaluator shall generate 20 test vectors for it. evaluator shall generate 20 test vectors for it. For each test vector, the evaluator shall supply this data to the For each test vector, the evaluator shall supply this data to the [TOE](#abbr_TOE) in order to produce the keying material output. The [TOE](#abbr_TOE) in order to produce the keying material output. The results from each test may either be obtained by the evaluator directly results from each test may either be obtained by the evaluator directly or by supplying the inputs to the implementer and receiving the results or by supplying the inputs to the implementer and receiving the results in response. To determine correctness, the evaluator shall compare the in response. To determine correctness, the evaluator shall compare the resulting values to those obtained by submitting the same inputs to a resulting values to those obtained by submitting the same inputs to a known good implementation. known good implementation. **[KDF](#abbr_KDF)-XOR: Intermediate Keys Method** **[KDF](#abbr_KDF)-XOR: Intermediate Keys Method** If the selected algorithm is a hash, then the testing of the hash If the selected algorithm is a hash, then the testing of the hash primitive is the only required Evaluation Activity. If the selected primitive is the only required Evaluation Activity. If the selected algorithm is [XOR](#abbr_XOR), then no separate primitive testing is algorithm is [XOR](#abbr_XOR), then no separate primitive testing is necessary. necessary. **[KDF](#abbr_KDF)-ENC: Two Keys Method** **[KDF](#abbr_KDF)-ENC: Two Keys Method** The evaluator should confirm that the combined length of the two keys The evaluator should confirm that the combined length of the two keys should be at least as long as the key size of the selected methods. should be at least as long as the key size of the selected methods. There are no other tests other than for the methods selected for this There are no other tests other than for the methods selected for this row from FCD\_COP.1/[SK](#abbr_SK). row from FCD\_COP.1/[SK](#abbr_SK). **[KDF](#abbr_KDF)-HASH: Shared Secret, Salt, Output Length, Fixed **[KDF](#abbr_KDF)-HASH: Shared Secret, Salt, Output Length, Fixed Information Method** Information Method** For each supported selection of PRF, length of shared secret (Z) For each supported selection of PRF, length of shared secret (Z) \[selection: 128, 256\] bits, length of salt (S) \[selection: length of \[selection: 128, 256\] bits, length of salt (S) \[selection: length of input block of PRF, one-half length of input block of PRF, 0\] bits, input block of PRF, one-half length of input block of PRF, 0\] bits, output length (L) \[selection: 128, 256\] bits, and length of fixed output length (L) \[selection: 128, 256\] bits, and length of fixed information (FixedInfo) \[selection: length of input block of PRF, information (FixedInfo) \[selection: length of input block of PRF, one-half length of input block of PRF, 0\] bits, the evaluator shall one-half length of input block of PRF, 0\] bits, the evaluator shall generate 10 test vectors that include pseudorandom input values for Z, generate 10 test vectors that include pseudorandom input values for Z, salt values (for non-zero lengths, otherwise, omit) and fixed salt values (for non-zero lengths, otherwise, omit) and fixed information (for non-zero lengths, otherwise, omit). information (for non-zero lengths, otherwise, omit). For each test vector, the evaluator shall supply this data to the For each test vector, the evaluator shall supply this data to the [TOE](#abbr_TOE) in order to produce the keying material output. The [TOE](#abbr_TOE) in order to produce the keying material output. The results from each test may either be obtained by the evaluator directly results from each test may either be obtained by the evaluator directly or by supplying the inputs to the implementer and receiving the results or by supplying the inputs to the implementer and receiving the results in response. To determine correctness, the evaluator shall compare the in response. To determine correctness, the evaluator shall compare the resulting values to those obtained by submitting the same inputs to a resulting values to those obtained by submitting the same inputs to a known good implementation. known good implementation. **[KDF](#abbr_KDF)-MAC: Shared Secret, Salt, IV, Output Length, Fixed **[KDF](#abbr_KDF)-MAC: Shared Secret, Salt, IV, Output Length, Fixed Information Method** Information Method** For each supported selection of PRF, length of shared secret (Z), length For each supported selection of PRF, length of shared secret (Z), length of salt, length of initialization vector (IV), output length (L), and of salt, length of initialization vector (IV), output length (L), and length of fixed information (FixedInfo), the evaluator shall generate 10 length of fixed information (FixedInfo), the evaluator shall generate 10 test vectors that include pseudorandom input values for Z, salt values test vectors that include pseudorandom input values for Z, salt values (for non-zero lengths, otherwise, omit), IV (for non-zero lengths, (for non-zero lengths, otherwise, omit), IV (for non-zero lengths, otherwise, use a vector of length equal to length of input block of PRF otherwise, use a vector of length equal to length of input block of PRF and fill with zeros), and fixed information (for non-zero lengths, and fill with zeros), and fixed information (for non-zero lengths, otherwise, omit). otherwise, omit). For each test vector, the evaluator shall supply this data to the For each test vector, the evaluator shall supply this data to the [TOE](#abbr_TOE) in order to produce the keying material output. The [TOE](#abbr_TOE) in order to produce the keying material output. The results from each test may either be obtained by the evaluator directly results from each test may either be obtained by the evaluator directly or by supplying the inputs to the implementer and receiving the results or by supplying the inputs to the implementer and receiving the results in response. To determine correctness, the evaluator shall compare the in response. To determine correctness, the evaluator shall compare the resulting values to those obtained by submitting the same inputs to a resulting values to those obtained by submitting the same inputs to a known good implementation. known good implementation. ::: {#FCS_ENT_EXT.1 .comp} ::: {#FCS_ENT_EXT.1 .comp} #### FCS\_ENT\_EXT.1 Entropy for Tenant Software #### FCS\_ENT\_EXT.1 Entropy for Tenant Software ::: {.element} ::: {.element} ::: {#FCS_ENT_EXT.1.1 .reqid} ::: {#FCS_ENT_EXT.1.1 .reqid} [FCS\_ENT\_EXT.1.1](#FCS_ENT_EXT.1.1){.abbr} [FCS\_ENT\_EXT.1.1](#FCS_ENT_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall provide one or more mechanisms to make The [TSF](#abbr_TSF) shall provide one or more mechanisms to make entropy that meets [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) available to tenant entropy that meets [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) available to tenant software. software. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) provides an included in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) provides an entropy source accessible to tenant software.]{.note} entropy source accessible to tenant software.]{.note} This requirement ensures that the [TOE](#abbr_TOE) makes available This requirement ensures that the [TOE](#abbr_TOE) makes available sufficient entropy to any tenant that requires it. Every entropy source sufficient entropy to any tenant that requires it. Every entropy source need not provide high-quality entropy, but tenant software must have a need not provide high-quality entropy, but tenant software must have a means of acquiring sufficient entropy. means of acquiring sufficient entropy. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_ENT\_EXT.1](#FCS_ENT_EXT.1) [FCS\_ENT\_EXT.1](#FCS_ENT_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall verify that the [TSS](#abbr_TSS) documents the The evaluator shall verify that the [TSS](#abbr_TSS) documents the entropy sources implemented by the [TOE](#abbr_TOE). It is not necessary entropy sources implemented by the [TOE](#abbr_TOE). It is not necessary to document all the platform features that can be used by tenant to document all the platform features that can be used by tenant software to contribute to entropy, rather only those features expressly software to contribute to entropy, rather only those features expressly provided as entropy sources. provided as entropy sources. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to ensure that it describes how to The evaluator shall examine the AGD to ensure that it describes how to configure entropy sources (if applicable) and how tenant software can configure entropy sources (if applicable) and how tenant software can access the sources. access the sources. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following test: The evaluator shall perform the following test: The evaluator shall invoke the entropy source(s) from tenant software. The evaluator shall invoke the entropy source(s) from tenant software. The evaluator shall verify that the tenant acquires values from the The evaluator shall verify that the tenant acquires values from the interface. interface. ::: ::: ::: ::: ::: ::: ::: {#FCS_SLT_EXT.1 .comp} ::: {#FCS_SLT_EXT.1 .comp} #### FCS\_SLT\_EXT.1 Cryptographic Salt Generation #### FCS\_SLT\_EXT.1 Cryptographic Salt Generation ::: {.element} ::: {.element} ::: {#FCS_SLT_EXT.1.1 .reqid} ::: {#FCS_SLT_EXT.1.1 .reqid} [FCS\_SLT\_EXT.1.1](#FCS_SLT_EXT.1.1){.abbr} [FCS\_SLT\_EXT.1.1](#FCS_SLT_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall use salts and nonces generated by an The [TSF](#abbr_TSF) shall use salts and nonces generated by an [RBG](#abbr_RBG) as specified in [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1). [RBG](#abbr_RBG) as specified in [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1). ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if it is a service provided by the included in the [ST](#abbr_ST) if it is a service provided by the [TOE](#abbr_TOE) to tenant software, or if it is used by the [TOE](#abbr_TOE) to tenant software, or if it is used by the [TOE](#abbr_TOE) itself to support or implement [PP](#abbr_PP)-specified [TOE](#abbr_TOE) itself to support or implement [PP](#abbr_PP)-specified security functionality.]{.note} security functionality.]{.note} ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_SLT\_EXT.1](#FCS_SLT_EXT.1) [FCS\_SLT\_EXT.1](#FCS_SLT_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall ensure the [TSS](#abbr_TSS) describes how salts are The evaluator shall ensure the [TSS](#abbr_TSS) describes how salts are generated using the [RBG](#abbr_RBG). generated using the [RBG](#abbr_RBG). ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall confirm by testing that the salts obtained in the The evaluator shall confirm by testing that the salts obtained in the cryptographic operations that use the salts are of the length specified cryptographic operations that use the salts are of the length specified in [FCS\_SLT\_EXT.1](#FCS_SLT_EXT.1), are obtained from the in [FCS\_SLT\_EXT.1](#FCS_SLT_EXT.1), are obtained from the [RBG](#abbr_RBG), and are fresh on each invocation. [RBG](#abbr_RBG), and are fresh on each invocation. This testing may be carried out as part of the testing for the relevant This testing may be carried out as part of the testing for the relevant cryptographic operations. cryptographic operations. ::: ::: ::: ::: ::: ::: ::: {#FCS_STG_EXT.1 .comp} ::: {#FCS_STG_EXT.1 .comp} #### FCS\_STG\_EXT.1 Protected Storage #### FCS\_STG\_EXT.1 Protected Storage ::: {.element} ::: {.element} ::: {#FCS_STG_EXT.1.1 .reqid} ::: {#FCS_STG_EXT.1.1 .reqid} [FCS\_STG\_EXT.1.1](#FCS_STG_EXT.1.1){.abbr} [FCS\_STG\_EXT.1.1](#FCS_STG_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall provide \[**selection**: *mutable The [TSF](#abbr_TSF) shall provide \[**selection**: *mutable hardware-based*, *immutable hardware-based*, *software-based*\] hardware-based*, *immutable hardware-based*, *software-based*\] protected storage for asymmetric private keys and \[**selection**: protected storage for asymmetric private keys and \[**selection**: *symmetric keys*, *persistent secrets*, *no other keys*\]. *symmetric keys*, *persistent secrets*, *no other keys*\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) should be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) should be included in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) provides included in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) provides protected storage as a service for tenant software, or if it stores keys protected storage as a service for tenant software, or if it stores keys or other persistent secrets for its own use.]{.note} or other persistent secrets for its own use.]{.note} This [SFR](#abbr_SFR) must be claimed if the [TOE](#abbr_TOE) includes a This [SFR](#abbr_SFR) must be claimed if the [TOE](#abbr_TOE) includes a Dedicated Security Component that provides storage services, such as a Dedicated Security Component that provides storage services, such as a TPM. TPM. If the protected storage is implemented in software that is protected as If the protected storage is implemented in software that is protected as required by [FCS\_STG\_EXT.2](#FCS_STG_EXT.2), the [ST](#abbr_ST) Author required by [FCS\_STG\_EXT.2](#FCS_STG_EXT.2), the [ST](#abbr_ST) Author is expected to select \"*software-based*.\" If \"*software-based*\" is is expected to select \"*software-based*.\" If \"*software-based*\" is selected, the [ST](#abbr_ST) Author is expected to select selected, the [ST](#abbr_ST) Author is expected to select \"*software-based key storage*\" in [FCS\_STG\_EXT.2](#FCS_STG_EXT.2) \"*software-based key storage*\" in [FCS\_STG\_EXT.2](#FCS_STG_EXT.2) and also claim [FCS\_STG\_EXT.3](#FCS_STG_EXT.3). and also claim [FCS\_STG\_EXT.3](#FCS_STG_EXT.3). If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then [FCS\_CKM.4](#FCS_CKM.4) must also be claimed. [FCS\_CKM.4](#FCS_CKM.4) must also be claimed. ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_STG_EXT.1.2 .reqid} ::: {#FCS_STG_EXT.1.2 .reqid} [FCS\_STG\_EXT.1.2](#FCS_STG_EXT.1.2){.abbr} [FCS\_STG\_EXT.1.2](#FCS_STG_EXT.1.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall support the capability of \[**selection**: The [TSF](#abbr_TSF) shall support the capability of \[**selection**: - *importing keys/secrets into the [TOE](#abbr_TOE)*, - *importing keys/secrets into the [TOE](#abbr_TOE)*, - *causing the [TOE](#abbr_TOE) to generate \[**selection**: - *causing the [TOE](#abbr_TOE) to generate \[**selection**: *asymmetric*, *symmetric*\]keys/secrets* *asymmetric*, *symmetric*\]keys/secrets* \] upon request of \[**selection**: *a client application*, *an \] upon request of \[**selection**: *a client application*, *an administrator*\]. administrator*\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ If \"causing the [TOE](#abbr_TOE) to [Application Note: ]{.note-header}[ If \"causing the [TOE](#abbr_TOE) to generate keys/secrets\" is selected in FCS\_STO\_EXT.1.2, then the generate keys/secrets\" is selected in FCS\_STO\_EXT.1.2, then the [ST](#abbr_ST) must include at least one of [ST](#abbr_ST) must include at least one of [FCS\_CKM.1/AK](#FCS_CKM.1/AK) or [FCS\_CKM.1/SK](#FCS_CKM.1/SK) [FCS\_CKM.1/AK](#FCS_CKM.1/AK) or [FCS\_CKM.1/SK](#FCS_CKM.1/SK) depending on the value of the internal selection. ]{.note} depending on the value of the internal selection. ]{.note} ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_STG_EXT.1.3 .reqid} ::: {#FCS_STG_EXT.1.3 .reqid} [FCS\_STG\_EXT.1.3](#FCS_STG_EXT.1.3){.abbr} [FCS\_STG\_EXT.1.3](#FCS_STG_EXT.1.3){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall be capable of destroying keys/secrets in the The [TSF](#abbr_TSF) shall be capable of destroying keys/secrets in the protected storage upon request of \[**selection**: *a client protected storage upon request of \[**selection**: *a client application*, *an administrator*\]. application*, *an administrator*\]. ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_STG\_EXT.1](#FCS_STG_EXT.1) [FCS\_STG\_EXT.1](#FCS_STG_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall review the [TSS](#abbr_TSS) to determine that the The evaluator shall review the [TSS](#abbr_TSS) to determine that the [TOE](#abbr_TOE) implements the required protected storage. The [TOE](#abbr_TOE) implements the required protected storage. The evaluator shall ensure that the [TSS](#abbr_TSS) contains a description evaluator shall ensure that the [TSS](#abbr_TSS) contains a description of the protected storage mechanism that justifies the selection of of the protected storage mechanism that justifies the selection of mutable hardware-based or software-based. mutable hardware-based or software-based. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to ensure that it describes the The evaluator shall examine the AGD to ensure that it describes the process for generating keys, importing keys, or both, based on what is process for generating keys, importing keys, or both, based on what is claimed by the [ST](#abbr_ST). The evaluator shall also examine the AGD claimed by the [ST](#abbr_ST). The evaluator shall also examine the AGD to ensure that it describes the process for destroying keys that have to ensure that it describes the process for destroying keys that have been imported or generated. been imported or generated. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall test the functionality of each security function as The evaluator shall test the functionality of each security function as described below. If the [TOE](#abbr_TOE) supports both import and described below. If the [TOE](#abbr_TOE) supports both import and generation of keys, the evaluator shall repeat the testing as needed to generation of keys, the evaluator shall repeat the testing as needed to demonstrate that the keys resulting from both operations are treated in demonstrate that the keys resulting from both operations are treated in the same manner. The devices used with the tooling may need to be the same manner. The devices used with the tooling may need to be non-production devices in order to enable the execution of testing and non-production devices in order to enable the execution of testing and gathering of evidence. gathering of evidence. - **Test 1:** The evaluator shall import or generate keys/secrets of - **Test 1:** The evaluator shall import or generate keys/secrets of each supported type according to the operational guidance. The each supported type according to the operational guidance. The evaluator shall write, or the developer shall provide access to, an evaluator shall write, or the developer shall provide access to, an application that generates a key/secret of each supported type and application that generates a key/secret of each supported type and calls the import functions. The evaluator shall verify that no calls the import functions. The evaluator shall verify that no errors occur during import. errors occur during import. - **Test 2:** The evaluator shall write, or the developer shall - **Test 2:** The evaluator shall write, or the developer shall provide access to, tenant software that uses a generated or imported provide access to, tenant software that uses a generated or imported key/secret: key/secret: - For RSA, the secret shall be used to sign data. - For RSA, the secret shall be used to sign data. - For [ECDSA](#abbr_ECDSA), the secret shall be used to sign data. - For [ECDSA](#abbr_ECDSA), the secret shall be used to sign data. The evaluator shall verify that the tenant software is able to The evaluator shall verify that the tenant software is able to access and use the key/secret as described. access and use the key/secret as described. - **Test 3:** The evaluator shall destroy keys/secrets of each - **Test 3:** The evaluator shall destroy keys/secrets of each supported type according to the operational guidance. The evaluator supported type according to the operational guidance. The evaluator shall write, or the developer shall provide access to, tenant shall write, or the developer shall provide access to, tenant software that destroys an imported or generated key/secret. The software that destroys an imported or generated key/secret. The evaluator shall verify that the tenant software is able to cause the evaluator shall verify that the tenant software is able to cause the deletion of only keys that were created or imported on its behalf. deletion of only keys that were created or imported on its behalf. ::: ::: ::: ::: ::: ::: ### A.1.3 Class: User Data Protection (FDP) {#fdp-optional .indexable data-level="3"} ### A.1.3 Class: User Data Protection (FDP) {#fdp-optional .indexable data-level="3"} ::: {#FDP_TEE_EXT.1 .comp} ::: {#FDP_TEE_EXT.1 .comp} #### FDP\_TEE\_EXT.1 Trusted Execution Environment for Tenant Software #### FDP\_TEE\_EXT.1 Trusted Execution Environment for Tenant Software ::: {.element} ::: {.element} ::: {#FDP_TEE_EXT.1.1 .reqid} ::: {#FDP_TEE_EXT.1.1 .reqid} [FDP\_TEE\_EXT.1.1](#FDP_TEE_EXT.1.1){.abbr} [FDP\_TEE\_EXT.1.1](#FDP_TEE_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall implement a trusted execution environment The [TSF](#abbr_TSF) shall implement a trusted execution environment that conforms to the following standard: \[*Advanced Trusted that conforms to the following standard: \[*Advanced Trusted Environment: [OMTP](#abbr_OMTP) TR1 v1.1*\] and make this Environment: [OMTP](#abbr_OMTP) TR1 v1.1*\] and make this [TEE](#abbr_TEE) available to tenant software. [TEE](#abbr_TEE) available to tenant software. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) should be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) should be claimed in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) includes a trusted claimed in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) includes a trusted execution environment for the use of tenant software. ]{.note} execution environment for the use of tenant software. ]{.note} ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FDP\_TEE\_EXT.1](#FDP_TEE_EXT.1) [FDP\_TEE\_EXT.1](#FDP_TEE_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to ensure that it The evaluator shall examine the [TSS](#abbr_TSS) to ensure that it describes the protections provided by the [TOE](#abbr_TOE)\'s describes the protections provided by the [TOE](#abbr_TOE)\'s [TEE](#abbr_TEE) implementation. [TEE](#abbr_TEE) implementation. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to ensure that it describes the The evaluator shall examine the AGD to ensure that it describes the steps required for tenant software to invoke the [TEE](#abbr_TEE). steps required for tenant software to invoke the [TEE](#abbr_TEE). ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: There are no Test evaluation activities for this component. There are no Test evaluation activities for this component. ::: ::: ::: ::: ::: ::: ### A.1.4 Class: Identification and Authentication (FIA) {#fia-optional .indexable da ### A.1.4 Class: Identification and Authentication (FIA) {#fia-optional .indexable da ::: {#FIA_TRT_EXT.1 .comp} ::: {#FIA_TRT_EXT.1 .comp} #### FIA\_TRT\_EXT.1 Authentication Throttling #### FIA\_TRT\_EXT.1 Authentication Throttling ::: {.element} ::: {.element} ::: {#FIA_TRT_EXT.1.1 .reqid} ::: {#FIA_TRT_EXT.1.1 .reqid} [FIA\_TRT\_EXT.1.1](#FIA_TRT_EXT.1.1){.abbr} [FIA\_TRT\_EXT.1.1](#FIA_TRT_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall limit automated user authentication attempts The [TSF](#abbr_TSF) shall limit automated user authentication attempts by \[**selection**: *preventing authentication via an external port*, by \[**selection**: *preventing authentication via an external port*, *enforcing a delay between incorrect authentication attempts*\] for all *enforcing a delay between incorrect authentication attempts*\] for all authentication mechanisms selected in [FIA\_UAU.5.1](#FIA_UAU.5.1). authentication mechanisms selected in [FIA\_UAU.5.1](#FIA_UAU.5.1). ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FIA_TRT_EXT.1.2 .reqid} ::: {#FIA_TRT_EXT.1.2 .reqid} [FIA\_TRT\_EXT.1.2](#FIA_TRT_EXT.1.2){.abbr} [FIA\_TRT\_EXT.1.2](#FIA_TRT_EXT.1.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The minimum delay between incorrect authentication attempts shall be The minimum delay between incorrect authentication attempts shall be such that no more than 10 attempts can be attempted per 500 such that no more than 10 attempts can be attempted per 500 milliseconds. milliseconds. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) should be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) should be included in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) implements a included in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) implements a mechanism for limiting the number or frequency of Administrator mechanism for limiting the number or frequency of Administrator authentication attempts.]{.note} authentication attempts.]{.note} The authentication throttling applies to all authentication mechanisms The authentication throttling applies to all authentication mechanisms selected in [FIA\_UAU.5.1](#FIA_UAU.5.1). The user authentication selected in [FIA\_UAU.5.1](#FIA_UAU.5.1). The user authentication attempts in this requirement are attempts to guess the Authentication attempts in this requirement are attempts to guess the Authentication Factor. The developer can implement the timing of the delays in the Factor. The developer can implement the timing of the delays in the requirements using unequal or equal timing of delays. The minimum delay requirements using unequal or equal timing of delays. The minimum delay specified in this requirement provides defense against brute forcing. specified in this requirement provides defense against brute forcing. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FIA\_TRT\_EXT.1](#FIA_TRT_EXT.1) [FIA\_TRT\_EXT.1](#FIA_TRT_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall verify that the [TSS](#abbr_TSS) describes the The evaluator shall verify that the [TSS](#abbr_TSS) describes the method by which authentication attempts are not able to be automated. method by which authentication attempts are not able to be automated. The evaluator shall ensure that the [TSS](#abbr_TSS) describes either The evaluator shall ensure that the [TSS](#abbr_TSS) describes either how the [TSF](#abbr_TSF) disables authentication via external interfaces how the [TSF](#abbr_TSF) disables authentication via external interfaces (other than the ordinary user interface) or how authentication attempts (other than the ordinary user interface) or how authentication attempts are delayed in order to slow automated entry and shall ensure that no are delayed in order to slow automated entry and shall ensure that no more than 10 attempts can be attempted per 500 milliseconds for all more than 10 attempts can be attempted per 500 milliseconds for all authentication mechanisms selected in [FIA\_UAU.5.1](#FIA_UAU.5.1). authentication mechanisms selected in [FIA\_UAU.5.1](#FIA_UAU.5.1). ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: There are no test evaluation activities for this component. There are no test evaluation activities for this component. ::: ::: ::: ::: ::: ::: A.2 Objective Requirements {#objective-reqs .indexable data-level="2"} A.2 Objective Requirements {#objective-reqs .indexable data-level="2"} -------------------------- -------------------------- ### A.2.1 Auditable Events for Objective Requirements {#objective-reqs-audit .indexab ### A.2.1 Auditable Events for Objective Requirements {#objective-reqs-audit .indexab ----------------------------------------------------------------------------------- ----------------------------------------------------------------------------------- Requirement Auditable Events Additional Requirement Auditable Events Additional ----------------------------------- ----------------------------------- ----------- ----------------------------------- ----------------------------------- ----------- [FPT\_ROT\_EXT.3](#FPT_ROT_EXT.3) Detection of attempted intrusion. None.\ [FPT\_ROT\_EXT.3](#FPT_ROT_EXT.3) Detection of attempted intrusion. None.\ ----------------------------------------------------------------------------------- ----------------------------------------------------------------------------------- : [Table [7]{.counter}]{#t-audit-objective .ctr : [Table [7]{.counter}]{#t-audit-objective .ctr data-myid="t-audit-objective" data-counter-type="ct-Table"}: Auditable data-myid="t-audit-objective" data-counter-type="ct-Table"}: Auditable Events for Objective Requirements Events for Objective Requirements ### A.2.2 Class: Protection of the TSF (FPT) {#fpt-objective .indexable data-level="3 ### A.2.2 Class: Protection of the TSF (FPT) {#fpt-objective .indexable data-level="3 ::: {#FPT_ROT_EXT.3 .comp} ::: {#FPT_ROT_EXT.3 .comp} #### FPT\_ROT\_EXT.3 Hardware component integrity #### FPT\_ROT\_EXT.3 Hardware component integrity ::: {.element} ::: {.element} ::: {#FPT_ROT_EXT.3.1 .reqid} ::: {#FPT_ROT_EXT.3.1 .reqid} [FPT\_ROT\_EXT.3.1](#FPT_ROT_EXT.3.1){.abbr} [FPT\_ROT\_EXT.3.1](#FPT_ROT_EXT.3.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} Outside of the integrity root specified in Outside of the integrity root specified in [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1), the integrity of \[**assignment**: [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1), the integrity of \[**assignment**: [critical platform hardware components]{.assignable-content}\] shall be [critical platform hardware components]{.assignable-content}\] shall be verified prior to execution or use through: \[**assignment**: [method verified prior to execution or use through: \[**assignment**: [method for ensuring integrity of platform hardware for ensuring integrity of platform hardware components]{.assignable-content}\]. components]{.assignable-content}\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ The purpose of this objective [Application Note: ]{.note-header}[ The purpose of this objective requirement is to encourage platform and component vendors to adopt requirement is to encourage platform and component vendors to adopt mechanisms similar to those defined in upcoming [NIST](#abbr_NIST) SP mechanisms similar to those defined in upcoming [NIST](#abbr_NIST) SP 1800-34 for ensuring the integrity of the hardware supply chain. The 1800-34 for ensuring the integrity of the hardware supply chain. The scope of SP 1800-34 is to cover \"manufacturing and [OEM](#abbr_OEM) scope of SP 1800-34 is to cover \"manufacturing and [OEM](#abbr_OEM) processes that protect against counterfeits, tampering, and insertion of processes that protect against counterfeits, tampering, and insertion of unexpected software and hardware, and the corresponding customer unexpected software and hardware, and the corresponding customer processes that verify that client and server computing devices and processes that verify that client and server computing devices and components have not been tampered with or otherwise modified. components have not been tampered with or otherwise modified. Manufacturing processes that cannot be verified by the customer are Manufacturing processes that cannot be verified by the customer are explicitly out of scope.\"]{.note} explicitly out of scope.\"]{.note} As a basic step, SP 1800-34 specifies that critical platform components As a basic step, SP 1800-34 specifies that critical platform components should include immutable hardware IDs that can be listed in a hardware should include immutable hardware IDs that can be listed in a hardware component manifest that is provided to the purchaser and signed by the component manifest that is provided to the purchaser and signed by the manufacturer. It should then be possible for the [TOE](#abbr_TOE) to manufacturer. It should then be possible for the [TOE](#abbr_TOE) to verify the signature on the manifest and check that each hardware ID in verify the signature on the manifest and check that each hardware ID in the manifest matches the IDs in the actual hardware. The component the manifest matches the IDs in the actual hardware. The component manifest and hardware IDs provide proof of provenance for the manifest and hardware IDs provide proof of provenance for the [TOE](#abbr_TOE) and its hardware components. [TOE](#abbr_TOE) and its hardware components. For purposes of this requirement, hardware identities can be verified For purposes of this requirement, hardware identities can be verified once on first boot, on every boot, when new hardware is detected, or once on first boot, on every boot, when new hardware is detected, or during normal operation of the platform - as long as the hardware during normal operation of the platform - as long as the hardware integrity is verified before the component or device is used. integrity is verified before the component or device is used. The [ST](#abbr_ST) Author lists the hardware components for which the The [ST](#abbr_ST) Author lists the hardware components for which the integrity is checked, and the methods used for conducting the checks. integrity is checked, and the methods used for conducting the checks. \"Critical components\" generally would include chassis, motherboards, \"Critical components\" generally would include chassis, motherboards, CPUs, network cards, memory chips, hard drives, controllers, graphics CPUs, network cards, memory chips, hard drives, controllers, graphics processors, and service controllers. processors, and service controllers. ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FPT_ROT_EXT.3.2 .reqid} ::: {#FPT_ROT_EXT.3.2 .reqid} [FPT\_ROT\_EXT.3.2](#FPT_ROT_EXT.3.2){.abbr} [FPT\_ROT\_EXT.3.2](#FPT_ROT_EXT.3.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TOE](#abbr_TOE) shall take the following actions if an integrity The [TOE](#abbr_TOE) shall take the following actions if an integrity check specified in [FPT\_ROT\_EXT.3.1](#FPT_ROT_EXT.3.1) fails: check specified in [FPT\_ROT\_EXT.3.1](#FPT_ROT_EXT.3.1) fails: 1. Halt, 1. Halt, 2. Notify an \[**selection**: *Administrator*, *User*\] by 2. Notify an \[**selection**: *Administrator*, *User*\] by \[**selection**: *generating an audit event*, *\[**assignment**: \[**selection**: *generating an audit event*, *\[**assignment**: [other notification method(s)]{.assignable-content}\]*\], and [other notification method(s)]{.assignable-content}\]*\], and 3. \[**selection**: | 3. \[**selection, choose one of**: - *Stop all execution and shut down*, - *Stop all execution and shut down*, - *Continue execution without the integrity-compromised - *Continue execution without the integrity-compromised component*, component*, - *Continue execution* - *Continue execution* \] \] \[**selection**: | \[**selection, choose one of**: - *in accordance with administrator-configurable policy*, - *in accordance with administrator-configurable policy*, - *by express determination of an \[**selection**: *Administrator*, - *by express determination of an \[**selection**: *Administrator*, *User*\]* *User*\]* \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ Notification of an administrator can [Application Note: ]{.note-header}[ Notification of an administrator can take many forms. For server-class platforms, such notification could take many forms. For server-class platforms, such notification could take the form of administrator alerts or audit events. For platforms take the form of administrator alerts or audit events. For platforms without management controllers, notification could be achieved, for without management controllers, notification could be achieved, for example, by blinking lights, beep codes, screen indications, or local example, by blinking lights, beep codes, screen indications, or local logging.]{.note} logging.]{.note} If \"*administrator*\" is selected anywhere in If \"*administrator*\" is selected anywhere in [FPT\_ROT\_EXT.3.2](#FPT_ROT_EXT.3.2), or if \"*in accordance with [FPT\_ROT\_EXT.3.2](#FPT_ROT_EXT.3.2), or if \"*in accordance with administrator-configurable policy*\" is selected, then all administrator administrator-configurable policy*\" is selected, then all administrator authentication requirements must be included in the [ST](#abbr_ST) authentication requirements must be included in the [ST](#abbr_ST) ([FIA\_UIA\_EXT.1](#FIA_UIA_EXT.1), [FIA\_UAU.5](#FIA_UAU.5), ([FIA\_UIA\_EXT.1](#FIA_UIA_EXT.1), [FIA\_UAU.5](#FIA_UAU.5), [FIA\_PMG\_EXT.1](#FIA_PMG_EXT.1), [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1), [FIA\_PMG\_EXT.1](#FIA_PMG_EXT.1), [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1), [FIA\_UAU.7](#FIA_UAU.7)). [FIA\_UAU.7](#FIA_UAU.7)). If \"*generating an audit event*\" is selected, then If \"*generating an audit event*\" is selected, then [FAU\_GEN.1](#FAU_GEN.1), [FAU\_SAR.1](#FAU_SAR.1), [FAU\_GEN.1](#FAU_GEN.1), [FAU\_SAR.1](#FAU_SAR.1), [FAU\_STG.1](#FAU_STG.1), [FAU\_STG.4](#FAU_STG.4), and [FAU\_STG.1](#FAU_STG.1), [FAU\_STG.4](#FAU_STG.4), and [FAU\_STG\_EXT.1](#FAU_STG_EXT.1) must be included in the [FAU\_STG\_EXT.1](#FAU_STG_EXT.1) must be included in the [ST](#abbr_ST). [ST](#abbr_ST). If \"*in accordance with administrator-configurable policy*\" is If \"*in accordance with administrator-configurable policy*\" is selected, then FMT\_MOF\_EXT.1 and [FMT\_SMF.1](#FMT_SMF.1) must be selected, then FMT\_MOF\_EXT.1 and [FMT\_SMF.1](#FMT_SMF.1) must be claimed in the [ST](#abbr_ST). claimed in the [ST](#abbr_ST). ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FPT\_ROT\_EXT.3](#FPT_ROT_EXT.3) [FPT\_ROT\_EXT.3](#FPT_ROT_EXT.3) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall verify that the [TSS](#abbr_TSS) describes the means The evaluator shall verify that the [TSS](#abbr_TSS) describes the means by which integrity of platform hardware and firmware is maintained from by which integrity of platform hardware and firmware is maintained from [TOE](#abbr_TOE) manufacture to delivery of the [TOE](#abbr_TOE) to its [TOE](#abbr_TOE) manufacture to delivery of the [TOE](#abbr_TOE) to its operational site. The [TSS](#abbr_TSS) shall also describe how the operational site. The [TSS](#abbr_TSS) shall also describe how the [TOE](#abbr_TOE) responds to failure of an integrity check consistent [TOE](#abbr_TOE) responds to failure of an integrity check consistent with the selections in [FPT\_ROT\_EXT.3.2](#FPT_ROT_EXT.3.2). with the selections in [FPT\_ROT\_EXT.3.2](#FPT_ROT_EXT.3.2). ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to ensure that it describes the The evaluator shall examine the AGD to ensure that it describes the actions taken and notification methods used in case of detection of a actions taken and notification methods used in case of detection of a platform integrity violation. If the actions are configurable, the AGD platform integrity violation. If the actions are configurable, the AGD shall explain how they are configured. shall explain how they are configured. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: There are no tests for this requirement. There are no tests for this requirement. ::: ::: ::: ::: ::: ::: A.3 Implementation-Based Requirements {#feat-based-reqs .indexable data-level="2"} A.3 Implementation-Based Requirements {#feat-based-reqs .indexable data-level="2"} ------------------------------------- ------------------------------------- This [PP](#abbr_PP) does not define any Implementation-Based This [PP](#abbr_PP) does not define any Implementation-Based requirements. requirements. Appendix B - Selection-Based Requirements {#sel-based-reqs .indexable data-level="A"} Appendix B - Selection-Based Requirements {#sel-based-reqs .indexable data-level="A"} ========================================= ========================================= As indicated in the introduction to this [PP](#abbr_PP), the baseline As indicated in the introduction to this [PP](#abbr_PP), the baseline requirements (those that must be performed by the [TOE](#abbr_TOE) or requirements (those that must be performed by the [TOE](#abbr_TOE) or its underlying platform) are contained in the body of this its underlying platform) are contained in the body of this [PP](#abbr_PP). There are additional requirements based on selections in [PP](#abbr_PP). There are additional requirements based on selections in the body of the [PP](#abbr_PP): if certain selections are made, then the body of the [PP](#abbr_PP): if certain selections are made, then additional requirements below must be included. additional requirements below must be included. B.1 Auditable Events for Selection-Based Requirements {#sel-based-reqs-audit .indexab B.1 Auditable Events for Selection-Based Requirements {#sel-based-reqs-audit .indexab ----------------------------------------------------- ----------------------------------------------------- ----------------------------------------------------------------------------------- ----------------------------------------------------------------------------------- Requirement Auditable Events Requirement Auditable Events ---------------------------------------------- ------------------------------------ ---------------------------------------------- ------------------------------------ [FAU\_GEN.1](#FAU_GEN.1) No events specified. [FAU\_GEN.1](#FAU_GEN.1) No events specified. [FAU\_STG.1](#FAU_STG.1) No events specified. [FAU\_STG.1](#FAU_STG.1) No events specified. [FAU\_STG.4](#FAU_STG.4) No events specified. [FAU\_STG.4](#FAU_STG.4) No events specified. [FAU\_STG\_EXT.1](#FAU_STG_EXT.1) On failure of logging function, capt [FAU\_STG\_EXT.1](#FAU_STG_EXT.1) On failure of logging function, capt [FCS\_CKM.1/AK](#FCS_CKM.1/AK) No events specified. [FCS\_CKM.1/AK](#FCS_CKM.1/AK) No events specified. [FCS\_CKM.1/SK](#FCS_CKM.1/SK) No events specified. [FCS\_CKM.1/SK](#FCS_CKM.1/SK) No events specified. [FCS\_CKM.2](#FCS_CKM.2) No events specified. [FCS\_CKM.2](#FCS_CKM.2) No events specified. [FCS\_CKM.4](#FCS_CKM.4) No events specified. [FCS\_CKM.4](#FCS_CKM.4) No events specified. [FCS\_CKM\_EXT.4](#FCS_CKM_EXT.4) No events specified. [FCS\_CKM\_EXT.4](#FCS_CKM_EXT.4) No events specified. [FCS\_COP.1/Hash](#FCS_COP.1/Hash) No events specified. [FCS\_COP.1/Hash](#FCS_COP.1/Hash) No events specified. [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) No events specified. [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) No events specified. [FCS\_COP.1/KAT](#FCS_COP.1/KAT) No events specified. [FCS\_COP.1/KAT](#FCS_COP.1/KAT) No events specified. [FCS\_COP.1/SigGen](#FCS_COP.1/SigGen) No events specified. [FCS\_COP.1/SigGen](#FCS_COP.1/SigGen) No events specified. [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) No events specified. [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) No events specified. [FCS\_COP.1/SKC](#FCS_COP.1/SKC) No events specified. [FCS\_COP.1/SKC](#FCS_COP.1/SKC) No events specified. [FCS\_HTTPS\_EXT.1](#FCS_HTTPS_EXT.1) Failure to establish a [HTTPS](#abbr [FCS\_HTTPS\_EXT.1](#FCS_HTTPS_EXT.1) Failure to establish a [HTTPS](#abbr [FCS\_HTTPS\_EXT.1](#FCS_HTTPS_EXT.1) Establishment/Termination of a [HTTP [FCS\_HTTPS\_EXT.1](#FCS_HTTPS_EXT.1) Establishment/Termination of a [HTTP [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) Failure to establish an IPsec [SA](# [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) Failure to establish an IPsec [SA](# [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) Establishment/Termination of an IPse [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) Establishment/Termination of an IPse [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) Failure of the randomization process [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) Failure of the randomization process [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1) No events specified. [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1) No events specified. [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1) Failed attempt at Administrator auth [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1) Failed attempt at Administrator auth [FIA\_PMG\_EXT.1](#FIA_PMG_EXT.1) No events specified. [FIA\_PMG\_EXT.1](#FIA_PMG_EXT.1) No events specified. [FIA\_UAU.5](#FIA_UAU.5) No events specified. [FIA\_UAU.5](#FIA_UAU.5) No events specified. [FIA\_UAU.7](#FIA_UAU.7) No events specified. [FIA\_UAU.7](#FIA_UAU.7) No events specified. [FIA\_UIA\_EXT.1](#FIA_UIA_EXT.1) All use of the identification and au [FIA\_UIA\_EXT.1](#FIA_UIA_EXT.1) All use of the identification and au [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) Failure to validate a certificate. [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) Failure to validate a certificate. [FIA\_X509\_EXT.2](#FIA_X509_EXT.2) No events specified. [FIA\_X509\_EXT.2](#FIA_X509_EXT.2) No events specified. [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) No events specified. [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) No events specified. [FPT\_PHP.1](#FPT_PHP.1) Detection of intrusion. [FPT\_PHP.1](#FPT_PHP.1) Detection of intrusion. [FPT\_PHP.2](#FPT_PHP.2) Detection of intrusion. [FPT\_PHP.2](#FPT_PHP.2) Detection of intrusion. [FPT\_PHP.3](#FPT_PHP.3) Detection of attempted intrusion. [FPT\_PHP.3](#FPT_PHP.3) Detection of attempted intrusion. [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1) No events specified. [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1) No events specified. [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) **\[selection:** *Failure of update [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) **\[selection:** *Failure of update [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) **\[selection:** *Failure of update [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) **\[selection:** *Failure of update [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) **\[selection:** *Success of update [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) **\[selection:** *Success of update [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) **\[selection:** *Failure of update [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) **\[selection:** *Failure of update [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) **\[selection:** *Failure of update [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) **\[selection:** *Failure of update [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) **\[selection:** *Success of update [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) **\[selection:** *Success of update [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) No events specified. [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) No events specified. [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1) Initiation of the trusted channel. [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1) Initiation of the trusted channel. [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1) Termination of the trusted channel. [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1) Termination of the trusted channel. [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1) Failures of the trusted path functio [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1) Failures of the trusted path functio [FTP\_ITE\_EXT.1](#FTP_ITE_EXT.1) No events specified. [FTP\_ITE\_EXT.1](#FTP_ITE_EXT.1) No events specified. [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1) No events specified. [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1) No events specified. [FTP\_TRP.1](#FTP_TRP.1) Initiation of the trusted channel. [FTP\_TRP.1](#FTP_TRP.1) Initiation of the trusted channel. [FTP\_TRP.1](#FTP_TRP.1) Termination of the trusted channel. [FTP\_TRP.1](#FTP_TRP.1) Termination of the trusted channel. [FTP\_TRP.1](#FTP_TRP.1) Failures of the trusted path functio [FTP\_TRP.1](#FTP_TRP.1) Failures of the trusted path functio ----------------------------------------------------------------------------------- ----------------------------------------------------------------------------------- : [Table [8]{.counter}]{#t-audit-sel-based .ctr : [Table [8]{.counter}]{#t-audit-sel-based .ctr data-myid="t-audit-sel-based" data-counter-type="ct-Table"}: Auditable data-myid="t-audit-sel-based" data-counter-type="ct-Table"}: Auditable Events for Selection-based Requirements Events for Selection-based Requirements B.2 Class: Security Audit (FAU) {#fau-sel-based .indexable data-level="2"} B.2 Class: Security Audit (FAU) {#fau-sel-based .indexable data-level="2"} ------------------------------- ------------------------------- ::: {#FAU_GEN.1 .comp} ::: {#FAU_GEN.1 .comp} #### FAU\_GEN.1 Audit Data Generation #### FAU\_GEN.1 Audit Data Generation ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FPT\_ROT\_EXT.2.2](#FPT_ROT_EXT.2.2), selection in [FPT\_ROT\_EXT.2.2](#FPT_ROT_EXT.2.2), [FPT\_ROT\_EXT.3.2](#FPT_ROT_EXT.3.2), [FPT\_ROT\_EXT.3.2](#FPT_ROT_EXT.3.2), [FPT\_TUD\_EXT.2.5](#FPT_TUD_EXT.2.5), [FPT\_TUD\_EXT.2.5](#FPT_TUD_EXT.2.5), [FPT\_TUD\_EXT.3.4](#FPT_TUD_EXT.3.4).*** [FPT\_TUD\_EXT.3.4](#FPT_TUD_EXT.3.4).*** ***This component must also be included in the [ST](#abbr_ST) if any of ***This component must also be included in the [ST](#abbr_ST) if any of the following use cases are selected:***\ the following use cases are selected:***\ - ***[Server-Class Platform, Basic](#uc-server-basic)*** - ***[Server-Class Platform, Basic](#uc-server-basic)*** - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** - ***[CSfC EUD](#uc-csfc-eud)*** - ***[CSfC EUD](#uc-csfc-eud)*** - ***[Enterprise Desktop clients](#uc-ent-clients-desktop)*** - ***[Enterprise Desktop clients](#uc-ent-clients-desktop)*** ::: ::: ::: {.element} ::: {.element} ::: {#FAU_GEN.1.1 .reqid} ::: {#FAU_GEN.1.1 .reqid} [FAU\_GEN.1.1](#FAU_GEN.1.1){.abbr} [FAU\_GEN.1.1](#FAU_GEN.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall be able to generate an audit record of the The [TSF](#abbr_TSF) shall be able to generate an audit record of the following auditable events:\ following auditable events:\ 1. Start-up and shutdown of the audit functions 1. Start-up and shutdown of the audit functions 2. All administrative actions 2. All administrative actions 3. Start-up, shutdown, and reboot of the platform 3. Start-up, shutdown, and reboot of the platform 4. Specifically defined auditable events in [Table 4. Specifically defined auditable events in [Table [2]{.counter}](#t-audit-mandatory){.t-audit-mandatory-ref} [2]{.counter}](#t-audit-mandatory){.t-audit-mandatory-ref} 5. \[**selection**: 5. \[**selection**: - *Specifically defined auditable event in [Table - *Specifically defined auditable event in [Table [5]{.counter}](#t-audit-optional){.t-audit-optional-ref} for [5]{.counter}](#t-audit-optional){.t-audit-optional-ref} for Strictly Optional requirements*, Strictly Optional requirements*, - *Specifically defined auditable event in [Table - *Specifically defined auditable event in [Table [7]{.counter}](#t-audit-objective){.t-audit-objective-ref} for [7]{.counter}](#t-audit-objective){.t-audit-objective-ref} for Objective requirements*, Objective requirements*, - *Specifically defined auditable event in [Table - *Specifically defined auditable event in [Table [8]{.counter}](#t-audit-sel-based){.t-audit-sel-based-ref} for [8]{.counter}](#t-audit-sel-based){.t-audit-sel-based-ref} for Selection-based requirements*, Selection-based requirements*, - *Additional information for the [Functional Package for - *Additional information for the [Functional Package for Transport Layer Security (TLS), version Transport Layer Security (TLS), version 1.1](https://www.niap-ccevs.org/Profile/Info.cfm?PPID=439&id=439) 1.1](https://www.niap-ccevs.org/Profile/Info.cfm?PPID=439&id=439) listed in [Table [9]{.counter}](#atref-pkgs){.atref-pkgs-ref}*, listed in [Table [9]{.counter}](#atref-pkgs){.atref-pkgs-ref}*, - *Additional information defined in the audit table for the - *Additional information defined in the audit table for the [Functional Package for Secure Shell (SSH), version [Functional Package for Secure Shell (SSH), version 1.0](https://www.niap-ccevs.org/Profile/Info.cfm?PPID=389&id=389)*, 1.0](https://www.niap-ccevs.org/Profile/Info.cfm?PPID=389&id=389)*, - *no additional auditable events* - *no additional auditable events* \]. \]. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FAU_GEN.1.2 .reqid} ::: {#FAU_GEN.1.2 .reqid} [FAU\_GEN.1.2](#FAU_GEN.1.2){.abbr} [FAU\_GEN.1.2](#FAU_GEN.1.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall record within each audit record at least the The [TSF](#abbr_TSF) shall record within each audit record at least the following information: following information: a. Date and time of the event a. Date and time of the event b. Type of event b. Type of event c. Subject and object identity (if applicable) c. Subject and object identity (if applicable) d. The outcome (success or failure) of the event d. The outcome (success or failure) of the event e. \[[Additional information defined in [Table e. \[[Additional information defined in [Table [2]{.counter}](#t-audit-mandatory){.t-audit-mandatory-ref}]{.refinement}\] [2]{.counter}](#t-audit-mandatory){.t-audit-mandatory-ref}]{.refinement}\] f. [\[**selection**: ]{.refinement} f. [\[**selection**: ]{.refinement} - *Additional information defined in [Table - *Additional information defined in [Table [5]{.counter}](#t-audit-optional){.t-audit-optional-ref} for [5]{.counter}](#t-audit-optional){.t-audit-optional-ref} for Strictly Optional SFRs*, Strictly Optional SFRs*, - *Additional information defined in [Table - *Additional information defined in [Table [7]{.counter}](#t-audit-objective){.t-audit-objective-ref} for [7]{.counter}](#t-audit-objective){.t-audit-objective-ref} for Objective SFRs*, Objective SFRs*, - *Additional information defined in [Table - *Additional information defined in [Table [8]{.counter}](#t-audit-sel-based){.t-audit-sel-based-ref} for [8]{.counter}](#t-audit-sel-based){.t-audit-sel-based-ref} for Selection-Based SFRs*, Selection-Based SFRs*, - *Additional information for the [Functional Package for - *Additional information for the [Functional Package for Transport Layer Security (TLS), version Transport Layer Security (TLS), version 1.1](https://www.niap-ccevs.org/Profile/Info.cfm?PPID=439&id=439) 1.1](https://www.niap-ccevs.org/Profile/Info.cfm?PPID=439&id=439) listed in [Table [9]{.counter}](#atref-pkgs){.atref-pkgs-ref}*, listed in [Table [9]{.counter}](#atref-pkgs){.atref-pkgs-ref}*, - *Additional information defined in the audit table for the - *Additional information defined in the audit table for the [Functional Package for Secure Shell (SSH), version [Functional Package for Secure Shell (SSH), version 1.0](https://www.niap-ccevs.org/Profile/Info.cfm?PPID=389&id=389)*, 1.0](https://www.niap-ccevs.org/Profile/Info.cfm?PPID=389&id=389)*, - *no other information* - *no other information* \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ The [ST](#abbr_ST) Author should [Application Note: ]{.note-header}[ The [ST](#abbr_ST) Author should include this [SFR](#abbr_SFR) in the [ST](#abbr_ST) if the include this [SFR](#abbr_SFR) in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) generates audit events for integrity verification or [TOE](#abbr_TOE) generates audit events for integrity verification or boot failures as indicated by the appropriate selections in boot failures as indicated by the appropriate selections in [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2), [FPT\_ROT\_EXT.3](#FPT_ROT_EXT.3), [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2), [FPT\_ROT\_EXT.3](#FPT_ROT_EXT.3), [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2), or [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2), or [FPT\_TUD\_EXT.3.4](#FPT_TUD_EXT.3.4); or if the [TOE](#abbr_TOE) [FPT\_TUD\_EXT.3.4](#FPT_TUD_EXT.3.4); or if the [TOE](#abbr_TOE) supports the Server (basic or enhanced), [CSfC](#abbr_CSfC) supports the Server (basic or enhanced), [CSfC](#abbr_CSfC) [EUD](#abbr_EUD), or Enterprise Desktop use cases.]{.note} [EUD](#abbr_EUD), or Enterprise Desktop use cases.]{.note} If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then all the If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then all the other FAU SFRs must also be claimed. other FAU SFRs must also be claimed. Appropriate entries from [Table Appropriate entries from [Table [5]{.counter}](#t-audit-optional){.t-audit-optional-ref}, [Table [5]{.counter}](#t-audit-optional){.t-audit-optional-ref}, [Table [7]{.counter}](#t-audit-objective){.t-audit-objective-ref}, and [Table [7]{.counter}](#t-audit-objective){.t-audit-objective-ref}, and [Table [8]{.counter}](#t-audit-sel-based){.t-audit-sel-based-ref} should be [8]{.counter}](#t-audit-sel-based){.t-audit-sel-based-ref} should be included in the [ST](#abbr_ST) if the associated SFRs and selections are included in the [ST](#abbr_ST) if the associated SFRs and selections are included. included. The following table contains the events enumerated in the auditable The following table contains the events enumerated in the auditable events table for the [TLS](#abbr_TLS) Functional Package. Inclusion of events table for the [TLS](#abbr_TLS) Functional Package. Inclusion of these events in the [ST](#abbr_ST) is subject to selection above, these events in the [ST](#abbr_ST) is subject to selection above, inclusion of the corresponding SFRs in the [ST](#abbr_ST), and support inclusion of the corresponding SFRs in the [ST](#abbr_ST), and support in the Package as represented by a selection in the table below. in the Package as represented by a selection in the table below. **[Table [9]{.counter}: Auditable Events for the [TLS](#abbr_TLS) **[Table [9]{.counter}: Auditable Events for the [TLS](#abbr_TLS) Functional Package]{#atref-pkgs .ctr data-myid="atref-pkgs" Functional Package]{#atref-pkgs .ctr data-myid="atref-pkgs" data-counter-type="ct-Table"}**\ data-counter-type="ct-Table"}**\ ------------------- ---------------------------------------------------------- ---- ------------------- ---------------------------------------------------------- ---- FCS\_TLSC\_EXT.1 Failure to establish a session. Reas FCS\_TLSC\_EXT.1 Failure to establish a session. Reas FCS\_TLSC\_EXT.1 Failure to verify presented identifier. Pres FCS\_TLSC\_EXT.1 Failure to verify presented identifier. Pres FCS\_TLSC\_EXT.1 Establishment/termination of a [TLS](#abbr_TLS) session. Non- FCS\_TLSC\_EXT.1 Establishment/termination of a [TLS](#abbr_TLS) session. Non- FCS\_TLSS\_EXT.1 Failure to establish a session. Reas FCS\_TLSS\_EXT.1 Failure to establish a session. Reas FCS\_DTLSC\_EXT.1 Failure of the certificate validity check. Issu FCS\_DTLSC\_EXT.1 Failure of the certificate validity check. Issu FCS\_DTLSS\_EXT.1 Failure of the certificate validity check. Issu FCS\_DTLSS\_EXT.1 Failure of the certificate validity check. Issu ------------------- ---------------------------------------------------------- ---- ------------------- ---------------------------------------------------------- ---- ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FAU\_GEN.1](#FAU_GEN.1) [FAU\_GEN.1](#FAU_GEN.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall check the [TSS](#abbr_TSS) and ensure that it lists The evaluator shall check the [TSS](#abbr_TSS) and ensure that it lists all of the auditable events and provides a format for audit records. all of the auditable events and provides a format for audit records. Each audit record format type shall be covered, along with a brief Each audit record format type shall be covered, along with a brief description of each field. description of each field. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall also make a determination of the administrative The evaluator shall also make a determination of the administrative actions that are relevant in the context of this [PP](#abbr_PP). The actions that are relevant in the context of this [PP](#abbr_PP). The evaluator shall examine the AGD and make a determination of which evaluator shall examine the AGD and make a determination of which administrative commands, including subcommands, scripts, and administrative commands, including subcommands, scripts, and configuration files, are related to the configuration (including configuration files, are related to the configuration (including enabling or disabling) of the mechanisms implemented in the enabling or disabling) of the mechanisms implemented in the [TOE](#abbr_TOE) that are necessary to enforce the requirements [TOE](#abbr_TOE) that are necessary to enforce the requirements specified in the [PP](#abbr_PP). The evaluator shall document the specified in the [PP](#abbr_PP). The evaluator shall document the methodology or approach taken while determining which actions in the AGD methodology or approach taken while determining which actions in the AGD are security-relevant with respect to this [PP](#abbr_PP). are security-relevant with respect to this [PP](#abbr_PP). ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall test the [TOE](#abbr_TOE)'s ability to correctly The evaluator shall test the [TOE](#abbr_TOE)'s ability to correctly generate audit records by having the [TOE](#abbr_TOE) generate audit generate audit records by having the [TOE](#abbr_TOE) generate audit records for the events listed and administrative actions. For records for the events listed and administrative actions. For administrative actions, the evaluator shall test that each action administrative actions, the evaluator shall test that each action determined by the evaluator above to be security relevant in the context determined by the evaluator above to be security relevant in the context of this [PP](#abbr_PP) is auditable. When verifying the test results, of this [PP](#abbr_PP) is auditable. When verifying the test results, the evaluator shall ensure the audit records generated during testing the evaluator shall ensure the audit records generated during testing match the format specified in the administrative guide, and that the match the format specified in the administrative guide, and that the fields in each audit record have the proper entries. fields in each audit record have the proper entries. Note that the testing here can be accomplished in conjunction with the Note that the testing here can be accomplished in conjunction with the testing of the security mechanisms directly.\ testing of the security mechanisms directly.\ ::: ::: ::: ::: ::: ::: ::: {#FAU_SAR.1 .comp} ::: {#FAU_SAR.1 .comp} #### FAU\_SAR.1 Audit Review #### FAU\_SAR.1 Audit Review ::: {.statustag} ::: {.statustag} ***This component must be included in the [ST](#abbr_ST) if any of the ***This component must be included in the [ST](#abbr_ST) if any of the following SFRs are included:***\ following SFRs are included:***\ - ***[FAU\_GEN.1](#FAU_GEN.1)*** - ***[FAU\_GEN.1](#FAU_GEN.1)*** ::: ::: ::: {.element} ::: {.element} ::: {#FAU_SAR.1.1 .reqid} ::: {#FAU_SAR.1.1 .reqid} [FAU\_SAR.1.1](#FAU_SAR.1.1){.abbr} [FAU\_SAR.1.1](#FAU_SAR.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall provide [the Administrator]{.refinement} with The [TSF](#abbr_TSF) shall provide [the Administrator]{.refinement} with the capability to read [all audited events and record the capability to read [all audited events and record contents]{.refinement} from the audit records. contents]{.refinement} from the audit records. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FAU_SAR.1.2 .reqid} ::: {#FAU_SAR.1.2 .reqid} [FAU\_SAR.1.2](#FAU_SAR.1.2){.abbr} [FAU\_SAR.1.2](#FAU_SAR.1.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall provide the audit records in a manner The [TSF](#abbr_TSF) shall provide the audit records in a manner suitable for the [Administrator ]{.refinement} to interpret the suitable for the [Administrator ]{.refinement} to interpret the information. information. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if [FAU\_GEN.1](#FAU_GEN.1) is claimed. included in the [ST](#abbr_ST) if [FAU\_GEN.1](#FAU_GEN.1) is claimed. ]{.note} ]{.note} ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FAU\_SAR.1](#FAU_SAR.1) [FAU\_SAR.1](#FAU_SAR.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: There are no [TSS](#abbr_TSS) evaluation activities for this component. There are no [TSS](#abbr_TSS) evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall review the AGD for the procedure on how to review The evaluator shall review the AGD for the procedure on how to review the audit records. the audit records. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall verify that the audit records provide all of the The evaluator shall verify that the audit records provide all of the information specified in [FAU\_GEN.1](#FAU_GEN.1) and that this information specified in [FAU\_GEN.1](#FAU_GEN.1) and that this information is suitable for human interpretation. The evaluation information is suitable for human interpretation. The evaluation activity for this requirement is performed in conjunction with the activity for this requirement is performed in conjunction with the evaluation activity for [FAU\_GEN.1](#FAU_GEN.1). evaluation activity for [FAU\_GEN.1](#FAU_GEN.1). ::: ::: ::: ::: ::: ::: ::: {#FAU_STG.1 .comp} ::: {#FAU_STG.1 .comp} #### FAU\_STG.1 Protected Audit Trail Storage #### FAU\_STG.1 Protected Audit Trail Storage ::: {.statustag} ::: {.statustag} ***This component must be included in the [ST](#abbr_ST) if any of the ***This component must be included in the [ST](#abbr_ST) if any of the following SFRs are included:***\ following SFRs are included:***\ - ***[FAU\_GEN.1](#FAU_GEN.1)*** - ***[FAU\_GEN.1](#FAU_GEN.1)*** ::: ::: ::: {.element} ::: {.element} ::: {#FAU_STG.1.1 .reqid} ::: {#FAU_STG.1.1 .reqid} [FAU\_STG.1.1](#FAU_STG.1.1){.abbr} [FAU\_STG.1.1](#FAU_STG.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall protect the stored audit records in the audit The [TSF](#abbr_TSF) shall protect the stored audit records in the audit trail from unauthorized deletion. trail from unauthorized deletion. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FAU_STG.1.2 .reqid} ::: {#FAU_STG.1.2 .reqid} [FAU\_STG.1.2](#FAU_STG.1.2){.abbr} [FAU\_STG.1.2](#FAU_STG.1.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall be able to prevent unauthorized modifications The [TSF](#abbr_TSF) shall be able to prevent unauthorized modifications to the stored audit records in the audit trail. to the stored audit records in the audit trail. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if [FAU\_GEN.1](#FAU_GEN.1) is claimed. included in the [ST](#abbr_ST) if [FAU\_GEN.1](#FAU_GEN.1) is claimed. ]{.note} ]{.note} ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FAU\_STG.1](#FAU_STG.1) [FAU\_STG.1](#FAU_STG.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall ensure that the [TSS](#abbr_TSS) lists the locations The evaluator shall ensure that the [TSS](#abbr_TSS) lists the locations of all logs and the access controls of those files such that of all logs and the access controls of those files such that unauthorized modification and deletion are prevented. unauthorized modification and deletion are prevented. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall ensure that the AGD describes the steps necessary The evaluator shall ensure that the AGD describes the steps necessary for an authorized administrator to delete audit records, if such a for an authorized administrator to delete audit records, if such a capability is implemented. capability is implemented. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following tests: The evaluator shall perform the following tests: - **Test 1:** \[conditional\] If the [TOE](#abbr_TOE) implements an - **Test 1:** \[conditional\] If the [TOE](#abbr_TOE) implements an audit record deletion capability, then the evaluator shall attempt audit record deletion capability, then the evaluator shall attempt to delete the audit trail in a manner that the access controls to delete the audit trail in a manner that the access controls should prevent (as an unauthorized user) and shall verify that the should prevent (as an unauthorized user) and shall verify that the attempt fails. attempt fails. - **Test 2:** The evaluator shall attempt to modify the audit trail in - **Test 2:** The evaluator shall attempt to modify the audit trail in a manner that the access controls should prevent (as an unauthorized a manner that the access controls should prevent (as an unauthorized application) and shall verify that the attempt fails. application) and shall verify that the attempt fails. ::: ::: ::: ::: ::: ::: ::: {#FAU_STG.4 .comp} ::: {#FAU_STG.4 .comp} #### FAU\_STG.4 Prevention of Audit Data Loss #### FAU\_STG.4 Prevention of Audit Data Loss ::: {.statustag} ::: {.statustag} ***This component must be included in the [ST](#abbr_ST) if any of the ***This component must be included in the [ST](#abbr_ST) if any of the following SFRs are included:***\ following SFRs are included:***\ - ***[FAU\_GEN.1](#FAU_GEN.1)*** - ***[FAU\_GEN.1](#FAU_GEN.1)*** ::: ::: ::: {.element} ::: {.element} ::: {#FAU_STG.4.1 .reqid} ::: {#FAU_STG.4.1 .reqid} [FAU\_STG.4.1](#FAU_STG.4.1){.abbr} [FAU\_STG.4.1](#FAU_STG.4.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall overwrite the oldest stored audit records if The [TSF](#abbr_TSF) shall overwrite the oldest stored audit records if the audit trail is full. the audit trail is full. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if [FAU\_GEN.1](#FAU_GEN.1) is claimed. included in the [ST](#abbr_ST) if [FAU\_GEN.1](#FAU_GEN.1) is claimed. ]{.note} ]{.note} ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FAU\_STG.4](#FAU_STG.4) [FAU\_STG.4](#FAU_STG.4) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to ensure that it The evaluator shall examine the [TSS](#abbr_TSS) to ensure that it describes the size limits on the audit records, the detection of a full describes the size limits on the audit records, the detection of a full audit trail, and the action(s) taken by the [TSF](#abbr_TSF) when the audit trail, and the action(s) taken by the [TSF](#abbr_TSF) when the audit trail is full. The evaluator shall ensure that the action(s) audit trail is full. The evaluator shall ensure that the action(s) results in the deletion or overwrite of the oldest stored record. results in the deletion or overwrite of the oldest stored record. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to ensure that it describes the The evaluator shall examine the AGD to ensure that it describes the means used by the [TOE](#abbr_TOE) to indicate that the audit trail is means used by the [TOE](#abbr_TOE) to indicate that the audit trail is full and overwrite is about to commence. full and overwrite is about to commence. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall cause audit records to be written until the size The evaluator shall cause audit records to be written until the size limits are met and exceeded. The evaluator shall verify that the limits are met and exceeded. The evaluator shall verify that the overwrite function works as described in the [TSS](#abbr_TSS) and that overwrite function works as described in the [TSS](#abbr_TSS) and that the indication of full audit trail is evident as described in the AGD. the indication of full audit trail is evident as described in the AGD. ::: ::: ::: ::: ::: ::: ::: {#FAU_STG_EXT.1 .comp} ::: {#FAU_STG_EXT.1 .comp} #### FAU\_STG\_EXT.1 Off-Loading of Audit Data #### FAU\_STG\_EXT.1 Off-Loading of Audit Data ::: {.statustag} ::: {.statustag} ***This component must be included in the [ST](#abbr_ST) if any of the ***This component must be included in the [ST](#abbr_ST) if any of the following SFRs are included:***\ following SFRs are included:***\ - ***[FAU\_GEN.1](#FAU_GEN.1)*** - ***[FAU\_GEN.1](#FAU_GEN.1)*** ::: ::: ::: {.element} ::: {.element} ::: {#FAU_STG_EXT.1.1 .reqid} ::: {#FAU_STG_EXT.1.1 .reqid} [FAU\_STG\_EXT.1.1](#FAU_STG_EXT.1.1){.abbr} [FAU\_STG\_EXT.1.1](#FAU_STG_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall be able to transfer generated audit data to The [TSF](#abbr_TSF) shall be able to transfer generated audit data to an external [IT](#abbr_IT) entity using \[**selection**: an external [IT](#abbr_IT) entity using \[**selection**: - *a trusted channel as specified in - *a trusted channel as specified in [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1)*, [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1)*, - *removable media requiring physical access to the platform* - *removable media requiring physical access to the platform* \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ The [ST](#abbr_ST) Author must [Application Note: ]{.note-header}[ The [ST](#abbr_ST) Author must select \"*trusted channel*\" and include select \"*trusted channel*\" and include [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1) in the [ST](#abbr_ST) if the [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1) in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) offloads audit data to external [IT](#abbr_IT) entity [TOE](#abbr_TOE) offloads audit data to external [IT](#abbr_IT) entity over a network connection. Protocols used for implementing the trusted over a network connection. Protocols used for implementing the trusted channel must be selected in [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1). ]{.note} channel must be selected in [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1). ]{.note} The [ST](#abbr_ST) Author must select \"*removable media*\" if the The [ST](#abbr_ST) Author must select \"*removable media*\" if the [TOE](#abbr_TOE) supports offload of audit data using removable media [TOE](#abbr_TOE) supports offload of audit data using removable media such as thumb drives or disks. such as thumb drives or disks. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.element-activity-header} ::: {.element-activity-header} [FAU\_STG\_EXT.1.1](#FAU_STG_EXT.1.1) [FAU\_STG\_EXT.1.1](#FAU_STG_EXT.1.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to ensure it describes The evaluator shall examine the [TSS](#abbr_TSS) to ensure it describes the means by which the audit data are transferred to the external audit the means by which the audit data are transferred to the external audit server.\ server.\ \ \ ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: If \"trusted channel\" is selected above, the evaluator shall examine If \"trusted channel\" is selected above, the evaluator shall examine the AGD to ensure it describes how to establish the trusted channel to the AGD to ensure it describes how to establish the trusted channel to the audit server, as well as describe any requirements on the audit the audit server, as well as describe any requirements on the audit server (particular audit server protocol, version of the protocol server (particular audit server protocol, version of the protocol required, etc.), as well as configuration of the [TOE](#abbr_TOE) needed required, etc.), as well as configuration of the [TOE](#abbr_TOE) needed to communicate with the audit server. Furthermore, it must describe to communicate with the audit server. Furthermore, it must describe whether the transfer mechanism is periodic or continuous, and what whether the transfer mechanism is periodic or continuous, and what happens in the event of a loss of connectivity. happens in the event of a loss of connectivity. If \"removable media\" is selected, the evaluator shall ensure that the If \"removable media\" is selected, the evaluator shall ensure that the AGD describes the process for accessing audit data and copying it to AGD describes the process for accessing audit data and copying it to media. The AGD must also include high-level guidance on how frequently media. The AGD must also include high-level guidance on how frequently this operation may need to be done to minimize risk of data loss.\ this operation may need to be done to minimize risk of data loss.\ \ \ ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component.\ There are no KMD evaluation activities for this component.\ \ \ ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: If \"trusted channel\" is selected above, testing of the trusted channel If \"trusted channel\" is selected above, testing of the trusted channel mechanism itself is to be performed as specified in the evaluation mechanism itself is to be performed as specified in the evaluation activities for [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1). In addition, the activities for [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1). In addition, the evaluator must perform the following test: evaluator must perform the following test: The evaluator shall establish a session between the [TOE](#abbr_TOE) and The evaluator shall establish a session between the [TOE](#abbr_TOE) and the audit server according to the configuration guidance provided. The the audit server according to the configuration guidance provided. The evaluator shall then examine the traffic that passes between the audit evaluator shall then examine the traffic that passes between the audit server and the [TOE](#abbr_TOE) during several activities of the server and the [TOE](#abbr_TOE) during several activities of the evaluator's choice designed to generate audit data to be transferred to evaluator's choice designed to generate audit data to be transferred to the audit server. The evaluator shall observe that these data are not the audit server. The evaluator shall observe that these data are not able to be viewed in the clear during this transfer, and that they are able to be viewed in the clear during this transfer, and that they are successfully received by the audit server. The evaluator shall record successfully received by the audit server. The evaluator shall record the particular software (name, version) used on the audit server during the particular software (name, version) used on the audit server during testing. testing. If \"removable media\" is selected above, the evaluator must run the If \"removable media\" is selected above, the evaluator must run the system for a time long enough to generate some audit data and then system for a time long enough to generate some audit data and then collect audit data onto removable media for transfer to another machine. collect audit data onto removable media for transfer to another machine. On another machine, the evaluator shall examine the audit data to ensure On another machine, the evaluator shall examine the audit data to ensure that it appears to be complete and correct. This test may be performed that it appears to be complete and correct. This test may be performed in conjunction with any other requirement that generates audit events.\ in conjunction with any other requirement that generates audit events.\ \ \ ::: ::: ::: ::: ::: ::: B.3 Class: Cryptographic Support (FCS) {#fcs-sel-based .indexable data-level="2"} B.3 Class: Cryptographic Support (FCS) {#fcs-sel-based .indexable data-level="2"} -------------------------------------- -------------------------------------- ::: {#FCS_CKM.1/AK .comp} ::: {#FCS_CKM.1/AK .comp} #### FCS\_CKM.1/AK Cryptographic Key Generation (Asymmetric Keys) #### FCS\_CKM.1/AK Cryptographic Key Generation (Asymmetric Keys) ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FCS\_STG\_EXT.1.2](#FCS_STG_EXT.1.2).*** selection in [FCS\_STG\_EXT.1.2](#FCS_STG_EXT.1.2).*** ***This component must be included in the [ST](#abbr_ST) if any of the ***This component must be included in the [ST](#abbr_ST) if any of the following SFRs are included:***\ following SFRs are included:***\ - ***[FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1)*** - ***[FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1)*** ***This component may also be included in the [ST](#abbr_ST) as if ***This component may also be included in the [ST](#abbr_ST) as if optional.*** optional.*** ::: ::: ::: {.element} ::: {.element} ::: {#FCS_CKM.1.1/AK .reqid} ::: {#FCS_CKM.1.1/AK .reqid} [FCS\_CKM.1.1/AK](#FCS_CKM.1.1/AK){.abbr} [FCS\_CKM.1.1/AK](#FCS_CKM.1.1/AK){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall generate **asymmetric** cryptographic keys in The [TSF](#abbr_TSF) shall generate **asymmetric** cryptographic keys in accordance with a specified cryptographic key generation algorithm accordance with a specified cryptographic key generation algorithm \[**selection**: [Cryptographic key generation algorithm \[**selection**: [Cryptographic key generation algorithm ]{.selection-content}\] and specified cryptographic key sizes ]{.selection-content}\] and specified cryptographic key sizes \[**selection**: [Cryptographic key sizes]{.selection-content}\] that \[**selection**: [Cryptographic key sizes]{.selection-content}\] that meet the following: \[**selection**: [List of meet the following: \[**selection**: [List of standards]{.selection-content}\] standards]{.selection-content}\] ----------------------------------------------------------------------- ----------------------------------------------------------------------- Cryptographic key Cryptographic key sizes List of standards Cryptographic key Cryptographic key sizes List of standards generation algorithm generation algorithm ----------------------- ----------------------- ----------------------- ----------------------- ----------------------- ----------------------- RSA \[**selection**: *2048 [FIPS](#abbr_FIPS) PUB RSA \[**selection**: *2048 [FIPS](#abbr_FIPS) PUB bit*, *3072-bit*\] 186-4 sec. B.3 \[key bit*, *3072-bit*\] 186-4 sec. B.3 \[key generation\] generation\] ECC-N \[**selection**: *256 [FIPS](#abbr_FIPS) PUB ECC-N \[**selection**: *256 [FIPS](#abbr_FIPS) PUB (P-256)*, *384 186-4 sec. D.1.2 (P-256)*, *384 186-4 sec. D.1.2 (P-384)*, *521 \[[NIST](#abbr_NIST) (P-384)*, *521 \[[NIST](#abbr_NIST) (P-521)*\] curves\] (P-521)*\] curves\] [FIPS](#abbr_FIPS) PUB [FIPS](#abbr_FIPS) PUB 186-4 sec. B.4 \[key 186-4 sec. B.4 \[key generation\] generation\] ECC-B \[**selection**: *256 [RFC](#abbr_RFC) 5639 ECC-B \[**selection**: *256 [RFC](#abbr_RFC) 5639 (brainpoolP256r1)*, sec. 3 \[Brainpool (brainpoolP256r1)*, sec. 3 \[Brainpool *384 Curves\] *384 Curves\] (brainpoolP384r1)*, (brainpoolP384r1)*, *512 [FIPS](#abbr_FIPS) PUB *512 [FIPS](#abbr_FIPS) PUB (brainpoolP512r1)*\] 186-4 sec. B.4 \[key (brainpoolP512r1)*\] 186-4 sec. B.4 \[key generation\] generation\] DSA DSA Bit lengths of p [FIPS](#abbr_FIPS) PUB DSA DSA Bit lengths of p [FIPS](#abbr_FIPS) PUB and q respectively (L, 186-4 sec. B.1 \[key and q respectively (L, 186-4 sec. B.1 \[key N) \[**selection**: generation\] N) \[**selection**: generation\] *(2048, 224)*, *(2048, *(2048, 224)*, *(2048, 256)*, *(3027, 256)*\] 256)*, *(3027, 256)*\] Curve25519 256 bits [RFC](#abbr_RFC) 7748 Curve25519 256 bits [RFC](#abbr_RFC) 7748 \[Curve25519\] \[Curve25519\] [FIPS](#abbr_FIPS) PUB [FIPS](#abbr_FIPS) PUB 186-4 sec. B.4 \[key 186-4 sec. B.4 \[key generation\] generation\] ----------------------------------------------------------------------- ----------------------------------------------------------------------- : [Table [10]{.counter}]{#fcs-ckm-1-ak-sels .ctr : [Table [10]{.counter}]{#fcs-ckm-1-ak-sels .ctr data-myid="fcs-ckm-1-ak-sels" data-counter-type="ct-Table"}: Choices data-myid="fcs-ckm-1-ak-sels" data-counter-type="ct-Table"}: Choices for completion of the selection operations in for completion of the selection operations in [FCS\_CKM.1.1/AK](#FCS_CKM.1.1/AK) [FCS\_CKM.1.1/AK](#FCS_CKM.1.1/AK) ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if asymmetric key generation is a service included in the [ST](#abbr_ST) if asymmetric key generation is a service provided by the [TOE](#abbr_TOE) to tenant software, or if it is used by provided by the [TOE](#abbr_TOE) to tenant software, or if it is used by the [TOE](#abbr_TOE) itself to support or implement the [TOE](#abbr_TOE) itself to support or implement [PP](#abbr_PP)-specified security functionality.]{.note} [PP](#abbr_PP)-specified security functionality.]{.note} Also, this [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if Also, this [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) is claimed, or if \"*causing the [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) is claimed, or if \"*causing the [TOE](#abbr_TOE) to generate \[asymmetric\] keys/secrets*\" is selected [TOE](#abbr_TOE) to generate \[asymmetric\] keys/secrets*\" is selected in [FCS\_STG\_EXT.1.2](#FCS_STG_EXT.1.2). in [FCS\_STG\_EXT.1.2](#FCS_STG_EXT.1.2). If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then [FCS\_CKM.4](#FCS_CKM.4) and [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) must also [FCS\_CKM.4](#FCS_CKM.4) and [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) must also be claimed. be claimed. DSA will be deprecated by [FIPS](#abbr_FIPS) PUB 186-5, when published. DSA will be deprecated by [FIPS](#abbr_FIPS) PUB 186-5, when published. DSA keys of size (1024, 160) were deprecated by [FIPS](#abbr_FIPS) PUB DSA keys of size (1024, 160) were deprecated by [FIPS](#abbr_FIPS) PUB 186-4 though that size is still allowed for signature verification. 186-4 though that size is still allowed for signature verification. For Curve25519, see also, final draft [NIST](#abbr_NIST) For Curve25519, see also, final draft [NIST](#abbr_NIST) [FIPS](#abbr_FIPS) PUB 186-5, Oct 2019. [FIPS](#abbr_FIPS) PUB 186-5, Oct 2019. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_CKM.1/AK](#FCS_CKM.1/AK) [FCS\_CKM.1/AK](#FCS_CKM.1/AK) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to verify that it The evaluator shall examine the [TSS](#abbr_TSS) to verify that it describes how the [TOE](#abbr_TOE) generates an asymmetric key based on describes how the [TOE](#abbr_TOE) generates an asymmetric key based on the methods selected from [Table the methods selected from [Table [10]{.counter}](#fcs-ckm-1-ak-sels){.fcs-ckm-1-ak-sels-ref}. The [10]{.counter}](#fcs-ckm-1-ak-sels){.fcs-ckm-1-ak-sels-ref}. The evaluator shall examine the [TSS](#abbr_TSS) to verify that it describes evaluator shall examine the [TSS](#abbr_TSS) to verify that it describes how the [TOE](#abbr_TOE) invokes the methods selected in the how the [TOE](#abbr_TOE) invokes the methods selected in the [ST](#abbr_ST) from the table. The evaluator shall examine the [ST](#abbr_ST) from the table. The evaluator shall examine the [TSS](#abbr_TSS) to verify that it identifies the usage for each row [TSS](#abbr_TSS) to verify that it identifies the usage for each row identifier (key type, key size, and list of standards) selected in the identifier (key type, key size, and list of standards) selected in the [ST](#abbr_ST). [ST](#abbr_ST). ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall verify that the AGD guidance instructs the The evaluator shall verify that the AGD guidance instructs the administrator how to configure the [TOE](#abbr_TOE) to use the selected administrator how to configure the [TOE](#abbr_TOE) to use the selected key types for all uses identified in the [ST](#abbr_ST). key types for all uses identified in the [ST](#abbr_ST). ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: If the [TOE](#abbr_TOE) uses the generated key in a key chain/hierarchy, If the [TOE](#abbr_TOE) uses the generated key in a key chain/hierarchy, then the evaluator shall confirm that the KMD describes: then the evaluator shall confirm that the KMD describes: - If \"*RSA*\" is selected, then the KMD describes which methods for - If \"*RSA*\" is selected, then the KMD describes which methods for generating p and q are used generating p and q are used - How the key is used as part of the key chain/hierarchy. - How the key is used as part of the key chain/hierarchy. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The following tests require the developer to provide access to a test The following tests require the developer to provide access to a test platform that provides the evaluator with tools that are typically not platform that provides the evaluator with tools that are typically not found on factory products. found on factory products. \ \ **RSA: RSA Key Generation** **RSA: RSA Key Generation** The below tests are derived from The 186-4 RSA Validation System The below tests are derived from The 186-4 RSA Validation System (RSA2VS), Updated 8 July 2014, Section 6.2, from the National Institute (RSA2VS), Updated 8 July 2014, Section 6.2, from the National Institute of Standards and Technology. of Standards and Technology. The evaluator shall verify the implementation of RSA Key Generation by The evaluator shall verify the implementation of RSA Key Generation by the [TOE](#abbr_TOE) using the Key Generation test. This test verifies the [TOE](#abbr_TOE) using the Key Generation test. This test verifies the ability of the [TSF](#abbr_TSF) to correctly produce values for the the ability of the [TSF](#abbr_TSF) to correctly produce values for the key components including the public verification exponent e, the private key components including the public verification exponent e, the private prime factors p and q, the public modulus n and the calculation of the prime factors p and q, the public modulus n and the calculation of the private signature exponent d. private signature exponent d. [FIPS](#abbr_FIPS) PUB 186-4 Key Pair generation specifies 5 methods for [FIPS](#abbr_FIPS) PUB 186-4 Key Pair generation specifies 5 methods for generating the primes p and q. generating the primes p and q. These are: These are: 1. Random Primes: 1. Random Primes: - Provable primes - Provable primes - Probable primes - Probable primes 2. Primes with Conditions: 2. Primes with Conditions: - Primes p1, p2, q1, q2, p and q shall all be provable primes. - Primes p1, p2, q1, q2, p and q shall all be provable primes. - Primes p1, p2, q1, and q2 shall be provable primes and p and q - Primes p1, p2, q1, and q2 shall be provable primes and p and q shall be probable primes shall be probable primes - Primes p1, p2, q1, q2, p and q shall all be probable primes. - Primes p1, p2, q1, q2, p and q shall all be probable primes. To test the key generation method for the Random Provable primes method To test the key generation method for the Random Provable primes method and for all the Primes with Conditions methods, the evaluator must seed and for all the Primes with Conditions methods, the evaluator must seed the [TSF](#abbr_TSF) key generation routine with sufficient data to the [TSF](#abbr_TSF) key generation routine with sufficient data to deterministically generate the RSA key pair. deterministically generate the RSA key pair. For each key length supported, the evaluator shall have the For each key length supported, the evaluator shall have the [TSF](#abbr_TSF) generate 25 key pairs. The evaluator shall verify the [TSF](#abbr_TSF) generate 25 key pairs. The evaluator shall verify the correctness of the [TSF](#abbr_TSF)'s implementation by comparing values correctness of the [TSF](#abbr_TSF)'s implementation by comparing values generated by the [TSF](#abbr_TSF) with those generated by a known good generated by the [TSF](#abbr_TSF) with those generated by a known good implementation using the same input parameters. implementation using the same input parameters. If the [TOE](#abbr_TOE) generates Random Probable Primes, then if If the [TOE](#abbr_TOE) generates Random Probable Primes, then if possible, the Random Probable primes method should also be verified possible, the Random Probable primes method should also be verified against a known good implementation as described above. If verification against a known good implementation as described above. If verification against a known good implementation is not possible, the evaluator shall against a known good implementation is not possible, the evaluator shall have the [TSF](#abbr_TSF) generate 25 key pairs for each supported key have the [TSF](#abbr_TSF) generate 25 key pairs for each supported key length nlen and verify that all of the following are true: length nlen and verify that all of the following are true: - n = p\*q - n = p\*q - p and q are probably prime according to Miller-Rabin tests with - p and q are probably prime according to Miller-Rabin tests with error probability \<2\^(-125) error probability \<2\^(-125) - 2\^16 \< e \< 2\^256 and e is an odd integer - 2\^16 \< e \< 2\^256 and e is an odd integer - GCD(p-1,e) = 1 - GCD(p-1,e) = 1 - GCD(q-1,e) = 1 - GCD(q-1,e) = 1 - \|p-q\| \> 2\^(nlen/2 - 100) - \|p-q\| \> 2\^(nlen/2 - 100) - p \>= squareroot(2)\*( 2\^(nlen/2 -1) ) - p \>= squareroot(2)\*( 2\^(nlen/2 -1) ) - q \>= squareroot(2)\*( 2\^(nlen/2 -1) ) - q \>= squareroot(2)\*( 2\^(nlen/2 -1) ) - 2\^(nlen/2) \< d \< LCM(p-1,q-1) - 2\^(nlen/2) \< d \< LCM(p-1,q-1) - e\*d = 1 mod LCM(p-1,q-1) - e\*d = 1 mod LCM(p-1,q-1) \ \ **ECC-N & ECC-B: ECC Key Generation with [NIST](#abbr_NIST) and **ECC-N & ECC-B: ECC Key Generation with [NIST](#abbr_NIST) and Brainpool Curves** Brainpool Curves** These tests are derived from The [FIPS](#abbr_FIPS) 186-4 Elliptic Curve These tests are derived from The [FIPS](#abbr_FIPS) 186-4 Elliptic Curve Digital Signature Algorithm Validation System (ECDSA2VS), Updated 18 Mar Digital Signature Algorithm Validation System (ECDSA2VS), Updated 18 Mar 2014, Section 6. 2014, Section 6. **ECC Key Generation Test**\ **ECC Key Generation Test**\ For each selected curve, and for each key pair generation method as For each selected curve, and for each key pair generation method as described in [FIPS](#abbr_FIPS) PUB 186-4, section B.4, the evaluator described in [FIPS](#abbr_FIPS) PUB 186-4, section B.4, the evaluator shall require the implementation under test to generate 10 shall require the implementation under test to generate 10 private/public key pairs (d, Q). The private key, d, shall be generated private/public key pairs (d, Q). The private key, d, shall be generated using a random bit generator as specified in using a random bit generator as specified in [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1). The private key, d, is used to [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1). The private key, d, is used to compute the public key, Q'. The evaluator shall confirm that 0\ [CSP](#abbr_CSP)]{.assignable-content}\]*\]*, - *block erase* - *block erase* \], \], - *that does not employ a wear-leveling algorithm, the destruction - *that does not employ a wear-leveling algorithm, the destruction shall be executed by a \[**selection**:* shall be executed by a \[**selection**:* - *\[**selection**: *single*, *\[**assignment**: | - *\[**selection, choose one of**: *single*, [[ST](#abbr_ST) Author-defined | *\[**assignment**: [[ST](#abbr_ST) Author-defined multi-pass]{.assignable-content}\]*\] overwrite consisting multi-pass]{.assignable-content}\]*\] overwrite consisting of \[**selection**: *zeros*, *ones*, *pseudo-random of \[**selection**: *zeros*, *ones*, *pseudo-random pattern*, *a new value of a key of the same size*, pattern*, *a new value of a key of the same size*, *\[**assignment**: [some value that does not contain any *\[**assignment**: [some value that does not contain any [CSP](#abbr_CSP)]{.assignable-content}\]*\] followed by a [CSP](#abbr_CSP)]{.assignable-content}\]*\] followed by a read-verify. If the read-verification of the overwritten read-verify. If the read-verification of the overwritten data fails, the process shall be repeated again up to data fails, the process shall be repeated again up to \[**assignment**: [number of times to attempt \[**assignment**: [number of times to attempt overwrite]{.assignable-content}\] times, whereupon an error overwrite]{.assignable-content}\] times, whereupon an error is returned*, is returned*, - *block erase* - *block erase* \] \] \] \] that meets the following: \[*no standard*\]. that meets the following: \[*no standard*\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) handles sensitive included in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) handles sensitive cryptographic keys or credentials. In particular, if the cryptographic keys or credentials. In particular, if the [TOE](#abbr_TOE) creates or stores keys, it must be able to destroy [TOE](#abbr_TOE) creates or stores keys, it must be able to destroy them. Specifically, this [SFR](#abbr_SFR) must be included in the them. Specifically, this [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if any of the following SFRs are claimed: [ST](#abbr_ST) if any of the following SFRs are claimed: [FCS\_CKM.1/AK](#FCS_CKM.1/AK), [FCS\_CKM.1/SK](#FCS_CKM.1/SK), [FCS\_CKM.1/AK](#FCS_CKM.1/AK), [FCS\_CKM.1/SK](#FCS_CKM.1/SK), [FCS\_CKM.2](#FCS_CKM.2), [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5), [FCS\_CKM.2](#FCS_CKM.2), [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5), [FCS\_COP.1/KAT](#FCS_COP.1/KAT), [FCS\_STG\_EXT.1](#FCS_STG_EXT.1), or [FCS\_COP.1/KAT](#FCS_COP.1/KAT), [FCS\_STG\_EXT.1](#FCS_STG_EXT.1), or [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1)]{.note} [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1)]{.note} If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then [FCS\_CKM\_EXT.4](#FCS_CKM_EXT.4) must also be claimed. [FCS\_CKM\_EXT.4](#FCS_CKM_EXT.4) must also be claimed. The term "cryptographic keys" in this [SFR](#abbr_SFR) includes the The term "cryptographic keys" in this [SFR](#abbr_SFR) includes the authorization data that is the entry point to a key chain and all other authorization data that is the entry point to a key chain and all other cryptographic keys and keying material (whether in plaintext or cryptographic keys and keying material (whether in plaintext or encrypted form). This [SFR](#abbr_SFR) does not apply to the public encrypted form). This [SFR](#abbr_SFR) does not apply to the public component of asymmetric key pairs, or to keys that are permitted to component of asymmetric key pairs, or to keys that are permitted to remain stored such as device identification keys. remain stored such as device identification keys. In the case of volatile memory, the selection "*removal of all In the case of volatile memory, the selection "*removal of all references to the key directly followed by a request for garbage references to the key directly followed by a request for garbage collection*" is used in a situation where the [TSF](#abbr_TSF) cannot collection*" is used in a situation where the [TSF](#abbr_TSF) cannot address the specific physical memory locations holding the data to be address the specific physical memory locations holding the data to be erased and therefore relies on addressing logical addresses (which frees erased and therefore relies on addressing logical addresses (which frees the relevant physical addresses holding the old data) and then the relevant physical addresses holding the old data) and then requesting the platform to ensure that the data in the physical requesting the platform to ensure that the data in the physical addresses is no longer available for reading (i.e. the "garbage addresses is no longer available for reading (i.e. the "garbage collection" referred to in the [SFR](#abbr_SFR) text). collection" referred to in the [SFR](#abbr_SFR) text). The selection for destruction of data in non-volatile memory includes The selection for destruction of data in non-volatile memory includes block erase as an option, and this option applies only to flash memory. block erase as an option, and this option applies only to flash memory. A block erase does not require a read verify, since the mappings of A block erase does not require a read verify, since the mappings of logical addresses to the erased memory locations are erased as well as logical addresses to the erased memory locations are erased as well as the data itself. the data itself. Some selections allow assignment of "some value that does not contain Some selections allow assignment of "some value that does not contain any [CSP](#abbr_CSP)." This means that the [TOE](#abbr_TOE) uses some any [CSP](#abbr_CSP)." This means that the [TOE](#abbr_TOE) uses some specified data not drawn from an [RBG](#abbr_RBG) meeting FCS\_RBG\_EXT specified data not drawn from an [RBG](#abbr_RBG) meeting FCS\_RBG\_EXT requirements, and not being any of the particular values listed as other requirements, and not being any of the particular values listed as other selection options. The point of the phrase "does not contain any selection options. The point of the phrase "does not contain any sensitive data" is to ensure that the overwritten data is carefully sensitive data" is to ensure that the overwritten data is carefully selected, and not taken from a general pool that might contain current selected, and not taken from a general pool that might contain current or residual data that itself requires confidentiality protection. or residual data that itself requires confidentiality protection. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_CKM.4](#FCS_CKM.4) [FCS\_CKM.4](#FCS_CKM.4) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to ensure it lists all The evaluator shall examine the [TSS](#abbr_TSS) to ensure it lists all relevant keys and keying material (describing the source of the data, relevant keys and keying material (describing the source of the data, all memory types in which the data is stored (covering storage both all memory types in which the data is stored (covering storage both during and outside of a session, and both plaintext and non-plaintext during and outside of a session, and both plaintext and non-plaintext forms of the data)), all relevant destruction situations (including the forms of the data)), all relevant destruction situations (including the point in time at which the destruction occurs; e.g. factory reset or point in time at which the destruction occurs; e.g. factory reset or device wipe function, change of authorization data, change of DEK, device wipe function, change of authorization data, change of DEK, completion of use of an intermediate key) and the destruction method completion of use of an intermediate key) and the destruction method used in each case. The evaluator shall confirm that the description of used in each case. The evaluator shall confirm that the description of the data and storage locations is consistent with the functions carried the data and storage locations is consistent with the functions carried out by the [TOE](#abbr_TOE) (e.g. that all keys in the key chain are out by the [TOE](#abbr_TOE) (e.g. that all keys in the key chain are accounted for). (Where keys are stored encrypted or wrapped under accounted for). (Where keys are stored encrypted or wrapped under another key then this may need to be explained in order to allow the another key then this may need to be explained in order to allow the evaluator to confirm the consistency of the description of keys with the evaluator to confirm the consistency of the description of keys with the [TOE](#abbr_TOE) functions). [TOE](#abbr_TOE) functions). The evaluator shall check that the [TSS](#abbr_TSS) identifies any The evaluator shall check that the [TSS](#abbr_TSS) identifies any configurations or circumstances that may not conform to the key configurations or circumstances that may not conform to the key destruction requirement (see further discussion in the AGD section destruction requirement (see further discussion in the AGD section below). Note that reference may be made to the AGD for description of below). Note that reference may be made to the AGD for description of the detail of such cases where destruction may be prevented or delayed. the detail of such cases where destruction may be prevented or delayed. Where the [ST](#abbr_ST) specifies the use of "a value that does not Where the [ST](#abbr_ST) specifies the use of "a value that does not contain any sensitive data" to overwrite keys, the evaluator shall contain any sensitive data" to overwrite keys, the evaluator shall examine the [TSS](#abbr_TSS) to ensure that it describes how that examine the [TSS](#abbr_TSS) to ensure that it describes how that pattern is obtained and used, and that this justifies the claim that the pattern is obtained and used, and that this justifies the claim that the pattern does not contain any sensitive data. pattern does not contain any sensitive data. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: A [TOE](#abbr_TOE) may be subject to situations that could prevent or A [TOE](#abbr_TOE) may be subject to situations that could prevent or delay data destruction in some cases. The evaluator shall check that the delay data destruction in some cases. The evaluator shall check that the AGD identifies configurations or circumstances that may not strictly AGD identifies configurations or circumstances that may not strictly conform to the key destruction requirement, and that this description is conform to the key destruction requirement, and that this description is consistent with the relevant parts of the [TSS](#abbr_TSS) (and KMD). consistent with the relevant parts of the [TSS](#abbr_TSS) (and KMD). The evaluator shall check that the AGD provides guidance on situations The evaluator shall check that the AGD provides guidance on situations where key destruction may be delayed at the physical layer, identifying where key destruction may be delayed at the physical layer, identifying any additional mitigation actions for the user (e.g. there might be some any additional mitigation actions for the user (e.g. there might be some operation the user can invoke, or the user might be advised to retain operation the user can invoke, or the user might be advised to retain control of the device for some particular time to maximize the control of the device for some particular time to maximize the probability that garbage collection has occurred). probability that garbage collection has occurred). For example, when the [TOE](#abbr_TOE) does not have full access to the For example, when the [TOE](#abbr_TOE) does not have full access to the physical memory, it is possible that the storage may implement physical memory, it is possible that the storage may implement wear-leveling and garbage collection. This may result in additional wear-leveling and garbage collection. This may result in additional copies of the data that are logically inaccessible but persist copies of the data that are logically inaccessible but persist physically. Where available, the [TOE](#abbr_TOE) might then describe physically. Where available, the [TOE](#abbr_TOE) might then describe use of the TRIM command and garbage collection to destroy these use of the TRIM command and garbage collection to destroy these persistent copies upon their deletion (this would be explained in persistent copies upon their deletion (this would be explained in [TSS](#abbr_TSS) and AGD). [TSS](#abbr_TSS) and AGD). Where TRIM is used then the [TSS](#abbr_TSS) or AGD is also expected to Where TRIM is used then the [TSS](#abbr_TSS) or AGD is also expected to describe how the keys are stored such that they are not inaccessible to describe how the keys are stored such that they are not inaccessible to TRIM, (e.g. they would need not to be contained in a file less than 982 TRIM, (e.g. they would need not to be contained in a file less than 982 bytes which would be completely contained in the master file table. bytes which would be completely contained in the master file table. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: The evaluator shall examine the KMD to verify that it identifies and The evaluator shall examine the KMD to verify that it identifies and describes the interfaces that are used to service commands to read/write describes the interfaces that are used to service commands to read/write memory. The evaluator shall examine the interface description for each memory. The evaluator shall examine the interface description for each different media type to ensure that the interface supports the different media type to ensure that the interface supports the selections made by the [ST](#abbr_ST) Author. selections made by the [ST](#abbr_ST) Author. The evaluator shall examine the KMD to ensure that all keys and keying The evaluator shall examine the KMD to ensure that all keys and keying material identified in the [TSS](#abbr_TSS) and KMD have been accounted material identified in the [TSS](#abbr_TSS) and KMD have been accounted for. for. Note that where selections include \"*destruction of reference to the Note that where selections include \"*destruction of reference to the key directly followed by a request for garbage collection*\" (for key directly followed by a request for garbage collection*\" (for volatile memory) then the evaluator shall examine the KMD to ensure that volatile memory) then the evaluator shall examine the KMD to ensure that it explains the nature of the destruction of the reference, the request it explains the nature of the destruction of the reference, the request for garbage collection, and of the garbage collection process itself. for garbage collection, and of the garbage collection process itself. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The following tests require the developer to provide access to a test The following tests require the developer to provide access to a test platform that provides the evaluator with tools that are typically not platform that provides the evaluator with tools that are typically not found on factory products. found on factory products. The evaluator shall perform the following tests: The evaluator shall perform the following tests: - **Test 1:** Applied to each key or keying material held as plaintext - **Test 1:** Applied to each key or keying material held as plaintext in volatile memory and subject to destruction by overwrite by the in volatile memory and subject to destruction by overwrite by the [TOE](#abbr_TOE) (whether or not the plaintext value is subsequently [TOE](#abbr_TOE) (whether or not the plaintext value is subsequently encrypted for storage in volatile or non-volatile memory). encrypted for storage in volatile or non-volatile memory). The evaluator shall: The evaluator shall: 1. Record the value of the key or keying material. 1. Record the value of the key or keying material. 2. Cause the [TOE](#abbr_TOE) to dump the SDO/SDE memory of the 2. Cause the [TOE](#abbr_TOE) to dump the SDO/SDE memory of the [TOE](#abbr_TOE) into a binary file. [TOE](#abbr_TOE) into a binary file. 3. Search the content of the binary file created in Step \#2 to 3. Search the content of the binary file created in Step \#2 to locate all instances of the known key value from Step \#1. locate all instances of the known key value from Step \#1. Note that the primary purpose of Step \#3 is to demonstrate that Note that the primary purpose of Step \#3 is to demonstrate that appropriate search commands are being used for Steps \#8 and appropriate search commands are being used for Steps \#8 and \#9. \#9. 4. Cause the [TOE](#abbr_TOE) to perform normal cryptographic 4. Cause the [TOE](#abbr_TOE) to perform normal cryptographic processing with the key from Step \#1. processing with the key from Step \#1. 5. Cause the [TOE](#abbr_TOE) to destroy the key. 5. Cause the [TOE](#abbr_TOE) to destroy the key. 6. Cause the [TOE](#abbr_TOE) to stop execution but not exit. 6. Cause the [TOE](#abbr_TOE) to stop execution but not exit. 7. Cause the [TOE](#abbr_TOE) to dump the SDO/SDE memory of the 7. Cause the [TOE](#abbr_TOE) to dump the SDO/SDE memory of the [TOE](#abbr_TOE) into a binary file. [TOE](#abbr_TOE) into a binary file. 8. Search the content of the binary file created in Step \#7 for 8. Search the content of the binary file created in Step \#7 for instances of the known key value from Step \#1. instances of the known key value from Step \#1. 9. Break the key value from Step \#1 into an evaluator-chosen set 9. Break the key value from Step \#1 into an evaluator-chosen set of fragments and perform a search using each fragment. (Note of fragments and perform a search using each fragment. (Note that the evaluator shall first confirm with the developer how that the evaluator shall first confirm with the developer how the key is normally stored, in order to choose fragment sizes the key is normally stored, in order to choose fragment sizes that are the same or smaller than any fragmentation of the data that are the same or smaller than any fragmentation of the data that may be implemented by the [TOE](#abbr_TOE). The endianness that may be implemented by the [TOE](#abbr_TOE). The endianness or byte-order should also be taken into account in the search.) or byte-order should also be taken into account in the search.) Steps \#1-8 ensure that the complete key does not exist anywhere in Steps \#1-8 ensure that the complete key does not exist anywhere in volatile memory. If a copy is found, then the test fails. volatile memory. If a copy is found, then the test fails. Step \#9 ensures that partial key fragments do not remain in memory. Step \#9 ensures that partial key fragments do not remain in memory. If the evaluator finds a 32-or-greater-consecutive-bit fragment, If the evaluator finds a 32-or-greater-consecutive-bit fragment, then fail immediately. Otherwise, there is a chance that it is not then fail immediately. Otherwise, there is a chance that it is not within the context of a key (e.g., some random bits that happen to within the context of a key (e.g., some random bits that happen to match). If this is the case the test should be repeated with a match). If this is the case the test should be repeated with a different key in Step \#1. If a fragment is also found in this different key in Step \#1. If a fragment is also found in this repeated run, then the test fails unless the developer provides a repeated run, then the test fails unless the developer provides a reasonable explanation for the collision, then the evaluator may reasonable explanation for the collision, then the evaluator may give a pass on this test. give a pass on this test. - **Test 2:** Applied to each key and keying material held in - **Test 2:** Applied to each key and keying material held in non-volatile memory and subject to destruction by overwrite by the non-volatile memory and subject to destruction by overwrite by the [TOE](#abbr_TOE). [TOE](#abbr_TOE). 1. Record the value of the key or keying material. 1. Record the value of the key or keying material. 2. Cause the [TOE](#abbr_TOE) to perform normal cryptographic 2. Cause the [TOE](#abbr_TOE) to perform normal cryptographic processing with the key from Step \#1. processing with the key from Step \#1. 3. Search the non-volatile memory the key was stored in for 3. Search the non-volatile memory the key was stored in for instances of the known key value from Step \#1. instances of the known key value from Step \#1. Note that the primary purpose of Step \#3 is to demonstrate that Note that the primary purpose of Step \#3 is to demonstrate that appropriate search commands are being used for Steps \#5 and appropriate search commands are being used for Steps \#5 and \#6. \#6. 4. Cause the [TOE](#abbr_TOE) to clear the key. 4. Cause the [TOE](#abbr_TOE) to clear the key. 5. Search the non-volatile memory in which the key was stored for 5. Search the non-volatile memory in which the key was stored for instances of the known key value from Step \#1. If a copy is instances of the known key value from Step \#1. If a copy is found, then the test fails. found, then the test fails. 6. Break the key value from Step \#1 into an evaluator-chosen set 6. Break the key value from Step \#1 into an evaluator-chosen set of fragments and perform a search using each fragment. (Note of fragments and perform a search using each fragment. (Note that the evaluator shall first confirm with the developer how that the evaluator shall first confirm with the developer how the key is normally stored, in order to choose fragment sizes the key is normally stored, in order to choose fragment sizes that are the same or smaller than any fragmentation of the data that are the same or smaller than any fragmentation of the data that may be implemented by the [TOE](#abbr_TOE). The endianness that may be implemented by the [TOE](#abbr_TOE). The endianness or byte-order should also be taken into account in the search). or byte-order should also be taken into account in the search). Step \#6 ensures that partial key fragments do not remain in Step \#6 ensures that partial key fragments do not remain in non-volatile memory. If the evaluator finds a non-volatile memory. If the evaluator finds a 32-or-greater-consecutive-bit fragment, then fail immediately. 32-or-greater-consecutive-bit fragment, then fail immediately. Otherwise, there is a chance that it is not within the context of a Otherwise, there is a chance that it is not within the context of a key (e.g., some random bits that happen to match). If this is the key (e.g., some random bits that happen to match). If this is the case the test should be repeated with a different key in Step \#1. case the test should be repeated with a different key in Step \#1. If a fragment is also found in this repeated run, then the test If a fragment is also found in this repeated run, then the test fails unless the developer provides a reasonable explanation for the fails unless the developer provides a reasonable explanation for the collision, then the evaluator may give a pass on this test. collision, then the evaluator may give a pass on this test. - **Test 3:** Applied to each key and keying material held in - **Test 3:** Applied to each key and keying material held in non-volatile memory and subject to destruction by overwrite by the non-volatile memory and subject to destruction by overwrite by the [TOE](#abbr_TOE). [TOE](#abbr_TOE). 1. Record memory of the key or keying material. 1. Record memory of the key or keying material. 2. Cause the [TOE](#abbr_TOE) to perform normal cryptographic 2. Cause the [TOE](#abbr_TOE) to perform normal cryptographic processing with the key from Step \#1. processing with the key from Step \#1. 3. Cause the [TOE](#abbr_TOE) to clear the key. Record the value to 3. Cause the [TOE](#abbr_TOE) to clear the key. Record the value to be used for the overwrite of the key. be used for the overwrite of the key. 4. Examine the memory from Step \#1 to ensure the appropriate 4. Examine the memory from Step \#1 to ensure the appropriate pattern (recorded in Step \#3) is used. pattern (recorded in Step \#3) is used. The test succeeds if correct pattern is found in the memory The test succeeds if correct pattern is found in the memory location. If the pattern is not found, then the test fails. location. If the pattern is not found, then the test fails. ::: ::: ::: ::: ::: ::: ::: {#FCS_CKM_EXT.4 .comp} ::: {#FCS_CKM_EXT.4 .comp} #### FCS\_CKM\_EXT.4 Cryptographic Key and Key Material Destruction Timing #### FCS\_CKM\_EXT.4 Cryptographic Key and Key Material Destruction Timing ::: {.statustag} ::: {.statustag} ***This component must be included in the [ST](#abbr_ST) if any of the ***This component must be included in the [ST](#abbr_ST) if any of the following SFRs are included:***\ following SFRs are included:***\ - ***[FCS\_CKM.4](#FCS_CKM.4)*** - ***[FCS\_CKM.4](#FCS_CKM.4)*** ::: ::: ::: {.element} ::: {.element} ::: {#FCS_CKM_EXT.4.1 .reqid} ::: {#FCS_CKM_EXT.4.1 .reqid} [FCS\_CKM\_EXT.4.1](#FCS_CKM_EXT.4.1){.abbr} [FCS\_CKM\_EXT.4.1](#FCS_CKM_EXT.4.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall destroy all keys and keying material when no The [TSF](#abbr_TSF) shall destroy all keys and keying material when no longer needed. longer needed. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if [FCS\_CKM.4](#FCS_CKM.4) is included in the [ST](#abbr_ST) if [FCS\_CKM.4](#FCS_CKM.4) is claimed.]{.note} claimed.]{.note} The [TOE](#abbr_TOE) must have mechanisms to destroy keys and key The [TOE](#abbr_TOE) must have mechanisms to destroy keys and key material in persistent storage using an approved method as specified in material in persistent storage using an approved method as specified in [FCS\_CKM.4](#FCS_CKM.4). Examples of keys and key material include [FCS\_CKM.4](#FCS_CKM.4). Examples of keys and key material include intermediate keys, encryption keys, signing keys, verification keys, intermediate keys, encryption keys, signing keys, verification keys, authentication tokens, and submasks. authentication tokens, and submasks. The [TOE](#abbr_TOE) will have mechanisms to destroy keys and key The [TOE](#abbr_TOE) will have mechanisms to destroy keys and key material when the keys and key material is no longer needed. Based on material when the keys and key material is no longer needed. Based on their implementations, vendors will explain when certain keys are no their implementations, vendors will explain when certain keys are no longer needed. longer needed. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_CKM\_EXT.4](#FCS_CKM_EXT.4) [FCS\_CKM\_EXT.4](#FCS_CKM_EXT.4) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall verify the [TSS](#abbr_TSS) provides a high-level The evaluator shall verify the [TSS](#abbr_TSS) provides a high-level description of what it means for keys and key material to be no longer description of what it means for keys and key material to be no longer needed and when this data should be expected to be destroyed. needed and when this data should be expected to be destroyed. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: The evaluator shall verify that the KMD includes a description of the The evaluator shall verify that the KMD includes a description of the areas where keys and key material reside and when this material is no areas where keys and key material reside and when this material is no longer needed. longer needed. The evaluator shall verify that the KMD includes a key lifecycle that The evaluator shall verify that the KMD includes a key lifecycle that includes a description where key materials reside, how the key materials includes a description where key materials reside, how the key materials are used, how it is determined that keys and key material are no longer are used, how it is determined that keys and key material are no longer needed, and how the material is destroyed once it is no longer needed. needed, and how the material is destroyed once it is no longer needed. The evaluator shall also verify that all key destruction operations are The evaluator shall also verify that all key destruction operations are performed in a manner specified by [FCS\_CKM.4](#FCS_CKM.4). performed in a manner specified by [FCS\_CKM.4](#FCS_CKM.4). ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: There are no test evaluation activities for this component. There are no test evaluation activities for this component. ::: ::: ::: ::: ::: ::: ::: {#FCS_COP.1/Hash .comp} ::: {#FCS_COP.1/Hash .comp} #### FCS\_COP.1/Hash Cryptographic Operation (Hashing) #### FCS\_COP.1/Hash Cryptographic Operation (Hashing) ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FCS\_CKM\_EXT.5.1](#FCS_CKM_EXT.5.1), selection in [FCS\_CKM\_EXT.5.1](#FCS_CKM_EXT.5.1), [FCS\_RBG\_EXT.1.1](#FCS_RBG_EXT.1.1), [FCS\_RBG\_EXT.1.1](#FCS_RBG_EXT.1.1), [FDP\_ITC\_EXT.1.2](#FDP_ITC_EXT.1.2), [FDP\_ITC\_EXT.1.2](#FDP_ITC_EXT.1.2), [FPT\_ROT\_EXT.2.1](#FPT_ROT_EXT.2.1), [FPT\_ROT\_EXT.2.1](#FPT_ROT_EXT.2.1), [FPT\_TUD\_EXT.2.1](#FPT_TUD_EXT.2.1).*** [FPT\_TUD\_EXT.2.1](#FPT_TUD_EXT.2.1).*** ***This component must be included in the [ST](#abbr_ST) if any of the ***This component must be included in the [ST](#abbr_ST) if any of the following SFRs are included:***\ following SFRs are included:***\ - ***[FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash)*** - ***[FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash)*** - ***[FCS\_COP.1/SigGen](#FCS_COP.1/SigGen)*** - ***[FCS\_COP.1/SigGen](#FCS_COP.1/SigGen)*** - ***[FCS\_COP.1/SigVer](#FCS_COP.1/SigVer)*** - ***[FCS\_COP.1/SigVer](#FCS_COP.1/SigVer)*** ***This component may also be included in the [ST](#abbr_ST) as if ***This component may also be included in the [ST](#abbr_ST) as if optional.*** optional.*** ::: ::: ::: {.element} ::: {.element} ::: {#FCS_COP.1.1/Hash .reqid} ::: {#FCS_COP.1.1/Hash .reqid} [FCS\_COP.1.1/Hash](#FCS_COP.1.1/Hash){.abbr} [FCS\_COP.1.1/Hash](#FCS_COP.1.1/Hash){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall perform \[*cryptographic hashing*\] in The [TSF](#abbr_TSF) shall perform \[*cryptographic hashing*\] in accordance with a specified cryptographic algorithm \[**selection**: accordance with a specified cryptographic algorithm \[**selection**: *[SHA](#abbr_SHA)-1*, *[SHA](#abbr_SHA)-256*, *[SHA](#abbr_SHA)-384*, *[SHA](#abbr_SHA)-1*, *[SHA](#abbr_SHA)-256*, *[SHA](#abbr_SHA)-384*, *[SHA](#abbr_SHA)-512*, *[SHA](#abbr_SHA)-512/224*, *[SHA](#abbr_SHA)-512*, *[SHA](#abbr_SHA)-512/224*, *[SHA](#abbr_SHA)-512/256*, *[SHA](#abbr_SHA)-3-224*, *[SHA](#abbr_SHA)-512/256*, *[SHA](#abbr_SHA)-3-224*, *[SHA](#abbr_SHA)-3-256*, *[SHA](#abbr_SHA)-3-384*, *[SHA](#abbr_SHA)-3-256*, *[SHA](#abbr_SHA)-3-384*, *[SHA](#abbr_SHA)-3-512*\] that meet the following: \[**selection**: *[SHA](#abbr_SHA)-3-512*\] that meet the following: \[**selection**: *[ISO](#abbr_ISO)/[IEC](#abbr_IEC) 10118-3:2018*, *[FIPS](#abbr_FIPS) *[ISO](#abbr_ISO)/[IEC](#abbr_IEC) 10118-3:2018*, *[FIPS](#abbr_FIPS) PUB 180-4 (SHA1/2)*, *[FIPS](#abbr_FIPS) PUB 202 (SHA3)*\]. PUB 180-4 (SHA1/2)*, *[FIPS](#abbr_FIPS) PUB 202 (SHA3)*\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if it is a service provided by the included in the [ST](#abbr_ST) if it is a service provided by the [TOE](#abbr_TOE) to tenant software, or if it is used by the [TOE](#abbr_TOE) to tenant software, or if it is used by the [TOE](#abbr_TOE) itself to support or implement [PP](#abbr_PP)-specified [TOE](#abbr_TOE) itself to support or implement [PP](#abbr_PP)-specified security functionality.]{.note} security functionality.]{.note} Also, this [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if Also, this [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash), [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash), [FCS\_COP.1/SigGen](#FCS_COP.1/SigGen), or [FCS\_COP.1/SigGen](#FCS_COP.1/SigGen), or [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) are claimed. [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) are claimed. It must be included in the [ST](#abbr_ST) if \"*hash value of the public It must be included in the [ST](#abbr_ST) if \"*hash value of the public key*\" is selected in [FPT\_TUD\_EXT.2.1](#FPT_TUD_EXT.2.1). key*\" is selected in [FPT\_TUD\_EXT.2.1](#FPT_TUD_EXT.2.1). It must be included in the [ST](#abbr_ST) if \"*[KDF](#abbr_KDF)-HASH*\" It must be included in the [ST](#abbr_ST) if \"*[KDF](#abbr_KDF)-HASH*\" or \"*[KDF](#abbr_KDF)-MAC*\" or one of the [SHA](#abbr_SHA) hashes is or \"*[KDF](#abbr_KDF)-MAC*\" or one of the [SHA](#abbr_SHA) hashes is selected within \"*[KDF](#abbr_KDF)-XOR*\" in selected within \"*[KDF](#abbr_KDF)-XOR*\" in [FCS\_CKM\_EXT.5.1](#FCS_CKM_EXT.5.1). [FCS\_CKM\_EXT.5.1](#FCS_CKM_EXT.5.1). It must be included in the [ST](#abbr_ST) if \"*Hash\_DRBG (any)*\" or It must be included in the [ST](#abbr_ST) if \"*Hash\_DRBG (any)*\" or \"*HMAC\_DRBG (any)*\" is selected in \"*HMAC\_DRBG (any)*\" is selected in [FCS\_RBG\_EXT.1.1](#FCS_RBG_EXT.1.1). [FCS\_RBG\_EXT.1.1](#FCS_RBG_EXT.1.1). It must be included in the [ST](#abbr_ST) if \"*cryptographic hash as It must be included in the [ST](#abbr_ST) if \"*cryptographic hash as specified in [FCS\_COP.1/Hash](#FCS_COP.1/Hash)*\" is selected in specified in [FCS\_COP.1/Hash](#FCS_COP.1/Hash)*\" is selected in [FDP\_ITC\_EXT.1.2](#FDP_ITC_EXT.1.2). [FDP\_ITC\_EXT.1.2](#FDP_ITC_EXT.1.2). It must be included in the [ST](#abbr_ST) if \"*computation and It must be included in the [ST](#abbr_ST) if \"*computation and verification of a hash by trusted code/data*\" is selected in verification of a hash by trusted code/data*\" is selected in [FPT\_ROT\_EXT.2.1](#FPT_ROT_EXT.2.1). [FPT\_ROT\_EXT.2.1](#FPT_ROT_EXT.2.1). The hash selection should be consistent with the overall strength of the The hash selection should be consistent with the overall strength of the algorithm used for signature generation. For example, the [ST](#abbr_ST) algorithm used for signature generation. For example, the [ST](#abbr_ST) Author should choose [SHA](#abbr_SHA)-256 for 2048-bit RSA or ECC with Author should choose [SHA](#abbr_SHA)-256 for 2048-bit RSA or ECC with P-256, [SHA](#abbr_SHA)-384 for 3072-bit RSA, 4096-bit RSA, or ECC with P-256, [SHA](#abbr_SHA)-384 for 3072-bit RSA, 4096-bit RSA, or ECC with P-384, and [SHA](#abbr_SHA)-512 for ECC with P-521. The [ST](#abbr_ST) P-384, and [SHA](#abbr_SHA)-512 for ECC with P-521. The [ST](#abbr_ST) Author selects the standard based on the algorithms selected. Author selects the standard based on the algorithms selected. [SHA](#abbr_SHA)-1 may be used for the following applications: [SHA](#abbr_SHA)-1 may be used for the following applications: generating and verifying hash-based message authentication codes generating and verifying hash-based message authentication codes (HMACs), key derivation functions (KDFs), and random bit/number (HMACs), key derivation functions (KDFs), and random bit/number generation. In certain cases, [SHA](#abbr_SHA)-1 may also be used for generation. In certain cases, [SHA](#abbr_SHA)-1 may also be used for verifying old digital signatures and time stamps, provided that this is verifying old digital signatures and time stamps, provided that this is explicitly allowed by the application domain. explicitly allowed by the application domain. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_COP.1/Hash](#FCS_COP.1/Hash) [FCS\_COP.1/Hash](#FCS_COP.1/Hash) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall check that the association of the hash function with The evaluator shall check that the association of the hash function with other [TSF](#abbr_TSF) cryptographic functions (e.g., the digital other [TSF](#abbr_TSF) cryptographic functions (e.g., the digital signature verification function) is documented in the [TSS](#abbr_TSS). signature verification function) is documented in the [TSS](#abbr_TSS). ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator checks the AGD to determine that any configuration that is The evaluator checks the AGD to determine that any configuration that is required to be done to configure the functionality for the required hash required to be done to configure the functionality for the required hash sizes is present. sizes is present. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: **[[SHA](#abbr_SHA)-1 and [SHA](#abbr_SHA)-2 Tests]{.underline}**\ **[[SHA](#abbr_SHA)-1 and [SHA](#abbr_SHA)-2 Tests]{.underline}**\ The [TSF](#abbr_TSF) hashing functions can be implemented in one of two The [TSF](#abbr_TSF) hashing functions can be implemented in one of two modes. The first mode is the byte-oriented mode. In this mode the modes. The first mode is the byte-oriented mode. In this mode the [TSF](#abbr_TSF) only hashes messages that are an integral number of [TSF](#abbr_TSF) only hashes messages that are an integral number of bytes in length; i.e., the length (in bits) of the message to be hashed bytes in length; i.e., the length (in bits) of the message to be hashed is divisible by 8. The second mode is the bit-oriented mode. In this is divisible by 8. The second mode is the bit-oriented mode. In this mode the [TSF](#abbr_TSF) hashes messages of arbitrary length. As there mode the [TSF](#abbr_TSF) hashes messages of arbitrary length. As there are different tests for each mode, an indication is given in the are different tests for each mode, an indication is given in the following sections for the bit-oriented vs. the byte-oriented test macs. following sections for the bit-oriented vs. the byte-oriented test macs. The evaluator shall perform all of the following tests for each hash The evaluator shall perform all of the following tests for each hash algorithm implemented by the [TSF](#abbr_TSF) and used to satisfy the algorithm implemented by the [TSF](#abbr_TSF) and used to satisfy the requirements of this [PP](#abbr_PP). requirements of this [PP](#abbr_PP). **Assurance Activity Note:**\ **Assurance Activity Note:**\ The following tests require the developer to provide access to a test The following tests require the developer to provide access to a test platform that provides the evaluator with tools that are typically not platform that provides the evaluator with tools that are typically not found on factory products. found on factory products. **Short Messages Test Bit-oriented Mode**\ **Short Messages Test Bit-oriented Mode**\ The evaluator devises an input set consisting of m+1 messages, where m The evaluator devises an input set consisting of m+1 messages, where m is the block length of the hash algorithm. The length of the messages is the block length of the hash algorithm. The length of the messages range sequentially from 0 to m bits. The message text shall be range sequentially from 0 to m bits. The message text shall be pseudo-randomly generated. The evaluator computes the message digest for pseudo-randomly generated. The evaluator computes the message digest for each of the messages and ensure that the correct result is produced when each of the messages and ensure that the correct result is produced when the messages are provided to the [TSF](#abbr_TSF). the messages are provided to the [TSF](#abbr_TSF). **Short Messages Test Byte-oriented Mode**\ **Short Messages Test Byte-oriented Mode**\ The evaluator devises an input set consisting of m/8+1 messages, where m The evaluator devises an input set consisting of m/8+1 messages, where m is the block length of the hash algorithm. The length of the messages is the block length of the hash algorithm. The length of the messages range sequentially from 0 to m/8 bytes, with each message being an range sequentially from 0 to m/8 bytes, with each message being an integral number of bytes. The message text shall be pseudo-randomly integral number of bytes. The message text shall be pseudo-randomly generated. The evaluator computes the message digest for each of the generated. The evaluator computes the message digest for each of the messages and ensure that the correct result is produced when the messages and ensure that the correct result is produced when the messages are provided to the [TSF](#abbr_TSF). messages are provided to the [TSF](#abbr_TSF). **Selected Long Messages Test Bit-oriented Mode**\ **Selected Long Messages Test Bit-oriented Mode**\ The evaluator devises an input set consisting of m messages, where m is The evaluator devises an input set consisting of m messages, where m is the block length of the hash algorithm. The length of the ith message is the block length of the hash algorithm. The length of the ith message is 512 + 99\*i, where 1 \<= i \<= m. The message text shall be 512 + 99\*i, where 1 \<= i \<= m. The message text shall be pseudo-randomly generated. The evaluator computes the message digest for pseudo-randomly generated. The evaluator computes the message digest for each of the messages and ensure that the correct result is produced when each of the messages and ensure that the correct result is produced when the messages are provided to the [TSF](#abbr_TSF). the messages are provided to the [TSF](#abbr_TSF). **Selected Long Messages Test Byte-oriented Mode**\ **Selected Long Messages Test Byte-oriented Mode**\ The evaluator devises an input set consisting of m/8 messages, where m The evaluator devises an input set consisting of m/8 messages, where m is the block length of the hash algorithm. The length of the ith message is the block length of the hash algorithm. The length of the ith message is 512 + 8\*99\*i, where 1 \<= i \<= m/8. The message text shall be is 512 + 8\*99\*i, where 1 \<= i \<= m/8. The message text shall be pseudo-randomly generated. The evaluator computes the message digest for pseudo-randomly generated. The evaluator computes the message digest for each of the messages and ensure that the correct result is produced when each of the messages and ensure that the correct result is produced when the messages are provided to the [TSF](#abbr_TSF). the messages are provided to the [TSF](#abbr_TSF). **Pseudo-randomly Generated Messages Test**\ **Pseudo-randomly Generated Messages Test**\ This test is for byte-oriented implementations only. The evaluator This test is for byte-oriented implementations only. The evaluator randomly generates a seed that is n bits long, where n is the length of randomly generates a seed that is n bits long, where n is the length of the message digest produced by the hash function to be tested. The the message digest produced by the hash function to be tested. The evaluator then formulates a set of 100 messages and associated digests evaluator then formulates a set of 100 messages and associated digests by following the algorithm provided in Figure 1 of \[SHAVS\]. The by following the algorithm provided in Figure 1 of \[SHAVS\]. The evaluator then ensures that the correct result is produced when the evaluator then ensures that the correct result is produced when the messages are provided to the [TSF](#abbr_TSF). messages are provided to the [TSF](#abbr_TSF). **[[SHA](#abbr_SHA)-3 Tests]{.underline}**\ **[[SHA](#abbr_SHA)-3 Tests]{.underline}**\ The tests below are derived from the The Secure Hash Algorithm-3 The tests below are derived from the The Secure Hash Algorithm-3 Validation System (SHA3VS), Updated: April 7, 2016, from the National Validation System (SHA3VS), Updated: April 7, 2016, from the National Institute of Standards and Technology. Institute of Standards and Technology. For each [SHA](#abbr_SHA)-3-XXX implementation, XXX represents d, the For each [SHA](#abbr_SHA)-3-XXX implementation, XXX represents d, the digest length in bits. The capacity, c, is equal to 2d bits. The rate is digest length in bits. The capacity, c, is equal to 2d bits. The rate is equal to 1600-c bits. equal to 1600-c bits. The [TSF](#abbr_TSF) hashing functions can be implemented with one of The [TSF](#abbr_TSF) hashing functions can be implemented with one of two orientations. The first is a bit-oriented mode that hashes messages two orientations. The first is a bit-oriented mode that hashes messages of arbitrary length. The second is a byte-oriented mode that hashes of arbitrary length. The second is a byte-oriented mode that hashes messages that are an integral number of bytes in length (i.e., the messages that are an integral number of bytes in length (i.e., the length (in bits) of the message to be hashed is divisible by 8). length (in bits) of the message to be hashed is divisible by 8). Separate tests for each orientation are given below. Separate tests for each orientation are given below. The evaluator shall perform all of the following tests for each hash The evaluator shall perform all of the following tests for each hash algorithm and orientation implemented by the [TSF](#abbr_TSF) and used algorithm and orientation implemented by the [TSF](#abbr_TSF) and used to satisfy the requirements of this [PP](#abbr_PP). The evaluator shall to satisfy the requirements of this [PP](#abbr_PP). The evaluator shall compare digest values produced by a known-good [SHA](#abbr_SHA)-3 compare digest values produced by a known-good [SHA](#abbr_SHA)-3 implementation against those generated by running the same values implementation against those generated by running the same values through the [TSF](#abbr_TSF). through the [TSF](#abbr_TSF). **Short Messages Test, Bit-oriented Mode**\ **Short Messages Test, Bit-oriented Mode**\ The evaluator devises an input set consisting of rate+1 short messages. The evaluator devises an input set consisting of rate+1 short messages. The length of the messages ranges sequentially from 0 to rate bits. The The length of the messages ranges sequentially from 0 to rate bits. The message text shall be pseudo-randomly generated. The evaluator computes message text shall be pseudo-randomly generated. The evaluator computes the message digest for each of the messages and ensure that the correct the message digest for each of the messages and ensure that the correct result is produced when the messages are provided to the result is produced when the messages are provided to the [TSF](#abbr_TSF). The message of length 0 is omitted if the [TSF](#abbr_TSF). The message of length 0 is omitted if the [TOE](#abbr_TOE) does not support zero-length messages. [TOE](#abbr_TOE) does not support zero-length messages. **Short Messages Test, Byte-oriented Mode**\ **Short Messages Test, Byte-oriented Mode**\ The evaluator devises an input set consisting of rate/8+1 short The evaluator devises an input set consisting of rate/8+1 short messages. The length of the messages ranges sequentially from 0 to messages. The length of the messages ranges sequentially from 0 to rate/8 bytes, with each message being an integral number of bytes. The rate/8 bytes, with each message being an integral number of bytes. The message text shall be pseudo-randomly generated. The evaluator computes message text shall be pseudo-randomly generated. The evaluator computes the message digest for each of the messages and ensure that the correct the message digest for each of the messages and ensure that the correct result is produced when the messages are provided to the result is produced when the messages are provided to the [TSF](#abbr_TSF). The message of length 0 is omitted if the [TSF](#abbr_TSF). The message of length 0 is omitted if the [TOE](#abbr_TOE) does not support zero-length messages.\ [TOE](#abbr_TOE) does not support zero-length messages.\ **Selected Long Messages Test, Bit-oriented Mode**\ **Selected Long Messages Test, Bit-oriented Mode**\ The evaluator devises an input set consisting of 100 long messages The evaluator devises an input set consisting of 100 long messages ranging in size from rate+(rate+1) to rate+(100\*(rate+1)), incrementing ranging in size from rate+(rate+1) to rate+(100\*(rate+1)), incrementing by rate+1. (For example, [SHA](#abbr_SHA)-3-256 has a rate of 1088 bits. by rate+1. (For example, [SHA](#abbr_SHA)-3-256 has a rate of 1088 bits. Therefore, 100 messages will be generated with lengths 2177, 3266, ..., Therefore, 100 messages will be generated with lengths 2177, 3266, ..., 109988 bits.) The message text shall be pseudo-randomly generated. The 109988 bits.) The message text shall be pseudo-randomly generated. The evaluator computes the message digest for each of the messages and evaluator computes the message digest for each of the messages and ensure that the correct result is produced when the messages are ensure that the correct result is produced when the messages are provided to the [TSF](#abbr_TSF). provided to the [TSF](#abbr_TSF). **Selected Long Messages Test, Byte-oriented Mode**\ **Selected Long Messages Test, Byte-oriented Mode**\ The evaluator devises an input set consisting of 100 messages ranging in The evaluator devises an input set consisting of 100 messages ranging in size from (rate+(rate+8)) to (rate+100\*(rate+8)), incrementing by size from (rate+(rate+8)) to (rate+100\*(rate+8)), incrementing by rate+8. (For example, [SHA](#abbr_SHA)-3-256 has a rate of 1088 bits. rate+8. (For example, [SHA](#abbr_SHA)-3-256 has a rate of 1088 bits. Therefore 100 messages will be generated of lengths 2184, 3280, 4376, Therefore 100 messages will be generated of lengths 2184, 3280, 4376, ..., 110688 bits.) The message text shall be pseudo-randomly generated. ..., 110688 bits.) The message text shall be pseudo-randomly generated. The evaluator computes the message digest for each of the messages and The evaluator computes the message digest for each of the messages and ensure that the correct result is produced when the messages are ensure that the correct result is produced when the messages are provided to the [TSF](#abbr_TSF). provided to the [TSF](#abbr_TSF). **Pseudo-randomly Generated Messages Monte Carlo) Test, Byte-oriented **Pseudo-randomly Generated Messages Monte Carlo) Test, Byte-oriented Mode** Mode** The evaluator supplies a seed of d bits (where d is the length of the The evaluator supplies a seed of d bits (where d is the length of the message digest produced by the hash function to be tested. This seed is message digest produced by the hash function to be tested. This seed is used by a pseudorandom function to generate 100,000 message digests. One used by a pseudorandom function to generate 100,000 message digests. One hundred of the digests (every 1000th digest) are recorded as hundred of the digests (every 1000th digest) are recorded as checkpoints. The [TOE](#abbr_TOE) then uses the same procedure to checkpoints. The [TOE](#abbr_TOE) then uses the same procedure to generate the same 100,000 message digests and 100 checkpoint values. The generate the same 100,000 message digests and 100 checkpoint values. The evaluator then compares the results generated ensure that the correct evaluator then compares the results generated ensure that the correct result is produced when the messages are generated by the result is produced when the messages are generated by the [TSF](#abbr_TSF). [TSF](#abbr_TSF). ::: ::: ::: ::: ::: ::: ::: {#FCS_COP.1/KeyedHash .comp} ::: {#FCS_COP.1/KeyedHash .comp} #### FCS\_COP.1/KeyedHash Cryptographic Operation (Keyed Hash) #### FCS\_COP.1/KeyedHash Cryptographic Operation (Keyed Hash) ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FCS\_CKM\_EXT.5.1](#FCS_CKM_EXT.5.1), selection in [FCS\_CKM\_EXT.5.1](#FCS_CKM_EXT.5.1), [FCS\_COP.1.1/KAT](#FCS_COP.1.1/KAT), [FCS\_COP.1.1/KAT](#FCS_COP.1.1/KAT), [FCS\_RBG\_EXT.1.1](#FCS_RBG_EXT.1.1), [FCS\_RBG\_EXT.1.1](#FCS_RBG_EXT.1.1), [FCS\_STG\_EXT.3.1](#FCS_STG_EXT.3.1), [FCS\_STG\_EXT.3.1](#FCS_STG_EXT.3.1), [FDP\_ITC\_EXT.1.2](#FDP_ITC_EXT.1.2).*** [FDP\_ITC\_EXT.1.2](#FDP_ITC_EXT.1.2).*** ***This component must be included in the [ST](#abbr_ST) if any of the ***This component must be included in the [ST](#abbr_ST) if any of the following SFRs are included:***\ following SFRs are included:***\ - ***[FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1)*** - ***[FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1)*** ***This component may also be included in the [ST](#abbr_ST) as if ***This component may also be included in the [ST](#abbr_ST) as if optional.*** optional.*** ::: ::: ::: {.element} ::: {.element} ::: {#FCS_COP.1.1/KeyedHash .reqid} ::: {#FCS_COP.1.1/KeyedHash .reqid} [FCS\_COP.1.1/KeyedHash](#FCS_COP.1.1/KeyedHash){.abbr} [FCS\_COP.1.1/KeyedHash](#FCS_COP.1.1/KeyedHash){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall perform \[*keyed hash message The [TSF](#abbr_TSF) shall perform \[*keyed hash message authentication*\] in accordance with a specified cryptographic algorithm authentication*\] in accordance with a specified cryptographic algorithm \[**selection**: *[HMAC](#abbr_HMAC)-SHA-1*, \[**selection**: *[HMAC](#abbr_HMAC)-SHA-1*, *[HMAC](#abbr_HMAC)-SHA-256*, *[HMAC](#abbr_HMAC)-SHA-384*, *[HMAC](#abbr_HMAC)-SHA-256*, *[HMAC](#abbr_HMAC)-SHA-384*, *[HMAC](#abbr_HMAC)-SHA-512*, *[KMAC](#abbr_KMAC)-128*, *[HMAC](#abbr_HMAC)-SHA-512*, *[KMAC](#abbr_KMAC)-128*, *[KMAC](#abbr_KMAC)-256*\] and cryptographic key sizes \[**assignment**: *[KMAC](#abbr_KMAC)-256*\] and cryptographic key sizes \[**assignment**: [key size (in bits)]{.assignable-content}\] that meet the following: [key size (in bits)]{.assignable-content}\] that meet the following: \[**selection**: *[ISO](#abbr_ISO)/[IEC](#abbr_IEC) 9797-2:2021 sec. 7 \[**selection**: *[ISO](#abbr_ISO)/[IEC](#abbr_IEC) 9797-2:2021 sec. 7 ([HMAC](#abbr_HMAC))*, *[ISO](#abbr_ISO)/[IEC](#abbr_IEC) 9797-2:2021 ([HMAC](#abbr_HMAC))*, *[ISO](#abbr_ISO)/[IEC](#abbr_IEC) 9797-2:2021 sec. 9 ([KMAC](#abbr_KMAC))*, *[FIPS](#abbr_FIPS) PUB 198-1 sec. 9 ([KMAC](#abbr_KMAC))*, *[FIPS](#abbr_FIPS) PUB 198-1 ([HMAC](#abbr_HMAC))*, *[NIST](#abbr_NIST) SP 800-185 sec. 4 ([HMAC](#abbr_HMAC))*, *[NIST](#abbr_NIST) SP 800-185 sec. 4 ([KMAC](#abbr_KMAC))*\]. ([KMAC](#abbr_KMAC))*\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if it is a service provided by the included in the [ST](#abbr_ST) if it is a service provided by the [TOE](#abbr_TOE) to tenant software, or if it is used by the [TOE](#abbr_TOE) to tenant software, or if it is used by the [TOE](#abbr_TOE) itself to support or implement [PP](#abbr_PP)-specified [TOE](#abbr_TOE) itself to support or implement [PP](#abbr_PP)-specified security functionality.]{.note} security functionality.]{.note} This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) is claimed. [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) is claimed. Also, this [SFR](#abbr_SFR) must be claimed under the following Also, this [SFR](#abbr_SFR) must be claimed under the following conditions: conditions: - If \"*[KDF](#abbr_KDF)-MAC*\" or \"*[KDF](#abbr_KDF)-PBKDF*\" is - If \"*[KDF](#abbr_KDF)-MAC*\" or \"*[KDF](#abbr_KDF)-PBKDF*\" is selected in [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5) selected in [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5) - If \"*[KDF](#abbr_KDF)-CTR,*\" \"*[KDF](#abbr_KDF)-FB,*\" - If \"*[KDF](#abbr_KDF)-CTR,*\" \"*[KDF](#abbr_KDF)-FB,*\" \"\"[KDF](#abbr_KDF)-DPI is selected in \"\"[KDF](#abbr_KDF)-DPI is selected in [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5) and [HMAC](#abbr_HMAC) is selected [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5) and [HMAC](#abbr_HMAC) is selected for use by the key derivation algorithm. for use by the key derivation algorithm. - If \"*A keyed hash of the stored key in accordance with - If \"*A keyed hash of the stored key in accordance with [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash)*\" is selected in [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash)*\" is selected in [FCS\_STG\_EXT.3.1](#FCS_STG_EXT.3.1) [FCS\_STG\_EXT.3.1](#FCS_STG_EXT.3.1) - If \"*[ECIES](#abbr_ECIES)*\" is selected in - If \"*[ECIES](#abbr_ECIES)*\" is selected in [FCS\_COP.1/KAT](#FCS_COP.1/KAT) [FCS\_COP.1/KAT](#FCS_COP.1/KAT) - If \"*HMAC\_DRBG (any)*\" is selected in - If \"*HMAC\_DRBG (any)*\" is selected in [FCS\_RBG\_EXT.1.1](#FCS_RBG_EXT.1.1) [FCS\_RBG\_EXT.1.1](#FCS_RBG_EXT.1.1) - If \"*keyed hash as specified in - If \"*keyed hash as specified in [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash)*\" is selected in [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash)*\" is selected in [FDP\_ITC\_EXT.1.2](#FDP_ITC_EXT.1.2) [FDP\_ITC\_EXT.1.2](#FDP_ITC_EXT.1.2) If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then [FCS\_COP.1/Hash](#FCS_COP.1/Hash) must also be claimed. [FCS\_COP.1/Hash](#FCS_COP.1/Hash) must also be claimed. The [HMAC](#abbr_HMAC) key size falls into a range between L1 and L2 The [HMAC](#abbr_HMAC) key size falls into a range between L1 and L2 defined in [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 10118 for the appropriate defined in [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 10118 for the appropriate hash function (e.g., for [SHA](#abbr_SHA)-256 L1 = 512, L2 = 256) where hash function (e.g., for [SHA](#abbr_SHA)-256 L1 = 512, L2 = 256) where L2 ≤ k ≤ L1. L2 ≤ k ≤ L1. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to ensure that it The evaluator shall examine the [TSS](#abbr_TSS) to ensure that it specifies the following values used by the [HMAC](#abbr_HMAC) and specifies the following values used by the [HMAC](#abbr_HMAC) and [KMAC](#abbr_KMAC) functions: output [MAC](#abbr_MAC) length used. [KMAC](#abbr_KMAC) functions: output [MAC](#abbr_MAC) length used. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The following test requires the developer to provide access to a test The following test requires the developer to provide access to a test platform that provides the evaluator with tools that are typically not platform that provides the evaluator with tools that are typically not found on factory products. found on factory products. This test is derived from The Keyed-Hash Message Authentication Code This test is derived from The Keyed-Hash Message Authentication Code Validation System (HMACVS), updated 6 May 2016. Validation System (HMACVS), updated 6 May 2016. The evaluator shall provide 15 sets of messages and keys for each The evaluator shall provide 15 sets of messages and keys for each selected hash algorithm and hash length/key size/[MAC](#abbr_MAC) size selected hash algorithm and hash length/key size/[MAC](#abbr_MAC) size combination. The evaluator shall have the [TSF](#abbr_TSF) generate combination. The evaluator shall have the [TSF](#abbr_TSF) generate [HMAC](#abbr_HMAC) or [KMAC](#abbr_KMAC) tags for these sets of test [HMAC](#abbr_HMAC) or [KMAC](#abbr_KMAC) tags for these sets of test data. The evaluator shall verify that the resulting [HMAC](#abbr_HMAC) data. The evaluator shall verify that the resulting [HMAC](#abbr_HMAC) or [KMAC](#abbr_KMAC) tags match the results from submitting the same or [KMAC](#abbr_KMAC) tags match the results from submitting the same inputs to a known-good implementation of the [HMAC](#abbr_HMAC) or inputs to a known-good implementation of the [HMAC](#abbr_HMAC) or [KMAC](#abbr_KMAC) function, having the same characteristics. [KMAC](#abbr_KMAC) function, having the same characteristics. ::: ::: ::: ::: ::: ::: ::: {#FCS_COP.1/KAT .comp} ::: {#FCS_COP.1/KAT .comp} #### FCS\_COP.1/KAT Cryptographic Operation (Key Agreement/Transport) #### FCS\_COP.1/KAT Cryptographic Operation (Key Agreement/Transport) ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FCS\_CKM.2.1](#FCS_CKM.2.1).*** selection in [FCS\_CKM.2.1](#FCS_CKM.2.1).*** ***This component may also be included in the [ST](#abbr_ST) as if ***This component may also be included in the [ST](#abbr_ST) as if optional.*** optional.*** ::: ::: ::: {.element} ::: {.element} ::: {#FCS_COP.1.1/KAT .reqid} ::: {#FCS_COP.1.1/KAT .reqid} [FCS\_COP.1.1/KAT](#FCS_COP.1.1/KAT){.abbr} [FCS\_COP.1.1/KAT](#FCS_COP.1.1/KAT){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall perform \[*cryptographic key The [TSF](#abbr_TSF) shall perform \[*cryptographic key agreement/transport*\] in accordance with a specified cryptographic agreement/transport*\] in accordance with a specified cryptographic algorithm \[**selection**: [Cryptographic algorithm \[**selection**: [Cryptographic algorithm]{.selection-content}\] and cryptographic key sizes algorithm]{.selection-content}\] and cryptographic key sizes \[**selection**: [Cryptographic key size]{.selection-content}\] that \[**selection**: [Cryptographic key size]{.selection-content}\] that meet the following: \[**selection**: [List of meet the following: \[**selection**: [List of standards]{.selection-content}\] standards]{.selection-content}\] +-----------------------+-----------------------+-----------------------+ +-----------------------+-----------------------+-----------------------+ | Cryptographic | Cryptographic key | List of standards | | Cryptographic | Cryptographic key | List of standards | | algorithm | size | | | algorithm | size | | +=======================+=======================+=======================+ +=======================+=======================+=======================+ | KAS1 (RSA | \[**selection**: | [NIST](#abbr_NIST) SP | | KAS1 (RSA | \[**selection**: | [NIST](#abbr_NIST) SP | | single-party) | *2048*, *3072*, | 800-56B rev2 sec. 8.2 | | single-party) | *2048*, *3072*, | 800-56B rev2 sec. 8.2 | | | *4096*, *6144*, | | | | *4096*, *6144*, | | | | *8192*\] bits | | | | *8192*\] bits | | +-----------------------+-----------------------+-----------------------+ +-----------------------+-----------------------+-----------------------+ | KAS2 (RSA Two-party) | \[**selection**: | [NIST](#abbr_NIST) SP | | KAS2 (RSA Two-party) | \[**selection**: | [NIST](#abbr_NIST) SP | | | *2048*, *3072*, | 800-56B rev2 sec. 8.3 | | | *2048*, *3072*, | 800-56B rev2 sec. 8.3 | | | *4096*, *6144*, | | | | *4096*, *6144*, | | | | *8192*\] bits | | | | *8192*\] bits | | +-----------------------+-----------------------+-----------------------+ +-----------------------+-----------------------+-----------------------+ | KTS-OAEP (RSA) | \[**selection**: | [NIST](#abbr_NIST) SP | | KTS-OAEP (RSA) | \[**selection**: | [NIST](#abbr_NIST) SP | | | *2048*, *3072*, | 800-56B rev2 sec. 9 | | | *2048*, *3072*, | 800-56B rev2 sec. 9 | | | *4096*, *6144*, | | | | *4096*, *6144*, | | | | *8192*\] bits | | | | *8192*\] bits | | +-----------------------+-----------------------+-----------------------+ +-----------------------+-----------------------+-----------------------+ | RSAES-PKCS1-v1\_5 | \[**selection**: | [RFC](#abbr_RFC) 8017 | | RSAES-PKCS1-v1\_5 | \[**selection**: | [RFC](#abbr_RFC) 8017 | | (RSA) | *2048*, *3072*, | sec. 7.2 | | (RSA) | *2048*, *3072*, | sec. 7.2 | | | *4096*, *6144*, | | | | *4096*, *6144*, | | | | *8192*\] bits | | | | *8192*\] bits | | +-----------------------+-----------------------+-----------------------+ +-----------------------+-----------------------+-----------------------+ | ECDH-NIST (ECDH with | \[**selection**: *256 | [NIST](#abbr_NIST) SP | | ECDH-NIST (ECDH with | \[**selection**: *256 | [NIST](#abbr_NIST) SP | | [NIST](#abbr_NIST) | (P-256)*, *384 | 800-56A rev3 | | [NIST](#abbr_NIST) | (P-256)*, *384 | 800-56A rev3 | | curves) | (P-384)*, *512 | | | curves) | (P-384)*, *512 | | | | (P-521)*\] | | | | (P-521)*\] | | +-----------------------+-----------------------+-----------------------+ +-----------------------+-----------------------+-----------------------+ | ECDH-BPC (ECDH with | \[**selection**: *256 | [RFC](#abbr_RFC) 5639 | | ECDH-BPC (ECDH with | \[**selection**: *256 | [RFC](#abbr_RFC) 5639 | | Brainpool curves) | (brainpoolP256r1)*, | sec. 3 | | Brainpool curves) | (brainpoolP256r1)*, | sec. 3 | | | *384 | | | | *384 | | | | (brainpoolP384r1*, | | | | (brainpoolP384r1*, | | | | *512 | | | | *512 | | | | (brainpoolP512r1)*\] | | | | (brainpoolP512r1)*\] | | +-----------------------+-----------------------+-----------------------+ +-----------------------+-----------------------+-----------------------+ | [DH](#abbr_DH) | \[**selection**: | [NIST](#abbr_NIST) SP | | [DH](#abbr_DH) | \[**selection**: | [NIST](#abbr_NIST) SP | | (Diffie-Hellman) | *2048*, *3072*, | 800-56A rev3, | | (Diffie-Hellman) | *2048*, *3072*, | 800-56A rev3, | | | *4096*, *6144*, | \[**selection**: | | | *4096*, *6144*, | \[**selection**: | | | *8192*\] bits | | | | *8192*\] bits | | | | | - *[RFC](#abbr_RFC) | | | | - *[RFC](#abbr_RFC) | | | | 3526 sec. | | | | 3526 sec. | | | | \[**selection**: | | | | \[**selection**: | | | | *3*, *4*, *5*, | | | | *3*, *4*, *5*, | | | | *6*, *7*\]*, | | | | *6*, *7*\]*, | | | | - *[RFC](#abbr_RFC) | | | | - *[RFC](#abbr_RFC) | | | | 7919 App. | | | | 7919 App. | | | | \[**selection**: | | | | \[**selection**: | | | | *A.1*, *A.2*, | | | | *A.1*, *A.2*, | | | | *A.3*, *A.4*, | | | | *A.3*, *A.4*, | | | | *A.5*\]* | | | | *A.5*\]* | | | | | | | | | | | | \] | | | | \] | +-----------------------+-----------------------+-----------------------+ +-----------------------+-----------------------+-----------------------+ | ECDH-25519 (ECDH with | 256 bits | [RFC](#abbr_RFC) 7748 | | ECDH-25519 (ECDH with | 256 bits | [RFC](#abbr_RFC) 7748 | | Curve25519) | | | | Curve25519) | | | +-----------------------+-----------------------+-----------------------+ +-----------------------+-----------------------+-----------------------+ | [ECIES](#abbr_ECIES) | \[**selection**: | \[**selection**: | | [ECIES](#abbr_ECIES) | \[**selection**: | \[**selection**: | | | *256*, *384*, *512*\] | *[ANSI](#abbr_ANSI) | | | *256*, *384*, *512*\] | *[ANSI](#abbr_ANSI) | | | bits | X9.63*, | | | bits | X9.63*, | | | | *[IEEE](#abbr_IEEE) | | | | *[IEEE](#abbr_IEEE) | | | | 1363a*, | | | | 1363a*, | | | | *[ISO](#abbr_ISO)/[IE | | | | *[ISO](#abbr_ISO)/[IE | | | | C](#abbr_IEC) | | | | C](#abbr_IEC) | | | | 18033-2 Part 2*, | | | | 18033-2 Part 2*, | | | | *SECG SEC1 sec. | | | | *SECG SEC1 sec. | | | | 5.1*\] | | | | 5.1*\] | +-----------------------+-----------------------+-----------------------+ +-----------------------+-----------------------+-----------------------+ : [Table [11]{.counter}]{#fcs-ckm-kat-sels .ctr : [Table [11]{.counter}]{#fcs-ckm-kat-sels .ctr data-myid="fcs-ckm-kat-sels" data-counter-type="ct-Table"}: Choices for data-myid="fcs-ckm-kat-sels" data-counter-type="ct-Table"}: Choices for completion of the assignment operations in completion of the assignment operations in [FCS\_COP.1.1/KAT](#FCS_COP.1.1/KAT) [FCS\_COP.1.1/KAT](#FCS_COP.1.1/KAT) ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if key agreement or transport is a included in the [ST](#abbr_ST) if key agreement or transport is a service provided by the [TOE](#abbr_TOE) to tenant software, or if they service provided by the [TOE](#abbr_TOE) to tenant software, or if they are used by the [TOE](#abbr_TOE) itself to support or implement are used by the [TOE](#abbr_TOE) itself to support or implement [PP](#abbr_PP)-specified security functionality.]{.note} [PP](#abbr_PP)-specified security functionality.]{.note} Also, this [SFR](#abbr_SFR) must be included in the [TOE](#abbr_TOE) if Also, this [SFR](#abbr_SFR) must be included in the [TOE](#abbr_TOE) if [FCS\_CKM.2](#FCS_CKM.2) is claimed and a key establishment scheme other [FCS\_CKM.2](#FCS_CKM.2) is claimed and a key establishment scheme other than FFC is selected. than FFC is selected. If \"*[ECIES](#abbr_ECIES)*\" is selected, then If \"*[ECIES](#abbr_ECIES)*\" is selected, then [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) and [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) and [FCS\_COP.1/SKC](#FCS_COP.1/SKC) must be claimed. [FCS\_COP.1/SKC](#FCS_COP.1/SKC) must be claimed. If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then [FCS\_CKM.4](#FCS_CKM.4) must also be claimed. [FCS\_CKM.4](#FCS_CKM.4) must also be claimed. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_COP.1/KAT](#FCS_COP.1/KAT) [FCS\_COP.1/KAT](#FCS_COP.1/KAT) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall ensure that the selected RSA and ECDH key The evaluator shall ensure that the selected RSA and ECDH key agreement/transport schemes correspond to the key generation schemes agreement/transport schemes correspond to the key generation schemes selected in [FCS\_CKM.1/AK](#FCS_CKM.1/AK), and the key establishment selected in [FCS\_CKM.1/AK](#FCS_CKM.1/AK), and the key establishment schemes selected in [FCS\_CKM.2](#FCS_CKM.2) If the [ST](#abbr_ST) schemes selected in [FCS\_CKM.2](#FCS_CKM.2) If the [ST](#abbr_ST) selects [DH](#abbr_DH), the [TSS](#abbr_TSS) shall describe how the selects [DH](#abbr_DH), the [TSS](#abbr_TSS) shall describe how the implementation meets the relevant sections of [RFC](#abbr_RFC) 3526 implementation meets the relevant sections of [RFC](#abbr_RFC) 3526 (Section 3-7) and [RFC](#abbr_RFC) 7919 (Appendices A.1-A.5). If the (Section 3-7) and [RFC](#abbr_RFC) 7919 (Appendices A.1-A.5). If the [ST](#abbr_ST) selects [ECIES](#abbr_ECIES), the [TSS](#abbr_TSS) shall [ST](#abbr_ST) selects [ECIES](#abbr_ECIES), the [TSS](#abbr_TSS) shall describe the key sizes and algorithms (e.g. elliptic curve point describe the key sizes and algorithms (e.g. elliptic curve point multiplication, ECDH with either [NIST](#abbr_NIST) or Brainpool curves, multiplication, ECDH with either [NIST](#abbr_NIST) or Brainpool curves, [AES](#abbr_AES) in a mode permitted by [AES](#abbr_AES) in a mode permitted by [FCS\_COP.1/SKC](#FCS_COP.1/SKC), a [SHA](#abbr_SHA)-2 hash algorithm [FCS\_COP.1/SKC](#FCS_COP.1/SKC), a [SHA](#abbr_SHA)-2 hash algorithm permitted by [FCS\_COP.1/Hash](#FCS_COP.1/Hash), and a [MAC](#abbr_MAC) permitted by [FCS\_COP.1/Hash](#FCS_COP.1/Hash), and a [MAC](#abbr_MAC) algorithm permitted by [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash)) algorithm permitted by [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash)) that are supported for the [ECIES](#abbr_ECIES) implementation. that are supported for the [ECIES](#abbr_ECIES) implementation. The evaluator shall ensure that, for each key agreement/transport The evaluator shall ensure that, for each key agreement/transport scheme, the size of the derived keying material is at least the same as scheme, the size of the derived keying material is at least the same as the intended strength of the key agreement/transport scheme, and where the intended strength of the key agreement/transport scheme, and where feasible this should be twice the intended security strength of the key feasible this should be twice the intended security strength of the key agreement/transport scheme. agreement/transport scheme. Table 2 of [NIST](#abbr_NIST) SP 800-57 identifies the key strengths for Table 2 of [NIST](#abbr_NIST) SP 800-57 identifies the key strengths for the different algorithms that can be used for the various key the different algorithms that can be used for the various key agreement/transport schemes. agreement/transport schemes. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The following tests require the developer to provide access to a test The following tests require the developer to provide access to a test platform that provides the evaluator with tools that are typically not platform that provides the evaluator with tools that are typically not found on factory products. found on factory products. The evaluator shall verify the implementation of the key generation The evaluator shall verify the implementation of the key generation routines of the supported schemes using the following tests: routines of the supported schemes using the following tests: **If ECDH-NIST or ECDH-BPC is claimed:** **If ECDH-NIST or ECDH-BPC is claimed:** **SP 800-56A Key Agreement Schemes** **SP 800-56A Key Agreement Schemes** The evaluator shall verify a [TOE](#abbr_TOE)\'s implementation of SP The evaluator shall verify a [TOE](#abbr_TOE)\'s implementation of SP 800-56A key agreement schemes using the following Function and Validity 800-56A key agreement schemes using the following Function and Validity tests. These validation tests for each key agreement scheme verify that tests. These validation tests for each key agreement scheme verify that a [TOE](#abbr_TOE) has implemented the components of the key agreement a [TOE](#abbr_TOE) has implemented the components of the key agreement scheme according to the specifications in the Recommendation. These scheme according to the specifications in the Recommendation. These components include the calculation of the DLC primitives (the shared components include the calculation of the DLC primitives (the shared secret value Z) and the calculation of the derived keying material (DKM) secret value Z) and the calculation of the derived keying material (DKM) via the Key Derivation Function ([KDF](#abbr_KDF)). If key confirmation via the Key Derivation Function ([KDF](#abbr_KDF)). If key confirmation is supported, the evaluator shall also verify that the components of key is supported, the evaluator shall also verify that the components of key confirmation have been implemented correctly, using the test procedures confirmation have been implemented correctly, using the test procedures described below. This includes the parsing of the DKM, the generation of described below. This includes the parsing of the DKM, the generation of MACdata and the calculation of MACtag. MACdata and the calculation of MACtag. *Function Test* *Function Test* The Function test verifies the ability of the [TOE](#abbr_TOE) to The Function test verifies the ability of the [TOE](#abbr_TOE) to implement the key agreement schemes correctly. To conduct this test the implement the key agreement schemes correctly. To conduct this test the evaluator shall generate or obtain test vectors from a known good evaluator shall generate or obtain test vectors from a known good implementation of the [TOE](#abbr_TOE) supported schemes. For each implementation of the [TOE](#abbr_TOE) supported schemes. For each supported key agreement scheme-key agreement role combination, supported key agreement scheme-key agreement role combination, [KDF](#abbr_KDF) type, and, if supported, key confirmation role-key [KDF](#abbr_KDF) type, and, if supported, key confirmation role-key confirmation type combination, the tester shall generate 10 sets of test confirmation type combination, the tester shall generate 10 sets of test vectors. The data set consists of one set of domain parameter values vectors. The data set consists of one set of domain parameter values (FFC) or the [NIST](#abbr_NIST) approved curve (ECC) per 10 sets of (FFC) or the [NIST](#abbr_NIST) approved curve (ECC) per 10 sets of public keys. These keys are static, ephemeral or both depending on the public keys. These keys are static, ephemeral or both depending on the scheme being tested. scheme being tested. The evaluator shall obtain the DKM, the corresponding [TOE](#abbr_TOE)'s The evaluator shall obtain the DKM, the corresponding [TOE](#abbr_TOE)'s public keys (static or ephemeral), the [MAC](#abbr_MAC) tags, and any public keys (static or ephemeral), the [MAC](#abbr_MAC) tags, and any inputs used in the [KDF](#abbr_KDF), such as the Other Information field inputs used in the [KDF](#abbr_KDF), such as the Other Information field OI and [TOE](#abbr_TOE) id fields. OI and [TOE](#abbr_TOE) id fields. If the [TOE](#abbr_TOE) does not use a [KDF](#abbr_KDF) defined in SP If the [TOE](#abbr_TOE) does not use a [KDF](#abbr_KDF) defined in SP 800-56A, the evaluator shall obtain only the public keys and the hashed 800-56A, the evaluator shall obtain only the public keys and the hashed value of the shared secret. value of the shared secret. The evaluator shall verify the correctness of the [TSF](#abbr_TSF)'s The evaluator shall verify the correctness of the [TSF](#abbr_TSF)'s implementation of a given scheme by using a known good implementation to implementation of a given scheme by using a known good implementation to calculate the shared secret value, derive the keying material DKM, and calculate the shared secret value, derive the keying material DKM, and compare hashes or [MAC](#abbr_MAC) tags generated from these values. compare hashes or [MAC](#abbr_MAC) tags generated from these values. If key confirmation is supported, the [TSF](#abbr_TSF) shall perform the If key confirmation is supported, the [TSF](#abbr_TSF) shall perform the above for each implemented approved [MAC](#abbr_MAC) algorithm. above for each implemented approved [MAC](#abbr_MAC) algorithm. *Validity Test* *Validity Test* The Validity test verifies the ability of the [TOE](#abbr_TOE) to The Validity test verifies the ability of the [TOE](#abbr_TOE) to recognize another party's valid and invalid key agreement results with recognize another party's valid and invalid key agreement results with or without key confirmation. To conduct this test, the evaluator shall or without key confirmation. To conduct this test, the evaluator shall obtain a list of the supporting cryptographic functions included in the obtain a list of the supporting cryptographic functions included in the SP 800-56A key agreement implementation to determine which errors the SP 800-56A key agreement implementation to determine which errors the [TOE](#abbr_TOE) should be able to recognize. The evaluator generates a [TOE](#abbr_TOE) should be able to recognize. The evaluator generates a set of 24 (FFC) or 30 (ECC) test vectors consisting of data sets set of 24 (FFC) or 30 (ECC) test vectors consisting of data sets including domain parameter values or [NIST](#abbr_NIST) approved curves, including domain parameter values or [NIST](#abbr_NIST) approved curves, the evaluator's public keys, the [TOE](#abbr_TOE)'s public/private key the evaluator's public keys, the [TOE](#abbr_TOE)'s public/private key pairs, MACTag, and any inputs used in the [KDF](#abbr_KDF), such as the pairs, MACTag, and any inputs used in the [KDF](#abbr_KDF), such as the other info and [TOE](#abbr_TOE) id fields. other info and [TOE](#abbr_TOE) id fields. The evaluator shall inject an error in some of the test vectors to test The evaluator shall inject an error in some of the test vectors to test that the [TOE](#abbr_TOE) recognizes invalid key agreement results that the [TOE](#abbr_TOE) recognizes invalid key agreement results caused by the following fields being incorrect: the shared secret value caused by the following fields being incorrect: the shared secret value Z, the DKM, the other information field OI, the data to be MACed, or the Z, the DKM, the other information field OI, the data to be MACed, or the generated MACTag. If the [TOE](#abbr_TOE) contains the full or partial generated MACTag. If the [TOE](#abbr_TOE) contains the full or partial (only ECC) public key validation, The evaluator shall also individually (only ECC) public key validation, The evaluator shall also individually inject errors in both parties' static public keys, both parties' inject errors in both parties' static public keys, both parties' ephemeral public keys and the [TOE](#abbr_TOE)'s static private key to ephemeral public keys and the [TOE](#abbr_TOE)'s static private key to assure the [TOE](#abbr_TOE) detects errors in the public key validation assure the [TOE](#abbr_TOE) detects errors in the public key validation function or the partial key validation function (in ECC only). At least function or the partial key validation function (in ECC only). At least two of the test vectors shall remain unmodified and therefore should two of the test vectors shall remain unmodified and therefore should result in valid key agreement results (they should pass). result in valid key agreement results (they should pass). The [TOE](#abbr_TOE) shall use these modified test vectors to emulate The [TOE](#abbr_TOE) shall use these modified test vectors to emulate the key agreement scheme using the corresponding parameters. The the key agreement scheme using the corresponding parameters. The evaluator shall compare the [TOE](#abbr_TOE)'s results with the results evaluator shall compare the [TOE](#abbr_TOE)'s results with the results using a known good implementation verifying that the [TOE](#abbr_TOE) using a known good implementation verifying that the [TOE](#abbr_TOE) detects these errors. detects these errors. **If KAS1, KAS2, KTS-OAEP, or RSAES-PKCS1-v1\_5 is claimed:** **If KAS1, KAS2, KTS-OAEP, or RSAES-PKCS1-v1\_5 is claimed:** **SP 800-56B and [PKCS](#abbr_PKCS)\#1 Key Establishment Schemes** **SP 800-56B and [PKCS](#abbr_PKCS)\#1 Key Establishment Schemes** If the [TOE](#abbr_TOE) acts as a sender, the following evaluation If the [TOE](#abbr_TOE) acts as a sender, the following evaluation activity shall be performed to ensure the proper operation of every activity shall be performed to ensure the proper operation of every [TOE](#abbr_TOE) supported combination of RSA-based key establishment [TOE](#abbr_TOE) supported combination of RSA-based key establishment scheme: scheme: To conduct this test the evaluator shall generate or obtain test vectors To conduct this test the evaluator shall generate or obtain test vectors from a known good implementation of the [TOE](#abbr_TOE) supported from a known good implementation of the [TOE](#abbr_TOE) supported schemes. For each combination of supported key establishment scheme and schemes. For each combination of supported key establishment scheme and its options (with or without key confirmation if supported, for each its options (with or without key confirmation if supported, for each supported key confirmation [MAC](#abbr_MAC) function if key confirmation supported key confirmation [MAC](#abbr_MAC) function if key confirmation is supported, and for each supported mask generation function if is supported, and for each supported mask generation function if KTS-OAEP is supported), the tester shall generate 10 sets of test KTS-OAEP is supported), the tester shall generate 10 sets of test vectors. Each test vector shall include the RSA public key, the vectors. Each test vector shall include the RSA public key, the plaintext keying material, any additional input parameters if plaintext keying material, any additional input parameters if applicable, the MacKey and MacTag if key confirmation is incorporated, applicable, the MacKey and MacTag if key confirmation is incorporated, and the outputted ciphertext. For each test vector, the evaluator shall and the outputted ciphertext. For each test vector, the evaluator shall perform a key establishment encryption operation on the [TOE](#abbr_TOE) perform a key establishment encryption operation on the [TOE](#abbr_TOE) with the same inputs (in cases where key confirmation is incorporated, with the same inputs (in cases where key confirmation is incorporated, the test shall use the MacKey from the test vector instead of the the test shall use the MacKey from the test vector instead of the randomly generated MacKey used in normal operation) and ensure that the randomly generated MacKey used in normal operation) and ensure that the outputted ciphertext is equivalent to the ciphertext in the test vector. outputted ciphertext is equivalent to the ciphertext in the test vector. If the [TOE](#abbr_TOE) acts as a receiver, the following evaluation If the [TOE](#abbr_TOE) acts as a receiver, the following evaluation activities shall be performed to ensure the proper operation of every activities shall be performed to ensure the proper operation of every [TOE](#abbr_TOE) supported combination of RSA-based key establishment [TOE](#abbr_TOE) supported combination of RSA-based key establishment scheme: scheme: To conduct this test the evaluator shall generate or obtain test vectors To conduct this test the evaluator shall generate or obtain test vectors from a known good implementation of the [TOE](#abbr_TOE) supported from a known good implementation of the [TOE](#abbr_TOE) supported schemes. For each combination of supported key establishment scheme and schemes. For each combination of supported key establishment scheme and its options (with our without key confirmation if supported, for each its options (with our without key confirmation if supported, for each supported key confirmation [MAC](#abbr_MAC) function if key confirmation supported key confirmation [MAC](#abbr_MAC) function if key confirmation is supported, and for each supported mask generation function if KTSOAEP is supported, and for each supported mask generation function if KTSOAEP is supported), the tester shall generate 10 sets of test vectors. Each is supported), the tester shall generate 10 sets of test vectors. Each test vector shall include the RSA private key, the plaintext keying test vector shall include the RSA private key, the plaintext keying material (KeyData), any additional input parameters if applicable, the material (KeyData), any additional input parameters if applicable, the MacTag in cases where key confirmation is incorporated, and the MacTag in cases where key confirmation is incorporated, and the outputted ciphertext. For each test vector, the evaluator shall perform outputted ciphertext. For each test vector, the evaluator shall perform the key establishment decryption operation on the [TOE](#abbr_TOE) and the key establishment decryption operation on the [TOE](#abbr_TOE) and ensure that the outputted plaintext keying material (KeyData) is ensure that the outputted plaintext keying material (KeyData) is equivalent to the plain text keying material in the test vector. In equivalent to the plain text keying material in the test vector. In cases where key confirmation is incorporated, the evaluator shall cases where key confirmation is incorporated, the evaluator shall perform the key confirmation steps and ensure that the outputted MacTag perform the key confirmation steps and ensure that the outputted MacTag is equivalent to the MacTag in the test vector. is equivalent to the MacTag in the test vector. The evaluator shall ensure that the [TSS](#abbr_TSS) describes how the The evaluator shall ensure that the [TSS](#abbr_TSS) describes how the [TOE](#abbr_TOE) handles decryption errors. In accordance with [TOE](#abbr_TOE) handles decryption errors. In accordance with [NIST](#abbr_NIST) Special Publication 800-56B, the [TOE](#abbr_TOE) [NIST](#abbr_NIST) Special Publication 800-56B, the [TOE](#abbr_TOE) must not reveal the particular error that occurred, either through the must not reveal the particular error that occurred, either through the contents of any outputted or logged error message or through timing contents of any outputted or logged error message or through timing variations. If KTS-OAEP is supported, the evaluator shall create variations. If KTS-OAEP is supported, the evaluator shall create separate contrived ciphertext values that trigger each of the three separate contrived ciphertext values that trigger each of the three decryption error checks described in [NIST](#abbr_NIST) Special decryption error checks described in [NIST](#abbr_NIST) Special Publication 800-56B section 7.2.2.3, ensure that each decryption attempt Publication 800-56B section 7.2.2.3, ensure that each decryption attempt results in an error, and ensure that any outputted or logged error results in an error, and ensure that any outputted or logged error message is identical for each. message is identical for each. **[DH](#abbr_DH):** **[DH](#abbr_DH):** The evaluator shall verify the correctness of each [TSF](#abbr_TSF) The evaluator shall verify the correctness of each [TSF](#abbr_TSF) implementation of each supported Diffie-Hellman group by comparison with implementation of each supported Diffie-Hellman group by comparison with a known good implementation. a known good implementation. **Curve25519:** **Curve25519:** The evaluator shall verify a [TOE](#abbr_TOE)\'s implementation of the The evaluator shall verify a [TOE](#abbr_TOE)\'s implementation of the key agreement scheme using the following Function and Validity tests. key agreement scheme using the following Function and Validity tests. These validation tests for each key agreement scheme verify that a These validation tests for each key agreement scheme verify that a [TOE](#abbr_TOE) has implemented the components of the key agreement [TOE](#abbr_TOE) has implemented the components of the key agreement scheme according to the specification. These components include the scheme according to the specification. These components include the calculation of the shared secret K and the hash of K. calculation of the shared secret K and the hash of K. **Function Test** **Function Test** The Function test verifies the ability of the [TOE](#abbr_TOE) to The Function test verifies the ability of the [TOE](#abbr_TOE) to implement the key agreement schemes correctly. To conduct this test the implement the key agreement schemes correctly. To conduct this test the evaluator shall generate or obtain test vectors from a known good evaluator shall generate or obtain test vectors from a known good implementation of the [TOE](#abbr_TOE) supported schemes. For each implementation of the [TOE](#abbr_TOE) supported schemes. For each supported key agreement role and hash function combination, the tester supported key agreement role and hash function combination, the tester shall generate 10 sets of public keys. These keys are static, ephemeral shall generate 10 sets of public keys. These keys are static, ephemeral or both depending on the scheme being tested. or both depending on the scheme being tested. The evaluator shall obtain the shared secret value K, and the hash of K. The evaluator shall obtain the shared secret value K, and the hash of K. The evaluator shall verify the correctness of the [TSF](#abbr_TSF)'s The evaluator shall verify the correctness of the [TSF](#abbr_TSF)'s implementation of a given scheme by using a known good implementation to implementation of a given scheme by using a known good implementation to calculate the shared secret value K and compare the hash generated from calculate the shared secret value K and compare the hash generated from this value. this value. **Validity Test** **Validity Test** The Validity test verifies the ability of the [TOE](#abbr_TOE) to The Validity test verifies the ability of the [TOE](#abbr_TOE) to recognize another party's valid and invalid key agreement results. To recognize another party's valid and invalid key agreement results. To conduct this test, the evaluator generates a set of 30 test vectors conduct this test, the evaluator generates a set of 30 test vectors consisting of data sets including the evaluator's public keys and the consisting of data sets including the evaluator's public keys and the [TOE](#abbr_TOE)'s public/private key pairs. [TOE](#abbr_TOE)'s public/private key pairs. The evaluator shall inject an error in some of the test vectors to test The evaluator shall inject an error in some of the test vectors to test that the [TOE](#abbr_TOE) recognizes invalid key agreement results that the [TOE](#abbr_TOE) recognizes invalid key agreement results caused by the following fields being incorrect: the shared secret value caused by the following fields being incorrect: the shared secret value K or the hash of K. At least two of the test vectors shall remain K or the hash of K. At least two of the test vectors shall remain unmodified and therefore should result in valid key agreement results unmodified and therefore should result in valid key agreement results (they should pass). (they should pass). The [TOE](#abbr_TOE) shall use these modified test vectors to emulate The [TOE](#abbr_TOE) shall use these modified test vectors to emulate the key agreement scheme using the corresponding parameters. The the key agreement scheme using the corresponding parameters. The evaluator shall compare the [TOE](#abbr_TOE)'s results with the results evaluator shall compare the [TOE](#abbr_TOE)'s results with the results using a known good implementation verifying that the [TOE](#abbr_TOE) using a known good implementation verifying that the [TOE](#abbr_TOE) detects these errors. detects these errors. **[ECIES](#abbr_ECIES):** **[ECIES](#abbr_ECIES):** The evaluator shall verify the correctness of each [TSF](#abbr_TSF) The evaluator shall verify the correctness of each [TSF](#abbr_TSF) implementation of each supported use of [ECIES](#abbr_ECIES) by implementation of each supported use of [ECIES](#abbr_ECIES) by comparison with a known good implementation. comparison with a known good implementation. ::: ::: ::: ::: ::: ::: ::: {#FCS_COP.1/SigGen .comp} ::: {#FCS_COP.1/SigGen .comp} #### FCS\_COP.1/SigGen Cryptographic Operation (Signature Generation) #### FCS\_COP.1/SigGen Cryptographic Operation (Signature Generation) ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FCS\_STG\_EXT.3.1](#FCS_STG_EXT.3.1).*** selection in [FCS\_STG\_EXT.3.1](#FCS_STG_EXT.3.1).*** ***This component may also be included in the [ST](#abbr_ST) as if ***This component may also be included in the [ST](#abbr_ST) as if optional.*** optional.*** ::: ::: ::: {.element} ::: {.element} ::: {#FCS_COP.1.1/SigGen .reqid} ::: {#FCS_COP.1.1/SigGen .reqid} [FCS\_COP.1.1/SigGen](#FCS_COP.1.1/SigGen){.abbr} [FCS\_COP.1.1/SigGen](#FCS_COP.1.1/SigGen){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall perform **digital signature generation** in The [TSF](#abbr_TSF) shall perform **digital signature generation** in accordance with a specified cryptographic algorithm \[**selection**: accordance with a specified cryptographic algorithm \[**selection**: [Cryptographic algorithm]{.selection-content}\] and cryptographic key [Cryptographic algorithm]{.selection-content}\] and cryptographic key sizes \[**selection**: [Cryptographic key sizes]{.selection-content}\] sizes \[**selection**: [Cryptographic key sizes]{.selection-content}\] that meet the following: \[**selection**: [List of that meet the following: \[**selection**: [List of standards]{.selection-content}\] standards]{.selection-content}\] +-----------------+-----------------+-----------------+-----------------+ +-----------------+-----------------+-----------------+-----------------+ | Identifier | Cryptographic | Cryptographic | List of | | Identifier | Cryptographic | Cryptographic | List of | | | algorithm | key sizes | standards | | | algorithm | key sizes | standards | +=================+=================+=================+=================+ +=================+=================+=================+=================+ | RSASSA-PKCS1 | RSASSA-PKCS1-v1 | \[**selection** | \[**selection** | | RSASSA-PKCS1 | RSASSA-PKCS1-v1 | \[**selection** | \[**selection** | | | \_5 | : | : | | | \_5 | : | : | | | using | *2048 bit*, | *[RFC](#abbr_RF | | | using | *2048 bit*, | *[RFC](#abbr_RF | | | \[**selection** | *3072 bit*\] | C) | | | \[**selection** | *3072 bit*\] | C) | | | : | | 8017*, | | | : | | 8017*, | | | *[SHA](#abbr_SH | | *[PKCS](#abbr_P | | | *[SHA](#abbr_SH | | *[PKCS](#abbr_P | | | A)-256*, | | KCS) | | | A)-256*, | | KCS) | | | *[SHA](#abbr_SH | | \#1 v2.2 (sec. | | | *[SHA](#abbr_SH | | \#1 v2.2 (sec. | | | A)-384*, | | 8.2)*, | | | A)-384*, | | 8.2)*, | | | *[SHA](#abbr_SH | | *[FIPS](#abbr_F | | | *[SHA](#abbr_SH | | *[FIPS](#abbr_F | | | A)-512*, | | IPS) | | | A)-512*, | | IPS) | | | *SHA3-256*, | | PUB 186-4, | | | *SHA3-256*, | | PUB 186-4, | | | *SHA3-384*, | | (sec. | | | *SHA3-384*, | | (sec. | | | *SHA3-512*\] | | 5.5)*\](RSASSA- | | | *SHA3-512*\] | | 5.5)*\](RSASSA- | | | | | PKCS1-v1\_5) | | | | | PKCS1-v1\_5) | | | | | | | | | | | | | | | \[**selection** | | | | | \[**selection** | | | | | : | | | | | : | | | | | *[ISO](#abbr_IS | | | | | *[ISO](#abbr_IS | | | | | O)/[IEC](#abbr_ | | | | | O)/[IEC](#abbr_ | | | | | IEC) | | | | | IEC) | | | | | 10118-3 (cl. | | | | | 10118-3 (cl. | | | | | 10, 11) | | | | | 10, 11) | | | | | \[SHA1/2\]*, | | | | | \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 180-4 (sec. | | | | | PUB 180-4 (sec. | | | | | 6) \[SHA1/2\]*, | | | | | 6) \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 202 | | | | | PUB 202 | | | | | \[SHA3\]*\] | | | | | \[SHA3\]*\] | +-----------------+-----------------+-----------------+-----------------+ +-----------------+-----------------+-----------------+-----------------+ | DSS2 | Digital | \[**selection** | [ISO](#abbr_ISO | | DSS2 | Digital | \[**selection** | [ISO](#abbr_ISO | | | signature | : | )/[IEC](#abbr_I | | | signature | : | )/[IEC](#abbr_I | | | scheme 2 using | *2048 bit*, | EC) | | | scheme 2 using | *2048 bit*, | EC) | | | \[**selection** | *3072 bit*\] | 9796-2 (cl. 9) | | | \[**selection** | *3072 bit*\] | 9796-2 (cl. 9) | | | : | | \[Digital | | | : | | \[Digital | | | *[SHA](#abbr_SH | | signature | | | *[SHA](#abbr_SH | | signature | | | A)-256*, | | scheme 2\] | | | A)-256*, | | scheme 2\] | | | *[SHA](#abbr_SH | | | | | *[SHA](#abbr_SH | | | | | A)-384*, | | \[**selection** | | | A)-384*, | | \[**selection** | | | *[SHA](#abbr_SH | | : | | | *[SHA](#abbr_SH | | : | | | A)-512*, | | *[ISO](#abbr_IS | | | A)-512*, | | *[ISO](#abbr_IS | | | *SHA3-256*, | | O)/[IEC](#abbr_ | | | *SHA3-256*, | | O)/[IEC](#abbr_ | | | *SHA3-384*, | | IEC) | | | *SHA3-384*, | | IEC) | | | *SHA3-512*\] | | 10118-3 (cl. | | | *SHA3-512*\] | | 10118-3 (cl. | | | | | 10, 11) | | | | | 10, 11) | | | | | \[SHA1/2\]*, | | | | | \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 180-4 (sec. | | | | | PUB 180-4 (sec. | | | | | 6) \[SHA1/2\]*, | | | | | 6) \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 202 | | | | | PUB 202 | | | | | \[SHA3\]*\] | | | | | \[SHA3\]*\] | +-----------------+-----------------+-----------------+-----------------+ +-----------------+-----------------+-----------------+-----------------+ | DSS3 | Digital | \[**selection** | [ISO](#abbr_ISO | | DSS3 | Digital | \[**selection** | [ISO](#abbr_ISO | | | signature | : | )/[IEC](#abbr_I | | | signature | : | )/[IEC](#abbr_I | | | scheme 3 using | *2048 bit*, | EC) | | | scheme 3 using | *2048 bit*, | EC) | | | \[**selection** | *3072 bit*\] | 9796-2 (cl. 10) | | | \[**selection** | *3072 bit*\] | 9796-2 (cl. 10) | | | : | | \[Digital | | | : | | \[Digital | | | *[SHA](#abbr_SH | | signature | | | *[SHA](#abbr_SH | | signature | | | A)-256*, | | scheme 3\] | | | A)-256*, | | scheme 3\] | | | *[SHA](#abbr_SH | | | | | *[SHA](#abbr_SH | | | | | A)-384*, | | \[**selection** | | | A)-384*, | | \[**selection** | | | *[SHA](#abbr_SH | | : | | | *[SHA](#abbr_SH | | : | | | A)-512*, | | *[ISO](#abbr_IS | | | A)-512*, | | *[ISO](#abbr_IS | | | *SHA3-256*, | | O)/[IEC](#abbr_ | | | *SHA3-256*, | | O)/[IEC](#abbr_ | | | *SHA3-384*, | | IEC) | | | *SHA3-384*, | | IEC) | | | *SHA3-512*\] | | 10118-3 (cl. | | | *SHA3-512*\] | | 10118-3 (cl. | | | | | 10, 11) | | | | | 10, 11) | | | | | \[SHA1/2\]*, | | | | | \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 180-4 (sec. | | | | | PUB 180-4 (sec. | | | | | 6) \[SHA1/2\]*, | | | | | 6) \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 202 | | | | | PUB 202 | | | | | \[SHA3\]*\] | | | | | \[SHA3\]*\] | +-----------------+-----------------+-----------------+-----------------+ +-----------------+-----------------+-----------------+-----------------+ | RSASSA-PSS | RSASSA-PSS | \[**selection** | [RFC](#abbr_RFC | | RSASSA-PSS | RSASSA-PSS | \[**selection** | [RFC](#abbr_RFC | | | using | : | ) | | | using | : | ) | | | \[**selection** | *2048 bit*, | 8017, | | | \[**selection** | *2048 bit*, | 8017, | | | : | *3072 bit*\] | [PKCS](#abbr_PK | | | : | *3072 bit*\] | [PKCS](#abbr_PK | | | *[SHA](#abbr_SH | | CS)\#1v2.2 | | | *[SHA](#abbr_SH | | CS)\#1v2.2 | | | A)-256*, | | sec. 8.1 | | | A)-256*, | | sec. 8.1 | | | *[SHA](#abbr_SH | | \[RSASSAPSS\] | | | *[SHA](#abbr_SH | | \[RSASSAPSS\] | | | A)-384*, | | | | | A)-384*, | | | | | *[SHA](#abbr_SH | | \[**selection** | | | *[SHA](#abbr_SH | | \[**selection** | | | A)-512*, | | : | | | A)-512*, | | : | | | *SHA3-256*, | | *[ISO](#abbr_IS | | | *SHA3-256*, | | *[ISO](#abbr_IS | | | *SHA3-384*, | | O)/[IEC](#abbr_ | | | *SHA3-384*, | | O)/[IEC](#abbr_ | | | *SHA3-512*\] | | IEC) | | | *SHA3-512*\] | | IEC) | | | | | 10118-3 (cl. | | | | | 10118-3 (cl. | | | | | 10, 11) | | | | | 10, 11) | | | | | \[SHA1/2\]*, | | | | | \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 180-4 (sec. | | | | | PUB 180-4 (sec. | | | | | 6) \[SHA1/2\]*, | | | | | 6) \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 202 | | | | | PUB 202 | | | | | \[SHA3\]*\] | | | | | \[SHA3\]*\] | +-----------------+-----------------+-----------------+-----------------+ +-----------------+-----------------+-----------------+-----------------+ | [ECDSA](#abbr_E | [ECDSA](#abbr_E | \[**selection** | \[**selection** | | [ECDSA](#abbr_E | [ECDSA](#abbr_E | \[**selection** | \[**selection** | | CDSA) | CDSA) | : | : | | CDSA) | CDSA) | : | : | | | on | *2048 bit*, | | | | on | *2048 bit*, | | | | \[**selection** | *3072 bit*\] | - *\[**select | | | \[**selection** | *3072 bit*\] | - *\[**select | | | : | | ion**: | | | : | | ion**: | | | *brainpoolP256r | | *[ISO](#abb | | | *brainpoolP256r | | *[ISO](#abb | | | 1*, | | r_ISO)/[IEC](#a | | | 1*, | | r_ISO)/[IEC](#a | | | *brainpoolP384r | | bbr_IEC) | | | *brainpoolP384r | | bbr_IEC) | | | 1*, | | 14888-3*, | | | 1*, | | 14888-3*, | | | *brainpoolP512r | | *[FIPS](#ab | | | *brainpoolP512r | | *[FIPS](#ab | | | 1*, | | br_FIPS) | | | 1*, | | br_FIPS) | | | *[NIST](#abbr_N | | PUB 186-4 | | | *[NIST](#abbr_N | | PUB 186-4 | | | IST) | | (sec. 6)*\] | | | IST) | | (sec. 6)*\] | | | P-256*, | | (EDCSA)*, | | | P-256*, | | (EDCSA)*, | | | *[NIST](#abbr_N | | - *[RFC](#abb | | | *[NIST](#abbr_N | | - *[RFC](#abb | | | IST) | | r_RFC) | | | IST) | | r_RFC) | | | P-384*, | | 5639 | | | P-384*, | | 5639 | | | *[NIST](#abbr_N | | (sec. 3) | | | *[NIST](#abbr_N | | (sec. 3) | | | IST) | | \[Brainpool | | | IST) | | \[Brainpool | | | P-521*\] using | | Curves\]*, | | | P-521*\] using | | Curves\]*, | | | \[**selection** | | - *[FIPS](#ab | | | \[**selection** | | - *[FIPS](#ab | | | : | | br_FIPS) | | | : | | br_FIPS) | | | *[SHA](#abbr_SH | | PUB 186-4 | | | *[SHA](#abbr_SH | | PUB 186-4 | | | A)-256*, | | (app. | | | A)-256*, | | (app. | | | *[SHA](#abbr_SH | | D.1.2) | | | *[SHA](#abbr_SH | | D.1.2) | | | A)-384*, | | \[[NIST](#a | | | A)-384*, | | \[[NIST](#a | | | *[SHA](#abbr_SH | | bbr_NIST) | | | *[SHA](#abbr_SH | | bbr_NIST) | | | A)-512*, | | Curves\]* | | | A)-512*, | | Curves\]* | | | *SHA3-256*, | | | | | *SHA3-256*, | | | | | *SHA3-384*, | | \] | | | *SHA3-384*, | | \] | | | *SHA3-512*\] | | | | | *SHA3-512*\] | | | | | | | \[**selection** | | | | | \[**selection** | | | | | : | | | | | : | | | | | *[ISO](#abbr_IS | | | | | *[ISO](#abbr_IS | | | | | O)/[IEC](#abbr_ | | | | | O)/[IEC](#abbr_ | | | | | IEC) | | | | | IEC) | | | | | 10118-3 (cl. | | | | | 10118-3 (cl. | | | | | 10, 11) | | | | | 10, 11) | | | | | \[SHA1/2\]*, | | | | | \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 180-4 (sec. | | | | | PUB 180-4 (sec. | | | | | 6) \[SHA1/2\]*, | | | | | 6) \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 202 | | | | | PUB 202 | | | | | \[SHA3\]*\] | | | | | \[SHA3\]*\] | +-----------------+-----------------+-----------------+-----------------+ +-----------------+-----------------+-----------------+-----------------+ : [Table [12]{.counter}]{#tab-fcs-cop-siggen-sels .ctr : [Table [12]{.counter}]{#tab-fcs-cop-siggen-sels .ctr data-myid="tab-fcs-cop-siggen-sels" data-counter-type="ct-Table"}: data-myid="tab-fcs-cop-siggen-sels" data-counter-type="ct-Table"}: Choices for completion of the assignments in Choices for completion of the assignments in [FCS\_COP.1.1/SigGen](#FCS_COP.1.1/SigGen). [FCS\_COP.1.1/SigGen](#FCS_COP.1.1/SigGen). ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if digital signature generation is a included in the [ST](#abbr_ST) if digital signature generation is a service provided by the [TOE](#abbr_TOE) to tenant software, or if service provided by the [TOE](#abbr_TOE) to tenant software, or if digital signature generation is used by the [TOE](#abbr_TOE) itself to digital signature generation is used by the [TOE](#abbr_TOE) itself to support or implement [PP](#abbr_PP)-specified security support or implement [PP](#abbr_PP)-specified security functionality.]{.note} functionality.]{.note} Specifically, this [SFR](#abbr_SFR) must be included if \"*A digital Specifically, this [SFR](#abbr_SFR) must be included if \"*A digital signature of the stored key in accordance with signature of the stored key in accordance with [FCS\_COP.1/SigGen](#FCS_COP.1/SigGen) using an asymmetric key that is [FCS\_COP.1/SigGen](#FCS_COP.1/SigGen) using an asymmetric key that is protected in accordance with [FCS\_STG\_EXT.2](#FCS_STG_EXT.2)*\" is protected in accordance with [FCS\_STG\_EXT.2](#FCS_STG_EXT.2)*\" is selected in [FCS\_STG\_EXT.3](#FCS_STG_EXT.3). selected in [FCS\_STG\_EXT.3](#FCS_STG_EXT.3). If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then [FCS\_COP.1/Hash](#FCS_COP.1/Hash) and [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) [FCS\_COP.1/Hash](#FCS_COP.1/Hash) and [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) must also be claimed. must also be claimed. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_COP.1/SigGen](#FCS_COP.1/SigGen) [FCS\_COP.1/SigGen](#FCS_COP.1/SigGen) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to ensure that all The evaluator shall examine the [TSS](#abbr_TSS) to ensure that all signature generation functions use the approved algorithms and key signature generation functions use the approved algorithms and key sizes. sizes. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The following tests require the developer to provide access to a test The following tests require the developer to provide access to a test platform that provides the evaluator with tools that are typically not platform that provides the evaluator with tools that are typically not found on factory products. found on factory products. Each section below contains tests the evaluator must perform for each Each section below contains tests the evaluator must perform for each selected digital signature scheme. Based on the assignments and selected digital signature scheme. Based on the assignments and selections in the requirement, the evaluator chooses the specific selections in the requirement, the evaluator chooses the specific activities that correspond to those selections. activities that correspond to those selections. The following tests require the developer to provide access to a test The following tests require the developer to provide access to a test platform that provides the evaluator with tools that are not found on platform that provides the evaluator with tools that are not found on the [TOE](#abbr_TOE) in its evaluated configuration. the [TOE](#abbr_TOE) in its evaluated configuration. **If RSASSA-PKCS1-v1\_5 or RSASSA-PSS is claimed:** **If RSASSA-PKCS1-v1\_5 or RSASSA-PSS is claimed:** The below test is derived from The 186-4 RSA Validation System (RSA2VS). The below test is derived from The 186-4 RSA Validation System (RSA2VS). Updated 8 July 2014, Section 6.3, from the National Institute of Updated 8 July 2014, Section 6.3, from the National Institute of Standards and Technology. Standards and Technology. To test the implementation of RSA signature generation the evaluator To test the implementation of RSA signature generation the evaluator uses the system under test to generate signatures for 10 messages for uses the system under test to generate signatures for 10 messages for each combination of modulus size and [SHA](#abbr_SHA) algorithm. The each combination of modulus size and [SHA](#abbr_SHA) algorithm. The evaluator then uses a known-good implementation and the associated evaluator then uses a known-good implementation and the associated public keys to verify the signatures. public keys to verify the signatures. **If Digital Signature Scheme 2 (DSS2) or Digital Signature Scheme 3 **If Digital Signature Scheme 2 (DSS2) or Digital Signature Scheme 3 (DSS3) is claimed:** (DSS3) is claimed:** To test the implementation of DSS2/3 signature generation the evaluator To test the implementation of DSS2/3 signature generation the evaluator uses the system under test to generate signatures for 10 messages for uses the system under test to generate signatures for 10 messages for each combination of [SHA](#abbr_SHA) algorithm, hash size and key size. each combination of [SHA](#abbr_SHA) algorithm, hash size and key size. The evaluator them uses a known-good implementation and the associated The evaluator them uses a known-good implementation and the associated public keys to verify the signatures. public keys to verify the signatures. **If [ECDSA](#abbr_ECDSA) is claimed:** **If [ECDSA](#abbr_ECDSA) is claimed:** The below test is derived from The [FIPS](#abbr_FIPS) 186-4 Elliptic The below test is derived from The [FIPS](#abbr_FIPS) 186-4 Elliptic Curve Digital Signature Algorithm Validation System (ECDSA2VS). Updated Curve Digital Signature Algorithm Validation System (ECDSA2VS). Updated 18 March 2014, Section 6.4, from the National Institute of Standards and 18 March 2014, Section 6.4, from the National Institute of Standards and Technology. Technology. To test the implementation of [ECDSA](#abbr_ECDSA) signature generation To test the implementation of [ECDSA](#abbr_ECDSA) signature generation the evaluator uses the system under test to generate signatures for 10 the evaluator uses the system under test to generate signatures for 10 messages for each combination of curve, [SHA](#abbr_SHA) algorithm, hash messages for each combination of curve, [SHA](#abbr_SHA) algorithm, hash size, and key size. The evaluator then uses a known-good implementation size, and key size. The evaluator then uses a known-good implementation and the associated public keys to verify the signatures. and the associated public keys to verify the signatures. ::: ::: ::: ::: ::: ::: ::: {#FCS_COP.1/SigVer .comp} ::: {#FCS_COP.1/SigVer .comp} #### FCS\_COP.1/SigVer Cryptographic Operation (Signature Verification) #### FCS\_COP.1/SigVer Cryptographic Operation (Signature Verification) ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FDP\_ITC\_EXT.1.2](#FDP_ITC_EXT.1.2), selection in [FDP\_ITC\_EXT.1.2](#FDP_ITC_EXT.1.2), [FPT\_ROT\_EXT.2.1](#FPT_ROT_EXT.2.1), [FPT\_ROT\_EXT.2.1](#FPT_ROT_EXT.2.1), [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1).*** [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1).*** ***This component may also be included in the [ST](#abbr_ST) as if ***This component may also be included in the [ST](#abbr_ST) as if optional.*** optional.*** ::: ::: ::: {.element} ::: {.element} ::: {#FCS_COP.1.1/SigVer .reqid} ::: {#FCS_COP.1.1/SigVer .reqid} [FCS\_COP.1.1/SigVer](#FCS_COP.1.1/SigVer){.abbr} [FCS\_COP.1.1/SigVer](#FCS_COP.1.1/SigVer){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall perform **digital signature verification** in The [TSF](#abbr_TSF) shall perform **digital signature verification** in accordance with a specified cryptographic algorithm \[**selection**: accordance with a specified cryptographic algorithm \[**selection**: [Cryptographic algorithm]{.selection-content}\] and cryptographic key [Cryptographic algorithm]{.selection-content}\] and cryptographic key sizes \[**selection**: [Cryptographic key sizes]{.selection-content}\] sizes \[**selection**: [Cryptographic key sizes]{.selection-content}\] that meet the following: \[**selection**: [List of that meet the following: \[**selection**: [List of standards]{.selection-content}\] standards]{.selection-content}\] +-----------------+-----------------+-----------------+-----------------+ +-----------------+-----------------+-----------------+-----------------+ | Identifier | Cryptographic | Cryptographic | List of | | Identifier | Cryptographic | Cryptographic | List of | | | algorithm | key sizes | standards | | | algorithm | key sizes | standards | +=================+=================+=================+=================+ +=================+=================+=================+=================+ | RSASSA-PKCS1 | RSASSA-PKCS1-v1 | \[**selection** | \[**selection** | | RSASSA-PKCS1 | RSASSA-PKCS1-v1 | \[**selection** | \[**selection** | | | \_5 | : | : | | | \_5 | : | : | | | using | *2048 bit*, | *[RFC](#abbr_RF | | | using | *2048 bit*, | *[RFC](#abbr_RF | | | \[**selection** | *3072 bit*\] | C) | | | \[**selection** | *3072 bit*\] | C) | | | : | | 8017*, | | | : | | 8017*, | | | *[SHA](#abbr_SH | | *[PKCS](#abbr_P | | | *[SHA](#abbr_SH | | *[PKCS](#abbr_P | | | A)-256*, | | KCS) | | | A)-256*, | | KCS) | | | *[SHA](#abbr_SH | | \#1 v2.2 (sec. | | | *[SHA](#abbr_SH | | \#1 v2.2 (sec. | | | A)-384*, | | 8.2)*, | | | A)-384*, | | 8.2)*, | | | *[SHA](#abbr_SH | | *[FIPS](#abbr_F | | | *[SHA](#abbr_SH | | *[FIPS](#abbr_F | | | A)-512*, | | IPS) | | | A)-512*, | | IPS) | | | *SHA3-256*, | | PUB 186-4, (sec | | | *SHA3-256*, | | PUB 186-4, (sec | | | *SHA3-384*, | | 5.5)*\]\[RSASSA | | | *SHA3-384*, | | 5.5)*\]\[RSASSA | | | *SHA3-512*\] | | -PKCS1-v1\_5\] | | | *SHA3-512*\] | | -PKCS1-v1\_5\] | | | | | | | | | | | | | | | \[**selection** | | | | | \[**selection** | | | | | : | | | | | : | | | | | *[ISO](#abbr_IS | | | | | *[ISO](#abbr_IS | | | | | O)/[IEC](#abbr_ | | | | | O)/[IEC](#abbr_ | | | | | IEC) | | | | | IEC) | | | | | 10118-3 (cl. | | | | | 10118-3 (cl. | | | | | 10, 11) | | | | | 10, 11) | | | | | \[SHA1/2\]*, | | | | | \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 180-4 (sec. | | | | | PUB 180-4 (sec. | | | | | 6) \[SHA1/2\]*, | | | | | 6) \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 202 | | | | | PUB 202 | | | | | \[SHA3\]*\] | | | | | \[SHA3\]*\] | +-----------------+-----------------+-----------------+-----------------+ +-----------------+-----------------+-----------------+-----------------+ | DSS2 | Digital | \[**selection** | [ISO](#abbr_ISO | | DSS2 | Digital | \[**selection** | [ISO](#abbr_ISO | | | signature | : | )/[IEC](#abbr_I | | | signature | : | )/[IEC](#abbr_I | | | scheme 2 using | *2048 bit*, | EC) | | | scheme 2 using | *2048 bit*, | EC) | | | \[**selection** | *3072 bit*\] | 9796-2 (cl. 9) | | | \[**selection** | *3072 bit*\] | 9796-2 (cl. 9) | | | : | | \[Digital | | | : | | \[Digital | | | *[SHA](#abbr_SH | | signature | | | *[SHA](#abbr_SH | | signature | | | A)-256*, | | scheme 2\] | | | A)-256*, | | scheme 2\] | | | *[SHA](#abbr_SH | | | | | *[SHA](#abbr_SH | | | | | A)-384*, | | \[**selection** | | | A)-384*, | | \[**selection** | | | *[SHA](#abbr_SH | | : | | | *[SHA](#abbr_SH | | : | | | A)-512*, | | *[ISO](#abbr_IS | | | A)-512*, | | *[ISO](#abbr_IS | | | *SHA3-256*, | | O)/[IEC](#abbr_ | | | *SHA3-256*, | | O)/[IEC](#abbr_ | | | *SHA3-384*, | | IEC) | | | *SHA3-384*, | | IEC) | | | *SHA3-512*\] | | 10118-3 (cl. | | | *SHA3-512*\] | | 10118-3 (cl. | | | | | 10, 11) | | | | | 10, 11) | | | | | \[SHA1/2\]*, | | | | | \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 180-4 (sec. | | | | | PUB 180-4 (sec. | | | | | 6) \[SHA1/2\]*, | | | | | 6) \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 202 | | | | | PUB 202 | | | | | \[SHA3\]*\] | | | | | \[SHA3\]*\] | +-----------------+-----------------+-----------------+-----------------+ +-----------------+-----------------+-----------------+-----------------+ | DSS3 | Digital | \[**selection** | [ISO](#abbr_ISO | | DSS3 | Digital | \[**selection** | [ISO](#abbr_ISO | | | signature | : | )/[IEC](#abbr_I | | | signature | : | )/[IEC](#abbr_I | | | scheme 3 using | *2048 bit*, | EC) | | | scheme 3 using | *2048 bit*, | EC) | | | \[**selection** | *3072 bit*\] | 9796-2, (Clause | | | \[**selection** | *3072 bit*\] | 9796-2, (Clause | | | : | | 10) (Digital | | | : | | 10) (Digital | | | *[SHA](#abbr_SH | | signature | | | *[SHA](#abbr_SH | | signature | | | A)-256*, | | scheme 3) | | | A)-256*, | | scheme 3) | | | *[SHA](#abbr_SH | | | | | *[SHA](#abbr_SH | | | | | A)-384*, | | \[**selection** | | | A)-384*, | | \[**selection** | | | *[SHA](#abbr_SH | | : | | | *[SHA](#abbr_SH | | : | | | A)-512*, | | *[ISO](#abbr_IS | | | A)-512*, | | *[ISO](#abbr_IS | | | *SHA3-256*, | | O)/[IEC](#abbr_ | | | *SHA3-256*, | | O)/[IEC](#abbr_ | | | *SHA3-384*, | | IEC) | | | *SHA3-384*, | | IEC) | | | *SHA3-512*\] | | 10118-3 (cl. | | | *SHA3-512*\] | | 10118-3 (cl. | | | | | 10, 11) | | | | | 10, 11) | | | | | \[SHA1/2\]*, | | | | | \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 180-4 (sec. | | | | | PUB 180-4 (sec. | | | | | 6) \[SHA1/2\]*, | | | | | 6) \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 202 | | | | | PUB 202 | | | | | \[SHA3\]*\] | | | | | \[SHA3\]*\] | +-----------------+-----------------+-----------------+-----------------+ +-----------------+-----------------+-----------------+-----------------+ | RSASSA-PSS | RSASSA-PSS | \[**selection** | \[[RFC](#abbr_R | | RSASSA-PSS | RSASSA-PSS | \[**selection** | \[[RFC](#abbr_R | | | using | : | FC) | | | using | : | FC) | | | \[**selection** | *2048 bit*, | 8017, | | | \[**selection** | *2048 bit*, | 8017, | | | : | *3072 bit*\] | [PKCS](#abbr_PK | | | : | *3072 bit*\] | [PKCS](#abbr_PK | | | *[SHA](#abbr_SH | | CS)\#1v2.2 | | | *[SHA](#abbr_SH | | CS)\#1v2.2 | | | A)-256*, | | (Section 8.1)\] | | | A)-256*, | | (Section 8.1)\] | | | *[SHA](#abbr_SH | | (RSASSAPSS) | | | *[SHA](#abbr_SH | | (RSASSAPSS) | | | A)-384*, | | | | | A)-384*, | | | | | *[SHA](#abbr_SH | | \[**selection** | | | *[SHA](#abbr_SH | | \[**selection** | | | A)-512*, | | : | | | A)-512*, | | : | | | *SHA3-256*, | | *[ISO](#abbr_IS | | | *SHA3-256*, | | *[ISO](#abbr_IS | | | *SHA3-384*, | | O)/[IEC](#abbr_ | | | *SHA3-384*, | | O)/[IEC](#abbr_ | | | *SHA3-512*\] | | IEC) | | | *SHA3-512*\] | | IEC) | | | | | 10118-3 (cl. | | | | | 10118-3 (cl. | | | | | 10, 11) | | | | | 10, 11) | | | | | \[SHA1/2\]*, | | | | | \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 180-4 (sec. | | | | | PUB 180-4 (sec. | | | | | 6) \[SHA1/2\]*, | | | | | 6) \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 202 | | | | | PUB 202 | | | | | \[SHA3\]*\] | | | | | \[SHA3\]*\] | +-----------------+-----------------+-----------------+-----------------+ +-----------------+-----------------+-----------------+-----------------+ | [ECDSA](#abbr_E | [ECDSA](#abbr_E | \[**selection** | \[**selection** | | [ECDSA](#abbr_E | [ECDSA](#abbr_E | \[**selection** | \[**selection** | | CDSA) | CDSA) | : | : | | CDSA) | CDSA) | : | : | | | on | *2048 bit*, | | | | on | *2048 bit*, | | | | \[**selection** | *3072 bit*\] | - *\[**select | | | \[**selection** | *3072 bit*\] | - *\[**select | | | : | | ion**: | | | : | | ion**: | | | *brainpoolP256r | | *[ISO](#abb | | | *brainpoolP256r | | *[ISO](#abb | | | 1*, | | r_ISO)/[IEC](#a | | | 1*, | | r_ISO)/[IEC](#a | | | *brainpoolP384r | | bbr_IEC) | | | *brainpoolP384r | | bbr_IEC) | | | 1*, | | 14888-3*, | | | 1*, | | 14888-3*, | | | *brainpoolP512r | | *[FIPS](#ab | | | *brainpoolP512r | | *[FIPS](#ab | | | 1*, | | br_FIPS) | | | 1*, | | br_FIPS) | | | *[NIST](#abbr_N | | PUB 186-4 | | | *[NIST](#abbr_N | | PUB 186-4 | | | IST) | | (Section 6) | | | IST) | | (Section 6) | | | P-256*, | | *\](EDCSA)*, | | | P-256*, | | *\](EDCSA)*, | | | *[NIST](#abbr_N | | - *[RFC](#abb | | | *[NIST](#abbr_N | | - *[RFC](#abb | | | IST) | | r_RFC) | | | IST) | | r_RFC) | | | P-384*, | | 5639 | | | P-384*, | | 5639 | | | *[NIST](#abbr_N | | (Section | | | *[NIST](#abbr_N | | (Section | | | IST) | | 3)(Brainpoo | | | IST) | | 3)(Brainpoo | | | P-521*\] using | | l | | | P-521*\] using | | l | | | \[**selection** | | Curves)*, | | | \[**selection** | | Curves)*, | | | : | | - *[FIPS](#ab | | | : | | - *[FIPS](#ab | | | *[SHA](#abbr_SH | | br_FIPS) | | | *[SHA](#abbr_SH | | br_FIPS) | | | A)-256*, | | PUB 186-4 | | | A)-256*, | | PUB 186-4 | | | *[SHA](#abbr_SH | | (Appendix | | | *[SHA](#abbr_SH | | (Appendix | | | A)-384*, | | D.1.2) | | | A)-384*, | | D.1.2) | | | *[SHA](#abbr_SH | | ([NIST](#ab | | | *[SHA](#abbr_SH | | ([NIST](#ab | | | A)-512*, | | br_NIST) | | | A)-512*, | | br_NIST) | | | *SHA3-256*, | | Curves)* | | | *SHA3-256*, | | Curves)* | | | *SHA3-384*, | | | | | *SHA3-384*, | | | | | *SHA3-512*\] | | \] | | | *SHA3-512*\] | | \] | | | | | | | | | | | | | | | \[**selection** | | | | | \[**selection** | | | | | : | | | | | : | | | | | *[ISO](#abbr_IS | | | | | *[ISO](#abbr_IS | | | | | O)/[IEC](#abbr_ | | | | | O)/[IEC](#abbr_ | | | | | IEC) | | | | | IEC) | | | | | 10118-3 (cl. | | | | | 10118-3 (cl. | | | | | 10, 11) | | | | | 10, 11) | | | | | \[SHA1/2\]*, | | | | | \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 180-4 (sec. | | | | | PUB 180-4 (sec. | | | | | 6) \[SHA1/2\]*, | | | | | 6) \[SHA1/2\]*, | | | | | *[FIPS](#abbr_F | | | | | *[FIPS](#abbr_F | | | | | IPS) | | | | | IPS) | | | | | PUB 202 | | | | | PUB 202 | | | | | \[SHA3\]*\] | | | | | \[SHA3\]*\] | +-----------------+-----------------+-----------------+-----------------+ +-----------------+-----------------+-----------------+-----------------+ : [Table [13]{.counter}]{#tab-fcs-cop-sigver-sels .ctr : [Table [13]{.counter}]{#tab-fcs-cop-sigver-sels .ctr data-myid="tab-fcs-cop-sigver-sels" data-counter-type="ct-Table"}: data-myid="tab-fcs-cop-sigver-sels" data-counter-type="ct-Table"}: Choices for completion of the assignments in Choices for completion of the assignments in [FCS\_COP.1.1/SigVer](#FCS_COP.1.1/SigVer). [FCS\_COP.1.1/SigVer](#FCS_COP.1.1/SigVer). ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if digital signature verification is a included in the [ST](#abbr_ST) if digital signature verification is a service provided by the [TOE](#abbr_TOE) to tenant software, or if service provided by the [TOE](#abbr_TOE) to tenant software, or if digital signature verification is used by the [TOE](#abbr_TOE) itself to digital signature verification is used by the [TOE](#abbr_TOE) itself to support or implement [PP](#abbr_PP)-specified security support or implement [PP](#abbr_PP)-specified security functionality.]{.note} functionality.]{.note} Specifically, this [SFR](#abbr_SFR) must be included if the Specifically, this [SFR](#abbr_SFR) must be included if the [ST](#abbr_ST) Author chooses \"*implement an authenticated platform [ST](#abbr_ST) Author chooses \"*implement an authenticated platform firmware update mechanism as described in firmware update mechanism as described in [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2)*\" or \"*implement a [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2)*\" or \"*implement a delayed-authentication platform firmware update mechanism as described delayed-authentication platform firmware update mechanism as described in [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3)*\" in in [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3)*\" in [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1); or if the [ST](#abbr_ST) Author [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1); or if the [ST](#abbr_ST) Author selects \"*verification of a digital signature by trusted code/data*\" selects \"*verification of a digital signature by trusted code/data*\" in [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2). in [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2). If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then [FCS\_COP.1/Hash](#FCS_COP.1/Hash) must also be claimed. [FCS\_COP.1/Hash](#FCS_COP.1/Hash) must also be claimed. The [ST](#abbr_ST) Author should choose the algorithm implemented to The [ST](#abbr_ST) Author should choose the algorithm implemented to perform verification of digital signatures. For the algorithm chosen, perform verification of digital signatures. For the algorithm chosen, the [ST](#abbr_ST) Author should make the appropriate the [ST](#abbr_ST) Author should make the appropriate assignments/selections to specify the parameters that are implemented assignments/selections to specify the parameters that are implemented for that algorithm. In particular, if [ECDSA](#abbr_ECDSA) is selected for that algorithm. In particular, if [ECDSA](#abbr_ECDSA) is selected as one of the signature algorithms, the key size specified must match as one of the signature algorithms, the key size specified must match the selection for the curve used in the algorithm. the selection for the curve used in the algorithm. For elliptic curve-based schemes, the key size refers to the binary For elliptic curve-based schemes, the key size refers to the binary logarithm (log2) of the order of the base point. As the preferred logarithm (log2) of the order of the base point. As the preferred approach for digital signatures, elliptic curves will be required after approach for digital signatures, elliptic curves will be required after all the necessary standards and other supporting information are fully all the necessary standards and other supporting information are fully established. established. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall check the [TSS](#abbr_TSS) to ensure that it The evaluator shall check the [TSS](#abbr_TSS) to ensure that it describes the overall flow of the signature verification. This should at describes the overall flow of the signature verification. This should at least include identification of the format and general location (e.g., least include identification of the format and general location (e.g., \"firmware on the hard drive device\" rather than "memory location \"firmware on the hard drive device\" rather than "memory location 0x00007A4B\") of the data to be used in verifying the digital signature; 0x00007A4B\") of the data to be used in verifying the digital signature; how the data received from the operational environment are brought onto how the data received from the operational environment are brought onto the device; and any processing that is performed that is not part of the the device; and any processing that is performed that is not part of the digital signature algorithm (for instance, checking of certificate digital signature algorithm (for instance, checking of certificate revocation lists). revocation lists). ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The following tests require the developer to provide access to a test The following tests require the developer to provide access to a test platform that provides the evaluator with tools that are typically not platform that provides the evaluator with tools that are typically not found on factory products. found on factory products. Each section below contains tests the evaluator must perform for each Each section below contains tests the evaluator must perform for each selected digital signature scheme. Based on the assignments and selected digital signature scheme. Based on the assignments and selections in the requirement, the evaluator chooses the specific selections in the requirement, the evaluator chooses the specific activities that correspond to those selections. activities that correspond to those selections. The following tests require the developer to provide access to a test The following tests require the developer to provide access to a test platform that provides the evaluator with tools that are not found on platform that provides the evaluator with tools that are not found on the [TOE](#abbr_TOE) in its evaluated configuration. the [TOE](#abbr_TOE) in its evaluated configuration. ***RSASSA-PKCS1-v1\_5 and RSASSA-PSS*** ***RSASSA-PKCS1-v1\_5 and RSASSA-PSS*** These tests are derived from The 186-4 RSA Validation System (RSA2VS), These tests are derived from The 186-4 RSA Validation System (RSA2VS), updated 8 Jul 2014, Section 6.4. updated 8 Jul 2014, Section 6.4. The [FIPS](#abbr_FIPS) 186-4 RSA Signature Verification Test tests the The [FIPS](#abbr_FIPS) 186-4 RSA Signature Verification Test tests the ability of the [TSF](#abbr_TSF) to recognize valid and invalid ability of the [TSF](#abbr_TSF) to recognize valid and invalid signatures. The evaluator shall provide a modulus and three associated signatures. The evaluator shall provide a modulus and three associated key pairs (d, e) for each combination of selected [SHA](#abbr_SHA) key pairs (d, e) for each combination of selected [SHA](#abbr_SHA) algorithm, modulus size and hash size. Each private key d is used to algorithm, modulus size and hash size. Each private key d is used to sign six pseudorandom messages each of 1024 bits. For five of the six sign six pseudorandom messages each of 1024 bits. For five of the six messages, the public key (e), message, IR format, padding, or signature messages, the public key (e), message, IR format, padding, or signature is altered so that signature verification should fail. The test passes is altered so that signature verification should fail. The test passes only if all the signatures made using unaltered parameters result in only if all the signatures made using unaltered parameters result in successful signature verification, and all the signatures made using successful signature verification, and all the signatures made using altered parameters result in unsuccessful signature verification. altered parameters result in unsuccessful signature verification. ***[ECDSA](#abbr_ECDSA) on [NIST](#abbr_NIST) and Brainpool Curves*** ***[ECDSA](#abbr_ECDSA) on [NIST](#abbr_NIST) and Brainpool Curves*** These tests are derived from The [FIPS](#abbr_FIPS) 186-4 Elliptic Curve These tests are derived from The [FIPS](#abbr_FIPS) 186-4 Elliptic Curve Digital Signature Algorithm Validation System (ECDSA2VS), updated 18 Mar Digital Signature Algorithm Validation System (ECDSA2VS), updated 18 Mar 2014, Section 6.5. 2014, Section 6.5. The [FIPS](#abbr_FIPS) 186-4 ECC Signature Verification Test tests the The [FIPS](#abbr_FIPS) 186-4 ECC Signature Verification Test tests the ability of the [TSF](#abbr_TSF) to recognize valid and invalid ability of the [TSF](#abbr_TSF) to recognize valid and invalid signatures. The evaluator shall provide a modulus and associated key signatures. The evaluator shall provide a modulus and associated key pair (x, y) for each combination of selected curve, [SHA](#abbr_SHA) pair (x, y) for each combination of selected curve, [SHA](#abbr_SHA) algorithm, modulus size, and hash size. Each private key (x) is used to algorithm, modulus size, and hash size. Each private key (x) is used to sign 15 pseudorandom messages of 1024 bits. For eight of the fifteen sign 15 pseudorandom messages of 1024 bits. For eight of the fifteen messages, the message, IR format, padding, or signature is altered so messages, the message, IR format, padding, or signature is altered so that signature verification should fail. The test passes only if all the that signature verification should fail. The test passes only if all the signatures made using unaltered parameters result in successful signatures made using unaltered parameters result in successful signature verification, and all the signatures made using altered signature verification, and all the signatures made using altered parameters result in unsuccessful signature verification. parameters result in unsuccessful signature verification. ***Digital Signature Scheme 2*** ***Digital Signature Scheme 2*** The following or equivalent steps shall be taken to test the The following or equivalent steps shall be taken to test the [TSF](#abbr_TSF). [TSF](#abbr_TSF). For each supported modulus size, underlying hash algorithm, and length For each supported modulus size, underlying hash algorithm, and length of the trailer field (1- or 2-byte), the evaluator shall generate NT of the trailer field (1- or 2-byte), the evaluator shall generate NT sets of recoverable message (M1), non-recoverable message (M2), salt, sets of recoverable message (M1), non-recoverable message (M2), salt, public key and signature (*Σ*). public key and signature (*Σ*). 1. *N~T~* shall be greater than or equal to 20. 1. *N~T~* shall be greater than or equal to 20. 2. The length of salts shall be selected from its supported length 2. The length of salts shall be selected from its supported length range of salt. The typical length of salt is equal to the output range of salt. The typical length of salt is equal to the output block length of underlying hash algorithm (see 9.2.2 of block length of underlying hash algorithm (see 9.2.2 of [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 9796-2:2010). [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 9796-2:2010). 3. The length of recoverable messages should be selected by considering 3. The length of recoverable messages should be selected by considering modulus size, output block length of underlying hash algorithm, and modulus size, output block length of underlying hash algorithm, and length of salt (*L~S~*). As described in Annex D of length of salt (*L~S~*). As described in Annex D of [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 9796-2:2010, it is desirable to [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 9796-2:2010, it is desirable to maximize the length of recoverable message. The following table maximize the length of recoverable message. The following table shows the maximum bit-length of recoverable message that is shows the maximum bit-length of recoverable message that is divisible by 512, for some combinations of modulus size, underlying divisible by 512, for some combinations of modulus size, underlying hash algorithm, and length of salt. hash algorithm, and length of salt. Maximum length of recoverable message divisible by 512 (bits) Maximum length of recoverable message divisible by 512 (bits) 4. The length of non-recoverable messages should be selected by 4. The length of non-recoverable messages should be selected by considering the underlying hash algorithm and usages. If the considering the underlying hash algorithm and usages. If the [TSF](#abbr_TSF) is used for verifying the authenticity of [TSF](#abbr_TSF) is used for verifying the authenticity of software/firmware updates, the length of non-recoverable messages software/firmware updates, the length of non-recoverable messages should be selected greater than or equal to 2048-bit. With this should be selected greater than or equal to 2048-bit. With this length range, it means that the underlying hash algorithm is also length range, it means that the underlying hash algorithm is also tested for two or more input blocks. tested for two or more input blocks. 5. The evaluator shall select approximately one half of *N~T~* sets and 5. The evaluator shall select approximately one half of *N~T~* sets and shall alter one of the values (non-recoverable message, public key shall alter one of the values (non-recoverable message, public key exponent or signature) in the sets. In altering public key exponent, exponent or signature) in the sets. In altering public key exponent, the evaluator shall alter the public key exponent while keeping the the evaluator shall alter the public key exponent while keeping the exponent odd. In altering signatures, the following ways should be exponent odd. In altering signatures, the following ways should be considered: considered: a. Altering a signature just by replacing a bit in the bit-string a. Altering a signature just by replacing a bit in the bit-string representation of the signature representation of the signature b. Altering a signature so that the trailer in the message b. Altering a signature so that the trailer in the message representative cannot be interpreted. This can be achieved by representative cannot be interpreted. This can be achieved by following ways: following ways: - Setting the rightmost four bits of the message - Setting the rightmost four bits of the message representative to the values other than \'1100\'. representative to the values other than \'1100\'. - In the case when 1-byte trailer is used, setting the - In the case when 1-byte trailer is used, setting the rightmost byte of the message representative to the values rightmost byte of the message representative to the values other than \'0xbc\', while keeping the rightmost four bits other than \'0xbc\', while keeping the rightmost four bits to \'1100\'. to \'1100\'. - In the case when 2-byte trailer is used, setting the - In the case when 2-byte trailer is used, setting the rightmost byte of the message representative to the values rightmost byte of the message representative to the values other than \'0xcc\', while keeping the rightmost four bits other than \'0xcc\', while keeping the rightmost four bits to \'1100\'. to \'1100\'. c. In the case when 2-byte trailer is used, altering a signature so c. In the case when 2-byte trailer is used, altering a signature so that the hash algorithm identifier in the trailer (i.e. the left that the hash algorithm identifier in the trailer (i.e. the left most byte of the trailer) does not correspond to hash algorithms most byte of the trailer) does not correspond to hash algorithms identified in the [SFR](#abbr_SFR). The hash algorithm identified in the [SFR](#abbr_SFR). The hash algorithm identifiers are 0x34 for [SHA](#abbr_SHA)-256 (see Clause 10 of identifiers are 0x34 for [SHA](#abbr_SHA)-256 (see Clause 10 of [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 10118-3:2018), and 0x35 for [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 10118-3:2018), and 0x35 for [SHA](#abbr_SHA)-512 (see Clause 11 of [SHA](#abbr_SHA)-512 (see Clause 11 of [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 10118-3:2018). [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 10118-3:2018). d. Let *L~S~* be the length of salt, altering a signature so that d. Let *L~S~* be the length of salt, altering a signature so that the intermediate bit string *D* in the message representative is the intermediate bit string *D* in the message representative is set to all zeroes except for the rightmost *L~S~* bits of *D*. set to all zeroes except for the rightmost *L~S~* bits of *D*. e. (non-conformant signature length) Altering a signature so that e. (non-conformant signature length) Altering a signature so that the length of signature *Σ* is changed to modulus size and the the length of signature *Σ* is changed to modulus size and the most significant bit of signature *Σ* is set equal to \'1\'. most significant bit of signature *Σ* is set equal to \'1\'. f. (non-conformant signature) Altering a signature so that the f. (non-conformant signature) Altering a signature so that the integer converted from signature *Σ* is greater than modulus integer converted from signature *Σ* is greater than modulus *n*. *n*. The evaluator shall supply the NT sets to the [TSF](#abbr_TSF) and The evaluator shall supply the NT sets to the [TSF](#abbr_TSF) and obtain in response a set of NT Verification-Success or Verification-Fail obtain in response a set of NT Verification-Success or Verification-Fail values. When the Verification-Success is obtained, the evaluator shall values. When the Verification-Success is obtained, the evaluator shall also obtain recovered message (M 1\*). also obtain recovered message (M 1\*). The evaluator shall verify that Verification-Success results correspond The evaluator shall verify that Verification-Success results correspond to the unaltered sets and Verification-Fail results correspond to the to the unaltered sets and Verification-Fail results correspond to the altered sets. altered sets. For each recovered message, the evaluator shall compare the recovered For each recovered message, the evaluator shall compare the recovered message (M1\*) with the corresponding recoverable message (M 1) in the message (M1\*) with the corresponding recoverable message (M 1) in the unaltered sets. unaltered sets. The test passes only if all the signatures made using unaltered sets The test passes only if all the signatures made using unaltered sets result in Verification-Success, each recovered message (M 1\*) is equal result in Verification-Success, each recovered message (M 1\*) is equal to corresponding M 1 in the unaltered sets, and all the signatures made to corresponding M 1 in the unaltered sets, and all the signatures made using altered sets result in Verification-Fail. using altered sets result in Verification-Fail. ***Digital Signature Scheme 3*** ***Digital Signature Scheme 3*** The evaluator shall perform the test described for Digital Signature The evaluator shall perform the test described for Digital Signature Scheme 2 while using a fixed salt for NT sets. Scheme 2 while using a fixed salt for NT sets. ::: ::: ::: ::: ::: ::: ::: {#FCS_COP.1/SKC .comp} ::: {#FCS_COP.1/SKC .comp} #### FCS\_COP.1/SKC Cryptographic Operation (Symmetric Key Cryptography) #### FCS\_COP.1/SKC Cryptographic Operation (Symmetric Key Cryptography) ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FCS\_COP.1.1/KAT](#FCS_COP.1.1/KAT), selection in [FCS\_COP.1.1/KAT](#FCS_COP.1.1/KAT), [FCS\_RBG\_EXT.1.1](#FCS_RBG_EXT.1.1), [FCS\_RBG\_EXT.1.1](#FCS_RBG_EXT.1.1), [FCS\_STG\_EXT.3.1](#FCS_STG_EXT.3.1), [FCS\_STG\_EXT.3.1](#FCS_STG_EXT.3.1), [FDP\_ITC\_EXT.1.2](#FDP_ITC_EXT.1.2).*** [FDP\_ITC\_EXT.1.2](#FDP_ITC_EXT.1.2).*** ***This component must be included in the [ST](#abbr_ST) if any of the ***This component must be included in the [ST](#abbr_ST) if any of the following SFRs are included:***\ following SFRs are included:***\ - ***[FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1)*** - ***[FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1)*** - ***[FCS\_STG\_EXT.2](#FCS_STG_EXT.2)*** - ***[FCS\_STG\_EXT.2](#FCS_STG_EXT.2)*** ***This component may also be included in the [ST](#abbr_ST) as if ***This component may also be included in the [ST](#abbr_ST) as if optional.*** optional.*** ::: ::: ::: {.element} ::: {.element} ::: {#FCS_COP.1.1/SKC .reqid} ::: {#FCS_COP.1.1/SKC .reqid} [FCS\_COP.1.1/SKC](#FCS_COP.1.1/SKC){.abbr} [FCS\_COP.1.1/SKC](#FCS_COP.1.1/SKC){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall perform **symmetric key The [TSF](#abbr_TSF) shall perform **symmetric key encryption/decryption** in accordance with a specified cryptographic encryption/decryption** in accordance with a specified cryptographic algorithm \[**selection**: [Cryptographic algorithm \[**selection**: [Cryptographic algorithm]{.selection-content}\] and cryptographic key sizes algorithm]{.selection-content}\] and cryptographic key sizes \[**selection**: [Cryptographic key sizes]{.selection-content}\] that \[**selection**: [Cryptographic key sizes]{.selection-content}\] that meet the following: \[**selection**: [List of meet the following: \[**selection**: [List of standards]{.selection-content}\] standards]{.selection-content}\] ----------------------------------------------------------------------- ----------------------------------------------------------------------- Cryptographic algorithm Cryptographic key sizes List of standards Cryptographic algorithm Cryptographic key sizes List of standards ----------------------- ----------------------- ----------------------- ----------------------- ----------------------- ----------------------- [AES](#abbr_AES)-CCM [AES](#abbr_AES) in CCM \[**selection**: *128 [AES](#abbr_AES)-CCM [AES](#abbr_AES) in CCM \[**selection**: *128 mode with bits*, *192 bits*, *256 mode with bits*, *192 bits*, *256 unpredictable, bits*\] unpredictable, bits*\] non-repeating nonce, non-repeating nonce, minimum size of 64 bits minimum size of 64 bits [AES](#abbr_AES)-GCM [AES](#abbr_AES) in GCM \[**selection**: *128 [AES](#abbr_AES)-GCM [AES](#abbr_AES) in GCM \[**selection**: *128 mode with non-repeating bits*, *192 bits*, *256 mode with non-repeating bits*, *192 bits*, *256 IVs; IV length must be bits*\] IVs; IV length must be bits*\] equal to 96 bits; the equal to 96 bits; the deterministic IV deterministic IV construction method (SP construction method (SP 800-38D, Section 8.2.1) 800-38D, Section 8.2.1) must be used; the must be used; the [MAC](#abbr_MAC) length [MAC](#abbr_MAC) length t must be one of the t must be one of the values \[**selection**: values \[**selection**: *96*, *104*, *112*, *96*, *104*, *112*, *120*, *128*\] *120*, *128*\] [AES](#abbr_AES)-CBC [AES](#abbr_AES) in CBC \[**selection**: *128 [AES](#abbr_AES)-CBC [AES](#abbr_AES) in CBC \[**selection**: *128 mode with non-repeating bits*, *192 bits*, *256 mode with non-repeating bits*, *192 bits*, *256 and unpredictable IVs bits*\] and unpredictable IVs bits*\] [AES](#abbr_AES)-CTR [AES](#abbr_AES) in \[**selection**: *128 [AES](#abbr_AES)-CTR [AES](#abbr_AES) in \[**selection**: *128 counter mode with a bits*, *192 bits*, *256 counter mode with a bits*, *192 bits*, *256 non-repeating initial bits*\] non-repeating initial bits*\] counter and with no counter and with no repeated use of counter repeated use of counter values across multiple values across multiple messages with the same messages with the same secret key secret key XTS-AES [AES](#abbr_AES) in XTS \[**selection**: *256 XTS-AES [AES](#abbr_AES) in XTS \[**selection**: *256 mode with unique bits*, *512 bits*\] mode with unique bits*, *512 bits*\] \[**selection**: \[**selection**: *consecutive *consecutive non-negative integers non-negative integers starting at an starting at an arbitrary non-negative arbitrary non-negative integer*, *data unit integer*, *data unit sequence numbers*\] sequence numbers*\] tweak values tweak values [AES](#abbr_AES)-KWP KWP based on \[**selection**: *128 [AES](#abbr_AES)-KWP KWP based on \[**selection**: *128 [AES](#abbr_AES) bits*, *192 bits*, *256 [AES](#abbr_AES) bits*, *192 bits*, *256 bits*\] bits*\] [AES](#abbr_AES)-KW KW based on \[**selection**: *128 [AES](#abbr_AES)-KW KW based on \[**selection**: *128 [AES](#abbr_AES) bits*, *192 bits*, *256 [AES](#abbr_AES) bits*, *192 bits*, *256 bits*\] bits*\] ----------------------------------------------------------------------- ----------------------------------------------------------------------- : [Table [14]{.counter}]{#fcs-cop-skc-sels .ctr : [Table [14]{.counter}]{#fcs-cop-skc-sels .ctr data-myid="fcs-cop-skc-sels" data-counter-type="ct-Table"}: Choices data-myid="fcs-cop-skc-sels" data-counter-type="ct-Table"}: Choices for completion of the assignments in for completion of the assignments in [FCS\_COP.1.1/SKC](#FCS_COP.1.1/SKC) [FCS\_COP.1.1/SKC](#FCS_COP.1.1/SKC) ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if symmetric-key cryptography is a included in the [ST](#abbr_ST) if symmetric-key cryptography is a service provided by the [TOE](#abbr_TOE) to tenant software, or if the service provided by the [TOE](#abbr_TOE) to tenant software, or if the [TOE](#abbr_TOE) itself uses SKC to support or implement [TOE](#abbr_TOE) itself uses SKC to support or implement [PP](#abbr_PP)-specified security functionality.]{.note} [PP](#abbr_PP)-specified security functionality.]{.note} Specifically, this [SFR](#abbr_SFR) must be included if the Specifically, this [SFR](#abbr_SFR) must be included if the [ST](#abbr_ST) includes [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) or [ST](#abbr_ST) includes [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) or FCS\_STO\_EXT.2, or includes any of the following selections: FCS\_STO\_EXT.2, or includes any of the following selections: - \"*CTR\_DRBG ([AES](#abbr_AES))*\" in - \"*CTR\_DRBG ([AES](#abbr_AES))*\" in [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) - \"*[ECIES](#abbr_ECIES)*\" in [FCS\_COP.1/KAT](#FCS_COP.1/KAT) - \"*[ECIES](#abbr_ECIES)*\" in [FCS\_COP.1/KAT](#FCS_COP.1/KAT) - \"*[AES](#abbr_AES)-\**\" in [FCS\_STG\_EXT.3](#FCS_STG_EXT.3) - \"*[AES](#abbr_AES)-\**\" in [FCS\_STG\_EXT.3](#FCS_STG_EXT.3) ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_COP.1/SKC](#FCS_COP.1/SKC) [FCS\_COP.1/SKC](#FCS_COP.1/SKC) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall check that the [TSS](#abbr_TSS) includes a The evaluator shall check that the [TSS](#abbr_TSS) includes a description of encryption functions used for symmetric key encryption. description of encryption functions used for symmetric key encryption. The evaluator should check that this description of the selected The evaluator should check that this description of the selected encryption function includes the key sizes and modes of operations as encryption function includes the key sizes and modes of operations as specified in [Table specified in [Table [14]{.counter}](#fcs-cop-skc-sels){.fcs-cop-skc-sels-ref}. [14]{.counter}](#fcs-cop-skc-sels){.fcs-cop-skc-sels-ref}. The evaluator shall check that the [TSS](#abbr_TSS) describes the means The evaluator shall check that the [TSS](#abbr_TSS) describes the means by which the [TOE](#abbr_TOE) satisfies constraints on algorithm by which the [TOE](#abbr_TOE) satisfies constraints on algorithm parameters included in the selections made for 'cryptographic algorithm' parameters included in the selections made for 'cryptographic algorithm' and 'list of standards'. and 'list of standards'. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: If the product supports multiple modes, the evaluator shall examine the If the product supports multiple modes, the evaluator shall examine the AGD to determine that the method of choosing a specific mode/key size is AGD to determine that the method of choosing a specific mode/key size is described. described. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: The evaluator shall examine the KMD to ensure that the points at which The evaluator shall examine the KMD to ensure that the points at which symmetric key encryption and decryption occurs are described, and that symmetric key encryption and decryption occurs are described, and that the complete data path for symmetric key encryption is described. The the complete data path for symmetric key encryption is described. The evaluator checks that this description is consistent with the relevant evaluator checks that this description is consistent with the relevant parts of the [TSS](#abbr_TSS). parts of the [TSS](#abbr_TSS). Assessment of the complete data path for symmetric key encryption Assessment of the complete data path for symmetric key encryption includes confirming that the KMD describes the data flow from the includes confirming that the KMD describes the data flow from the device's host interface to the device's non-volatile memory storing the device's host interface to the device's non-volatile memory storing the data, and gives information enabling the user data path to be data, and gives information enabling the user data path to be distinguished from those situations in which data bypasses the data distinguished from those situations in which data bypasses the data encryption engine (e.g. read-write operations to an unencrypted Master encryption engine (e.g. read-write operations to an unencrypted Master Boot Record area). The evaluator shall ensure that the documentation of Boot Record area). The evaluator shall ensure that the documentation of the data path is detailed enough that it thoroughly describes the parts the data path is detailed enough that it thoroughly describes the parts of the [TOE](#abbr_TOE) that the data passes through (e.g. different of the [TOE](#abbr_TOE) that the data passes through (e.g. different memory types, processors and co-processors), its encryption state (i.e. memory types, processors and co-processors), its encryption state (i.e. encrypted or unencrypted) in each part, and any places where the data is encrypted or unencrypted) in each part, and any places where the data is stored. For example, any caching or buffering of the data should be stored. For example, any caching or buffering of the data should be identified and distinguished from the final destination in non-volatile identified and distinguished from the final destination in non-volatile memory (the latter represents the location from which the host will memory (the latter represents the location from which the host will expect to retrieve the data in future). expect to retrieve the data in future). If support for [AES](#abbr_AES)-CTR is claimed and the counter value If support for [AES](#abbr_AES)-CTR is claimed and the counter value source is internal to the [TOE](#abbr_TOE), the evaluator shall verify source is internal to the [TOE](#abbr_TOE), the evaluator shall verify that the KMD describes the internal counter mechanism used to ensure that the KMD describes the internal counter mechanism used to ensure that it provides unique counter block values. that it provides unique counter block values. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The following tests require the developer to provide access to a test The following tests require the developer to provide access to a test platform that provides the evaluator with tools that are typically not platform that provides the evaluator with tools that are typically not found on factory products. found on factory products. The following tests are conditional based upon the selections made in The following tests are conditional based upon the selections made in the [SFR](#abbr_SFR). The evaluator shall perform the following test or the [SFR](#abbr_SFR). The evaluator shall perform the following test or witness respective tests executed by the developer. The tests must be witness respective tests executed by the developer. The tests must be executed on a platform that is as close as practically possible to the executed on a platform that is as close as practically possible to the operational platform (but which may be instrumented in terms of, for operational platform (but which may be instrumented in terms of, for example, use of a debug mode). Where the test is not carried out on the example, use of a debug mode). Where the test is not carried out on the [TOE](#abbr_TOE) itself, the test platform shall be identified and the [TOE](#abbr_TOE) itself, the test platform shall be identified and the differences between test environment and [TOE](#abbr_TOE) execution differences between test environment and [TOE](#abbr_TOE) execution environment shall be described. environment shall be described. Preconditions for testing: Preconditions for testing: - Specification of keys as input parameter to the function to be - Specification of keys as input parameter to the function to be tested tested - specification of required input parameters such as modes - specification of required input parameters such as modes - Specification of user data (plaintext) - Specification of user data (plaintext) - Tapping of encrypted user data (ciphertext) directly in the - Tapping of encrypted user data (ciphertext) directly in the non-volatile memory non-volatile memory **[AES](#abbr_AES)-CBC:**\ **[AES](#abbr_AES)-CBC:**\ For the [AES](#abbr_AES)-CBC tests described below, the plaintext, For the [AES](#abbr_AES)-CBC tests described below, the plaintext, ciphertext, and IV values shall consist of 128-bit blocks. To determine ciphertext, and IV values shall consist of 128-bit blocks. To determine correctness, the evaluator shall compare the resulting values to those correctness, the evaluator shall compare the resulting values to those obtained by submitting the same inputs to a known-good implementation. obtained by submitting the same inputs to a known-good implementation. These tests are intended to be equivalent to those described in These tests are intended to be equivalent to those described in [NIST](#abbr_NIST)'s [AES](#abbr_AES) Algorithm Validation Suite [NIST](#abbr_NIST)'s [AES](#abbr_AES) Algorithm Validation Suite (AESAVS) ( (AESAVS) ( ). It is ). It is not recommended that the evaluator use values obtained from static not recommended that the evaluator use values obtained from static sources such as the example [NIST](#abbr_NIST)'s [AES](#abbr_AES) Known sources such as the example [NIST](#abbr_NIST)'s [AES](#abbr_AES) Known Answer Test Values from the AESAVS document, or use values not generated Answer Test Values from the AESAVS document, or use values not generated expressly to exercise the [AES](#abbr_AES)-CBC implementation. expressly to exercise the [AES](#abbr_AES)-CBC implementation. ***[AES](#abbr_AES)-CBC Known Answer Tests*** ***[AES](#abbr_AES)-CBC Known Answer Tests*** [KAT-1 (GFSBox):]{.underline} To test the encrypt functionality of [KAT-1 (GFSBox):]{.underline} To test the encrypt functionality of [AES](#abbr_AES)-CBC, the evaluator shall supply a set of five different [AES](#abbr_AES)-CBC, the evaluator shall supply a set of five different plaintext values for each selected key size and obtain the ciphertext plaintext values for each selected key size and obtain the ciphertext value that results from [AES](#abbr_AES)-CBC encryption of the given value that results from [AES](#abbr_AES)-CBC encryption of the given plaintext using a key value of all zeros and an IV of all zeros. plaintext using a key value of all zeros and an IV of all zeros. To test the decrypt functionality of [AES](#abbr_AES)-CBC, the evaluator To test the decrypt functionality of [AES](#abbr_AES)-CBC, the evaluator shall supply a set of five different ciphertext values for each selected shall supply a set of five different ciphertext values for each selected key size and obtain the plaintext value that results from key size and obtain the plaintext value that results from [AES](#abbr_AES)-CBC decryption of the given ciphertext using a key [AES](#abbr_AES)-CBC decryption of the given ciphertext using a key value of all zeros and an IV of all zeros. value of all zeros and an IV of all zeros. [KAT-2 (KeySBox):]{.underline} To test the encrypt functionality of [KAT-2 (KeySBox):]{.underline} To test the encrypt functionality of [AES](#abbr_AES)-CBC, the evaluator shall supply a set of five different [AES](#abbr_AES)-CBC, the evaluator shall supply a set of five different key values for each selected key size and obtain the ciphertext value key values for each selected key size and obtain the ciphertext value that results from [AES](#abbr_AES)-CBC encryption of an all-zeros that results from [AES](#abbr_AES)-CBC encryption of an all-zeros plaintext using the given key value and an IV of all zeros. plaintext using the given key value and an IV of all zeros. To test the decrypt functionality of [AES](#abbr_AES)-CBC, the evaluator To test the decrypt functionality of [AES](#abbr_AES)-CBC, the evaluator shall supply a set of five different key values for each selected key shall supply a set of five different key values for each selected key size and obtain the plaintext that results from [AES](#abbr_AES)-CBC size and obtain the plaintext that results from [AES](#abbr_AES)-CBC decryption of an all-zeros ciphertext using the given key and an IV of decryption of an all-zeros ciphertext using the given key and an IV of all zeros. all zeros. [KAT-3 (Variable Key):]{.underline} To test the encrypt functionality of [KAT-3 (Variable Key):]{.underline} To test the encrypt functionality of [AES](#abbr_AES)-CBC, the evaluator shall supply a set of keys for each [AES](#abbr_AES)-CBC, the evaluator shall supply a set of keys for each selected key size (as described below) and obtain the ciphertext value selected key size (as described below) and obtain the ciphertext value that results from [AES](#abbr_AES) encryption of an all-zeros plaintext that results from [AES](#abbr_AES) encryption of an all-zeros plaintext using each key and an IV of all zeros. using each key and an IV of all zeros. Key i in each set shall have the leftmost i bits set to ones and the Key i in each set shall have the leftmost i bits set to ones and the remaining bits to zeros, for values of i from 1 to the key size. The remaining bits to zeros, for values of i from 1 to the key size. The keys and corresponding ciphertext are listed in AESAVS, Appendix E. keys and corresponding ciphertext are listed in AESAVS, Appendix E. To test the decrypt functionality of [AES](#abbr_AES)-CBC, the evaluator To test the decrypt functionality of [AES](#abbr_AES)-CBC, the evaluator shall use the same keys as above to decrypt the ciphertext results from shall use the same keys as above to decrypt the ciphertext results from above. Each decryption should result in an all-zeros plaintext. above. Each decryption should result in an all-zeros plaintext. [KAT-4 (Variable Text):]{.underline} To test the encrypt functionality [KAT-4 (Variable Text):]{.underline} To test the encrypt functionality of [AES](#abbr_AES)-CBC, for each selected key size, the evaluator shall of [AES](#abbr_AES)-CBC, for each selected key size, the evaluator shall supply a set of 128-bit plaintext values (as described below) and obtain supply a set of 128-bit plaintext values (as described below) and obtain the ciphertext values that result from [AES](#abbr_AES)-CBC encryption the ciphertext values that result from [AES](#abbr_AES)-CBC encryption of each plaintext value using a key of each size and IV consisting of of each plaintext value using a key of each size and IV consisting of all zeros. all zeros. Plaintext value i shall have the leftmost i bits set to ones and the Plaintext value i shall have the leftmost i bits set to ones and the remaining bits set to zeros, for values of i from 1 to 128. The remaining bits set to zeros, for values of i from 1 to 128. The plaintext values are listed in AESAVS, Appendix D. plaintext values are listed in AESAVS, Appendix D. To test the decrypt functionality of [AES](#abbr_AES)-CBC, for each To test the decrypt functionality of [AES](#abbr_AES)-CBC, for each selected key size, use the plaintext values from above as ciphertext selected key size, use the plaintext values from above as ciphertext input, and [AES](#abbr_AES)-CBC decrypt each ciphertext value using key input, and [AES](#abbr_AES)-CBC decrypt each ciphertext value using key of each size consisting of all zeros and an IV of all zeros. of each size consisting of all zeros and an IV of all zeros. ***[AES](#abbr_AES)-CBC Multi-Block Message Test*** ***[AES](#abbr_AES)-CBC Multi-Block Message Test*** The evaluator shall test the encrypt functionality by encrypting nine The evaluator shall test the encrypt functionality by encrypting nine i-block messages for each selected key size, for 2 ≤ i ≤ 10. For each i-block messages for each selected key size, for 2 ≤ i ≤ 10. For each test, the evaluator shall supply a key, an IV, and a plaintext message test, the evaluator shall supply a key, an IV, and a plaintext message of length i blocks, and encrypt the message using [AES](#abbr_AES)-CBC. of length i blocks, and encrypt the message using [AES](#abbr_AES)-CBC. The resulting ciphertext values shall be compared to the results of The resulting ciphertext values shall be compared to the results of encrypting the plaintext messages using a known good implementation. encrypting the plaintext messages using a known good implementation. The evaluator shall test the decrypt functionality by decrypting nine The evaluator shall test the decrypt functionality by decrypting nine i-block messages for each selected key size, for 2 ≤ i ≤ 10. For each i-block messages for each selected key size, for 2 ≤ i ≤ 10. For each test, the evaluator shall supply a key, an IV, and a ciphertext message test, the evaluator shall supply a key, an IV, and a ciphertext message of length i blocks, and decrypt the message using [AES](#abbr_AES)-CBC. of length i blocks, and decrypt the message using [AES](#abbr_AES)-CBC. The resulting plaintext values shall be compared to the results of The resulting plaintext values shall be compared to the results of decrypting the ciphertext messages using a known good implementation. decrypting the ciphertext messages using a known good implementation. ***[AES](#abbr_AES)-CBC Monte Carlo Tests*** ***[AES](#abbr_AES)-CBC Monte Carlo Tests*** The evaluator shall test the encrypt functionality for each selected key The evaluator shall test the encrypt functionality for each selected key size using 100 3-tuples of pseudo-random values for plaintext, IVs, and size using 100 3-tuples of pseudo-random values for plaintext, IVs, and keys. keys. The evaluator shall supply a single 3-tuple of pseudo-random values for The evaluator shall supply a single 3-tuple of pseudo-random values for each selected key size. This 3-tuple of plaintext, IV, and key is each selected key size. This 3-tuple of plaintext, IV, and key is provided as input to the below algorithm to generate the remaining 99 provided as input to the below algorithm to generate the remaining 99 3-tuples, and to run each 3-tuple through 1000 iterations of 3-tuples, and to run each 3-tuple through 1000 iterations of [AES](#abbr_AES)-CBC encryption. [AES](#abbr_AES)-CBC encryption. # Input: PT, IV, Key # Input: PT, IV, Key Key[0] = Key Key[0] = Key IV[0] = IV IV[0] = IV PT[0] = PT PT[0] = PT for i = 0 to 99 { for i = 0 to 99 { Output Key[i], IV[i], PT[0] Output Key[i], IV[i], PT[0] for j = 0 to 999 { for j = 0 to 999 { if (j == 0) { if (j == 0) { CT[j] = AES-CBC-Encrypt(Key[i], IV[i], PT[j]) CT[j] = AES-CBC-Encrypt(Key[i], IV[i], PT[j]) PT[j+1] = IV[i] PT[j+1] = IV[i] } else { } else { CT[j] = AES-CBC-Encrypt(Key[i], PT[j]) CT[j] = AES-CBC-Encrypt(Key[i], PT[j]) PT[j+1] = CT[j-1] PT[j+1] = CT[j-1] } } } } Output CT[j] Output CT[j] If (KeySize == 128) Key[i+1] = Key[i] xor CT[j] If (KeySize == 128) Key[i+1] = Key[i] xor CT[j] If (KeySize == 192) Key[i+1] = Key[i] xor (last 64 bits of CT[j-1] || If (KeySize == 192) Key[i+1] = Key[i] xor (last 64 bits of CT[j-1] || If (KeySize == 256) Key[i+1] = Key[i] xor ((CT[j-1] | CT[j]) If (KeySize == 256) Key[i+1] = Key[i] xor ((CT[j-1] | CT[j]) IV[i+1] = CT[j] IV[i+1] = CT[j] PT[0] = CT[j-1] PT[0] = CT[j-1] } } The ciphertext computed in the 1000th iteration (CT\[999\]) is the The ciphertext computed in the 1000th iteration (CT\[999\]) is the result for each of the 100 3-tuples for each selected key size. This result for each of the 100 3-tuples for each selected key size. This result shall be compared to the result of running 1000 iterations with result shall be compared to the result of running 1000 iterations with the same values using a known good implementation. the same values using a known good implementation. The evaluator shall test the decrypt functionality using the same test The evaluator shall test the decrypt functionality using the same test as above, exchanging CT and PT, and replacing as above, exchanging CT and PT, and replacing [AES](#abbr_AES)-CBC-Encrypt with [AES](#abbr_AES)-CBC-Decrypt. [AES](#abbr_AES)-CBC-Encrypt with [AES](#abbr_AES)-CBC-Decrypt. **[AES](#abbr_AES)-CCM:** **[AES](#abbr_AES)-CCM:** These tests are intended to be equivalent to those described in the These tests are intended to be equivalent to those described in the [NIST](#abbr_NIST) document, "The CCM Validation System (CCMVS)," [NIST](#abbr_NIST) document, "The CCM Validation System (CCMVS)," updated 9 Jan 2012, found at updated 9 Jan 2012, found at . . It is not recommended that the evaluator use values obtained from static It is not recommended that the evaluator use values obtained from static sources such as sources such as http://csrc.nist.gov/groups/STM/cavp/documents/mac/ccmtestvectors.zip or http://csrc.nist.gov/groups/STM/cavp/documents/mac/ccmtestvectors.zip or use values not generated expressly to exercise the [AES](#abbr_AES)-CCM use values not generated expressly to exercise the [AES](#abbr_AES)-CCM implementation. implementation. The evaluator shall test the generation-encryption and The evaluator shall test the generation-encryption and decryption-verification functionality of [AES](#abbr_AES)-CCM for the decryption-verification functionality of [AES](#abbr_AES)-CCM for the following input parameter and tag lengths: following input parameter and tag lengths: - **Keys:** All supported and selected key sizes (e.g., 128, 192, or - **Keys:** All supported and selected key sizes (e.g., 128, 192, or 256 bits). 256 bits). - **Associated Data:** Two or three values for associated data length: - **Associated Data:** Two or three values for associated data length: The minimum (≥ 0 bytes) and maximum (≤ 32 bytes) supported The minimum (≥ 0 bytes) and maximum (≤ 32 bytes) supported associated data lengths, and 2\^16 (65536) bytes, if supported. associated data lengths, and 2\^16 (65536) bytes, if supported. - **Payload:** Two values for payload length: The minimum (≥ 0 bytes) - **Payload:** Two values for payload length: The minimum (≥ 0 bytes) and maximum (≤ 32 bytes) supported payload lengths. and maximum (≤ 32 bytes) supported payload lengths. - **Nonces:** All supported nonce lengths (e.g., 8, 9, 10, 11, 12, 13) - **Nonces:** All supported nonce lengths (e.g., 8, 9, 10, 11, 12, 13) in bytes. in bytes. - **Tag:** All supported tag lengths (e.g., 4, 6, 8, 10, 12, 14, 16) - **Tag:** All supported tag lengths (e.g., 4, 6, 8, 10, 12, 14, 16) in bytes. in bytes. The testing for CCM consists of five tests. To determine correctness in The testing for CCM consists of five tests. To determine correctness in each of the below tests, the evaluator shall compare the ciphertext with each of the below tests, the evaluator shall compare the ciphertext with the result of encryption of the same inputs with a known good the result of encryption of the same inputs with a known good implementation. implementation. Variable Associated Data Test: For each supported key size and Variable Associated Data Test: For each supported key size and associated data length, and any supported payload length, nonce length, associated data length, and any supported payload length, nonce length, and tag length, the evaluator shall supply one key value, one nonce and tag length, the evaluator shall supply one key value, one nonce value, and 10 pairs of associated data and payload values, and obtain value, and 10 pairs of associated data and payload values, and obtain the resulting ciphertext. the resulting ciphertext. Variable Payload Text: For each supported key size and payload length, Variable Payload Text: For each supported key size and payload length, and any supported associated data length, nonce length, and tag length, and any supported associated data length, nonce length, and tag length, the evaluator shall supply one key value, one nonce value, and 10 pairs the evaluator shall supply one key value, one nonce value, and 10 pairs of associated data and payload values, and obtain the resulting of associated data and payload values, and obtain the resulting ciphertext. ciphertext. Variable Nonce Test: For each supported key size and nonce length, and Variable Nonce Test: For each supported key size and nonce length, and any supported associated data length, payload length, and tag length, any supported associated data length, payload length, and tag length, the evaluator shall supply one key value, one nonce value, and 10 pairs the evaluator shall supply one key value, one nonce value, and 10 pairs of associated data and payload values, and obtain the resulting of associated data and payload values, and obtain the resulting ciphertext. ciphertext. Variable Tag Test: For each supported key size and tag length, and any Variable Tag Test: For each supported key size and tag length, and any supported associated data length, payload length, and nonce length, the supported associated data length, payload length, and nonce length, the evaluator shall supply one key value, one nonce value, and 10 pairs of evaluator shall supply one key value, one nonce value, and 10 pairs of associated data and payload values, and obtain the resulting ciphertext. associated data and payload values, and obtain the resulting ciphertext. Decryption-Verification Process Test: To test the Decryption-Verification Process Test: To test the decryption-verification functionality of [AES](#abbr_AES)-CCM, for each decryption-verification functionality of [AES](#abbr_AES)-CCM, for each combination of supported associated data length, payload length, nonce combination of supported associated data length, payload length, nonce length, and tag length, the evaluator shall supply a key value and 15 length, and tag length, the evaluator shall supply a key value and 15 sets of input plus ciphertext, and obtain the decrypted payload. Ten of sets of input plus ciphertext, and obtain the decrypted payload. Ten of the 15 input sets supplied should fail verification and five should the 15 input sets supplied should fail verification and five should pass. pass. **[AES](#abbr_AES)-GCM:** These tests are intended to be equivalent to **[AES](#abbr_AES)-GCM:** These tests are intended to be equivalent to those described in the [NIST](#abbr_NIST) document, "The Galois/Counter those described in the [NIST](#abbr_NIST) document, "The Galois/Counter Mode (GCM) and GMAC Validation System (GCMVS) with the Addition of XPN Mode (GCM) and GMAC Validation System (GCMVS) with the Addition of XPN Validation Testing," rev. 15 Jun 2016, section 6.2, found at Validation Testing," rev. 15 Jun 2016, section 6.2, found at . . It is not recommended that the evaluator use values obtained from static It is not recommended that the evaluator use values obtained from static sources such as sources such as http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip, http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip, or use values not generated expressly to exercise the or use values not generated expressly to exercise the [AES](#abbr_AES)-GCM implementation. [AES](#abbr_AES)-GCM implementation. The evaluator shall test the authenticated encryption functionality of The evaluator shall test the authenticated encryption functionality of [AES](#abbr_AES)-GCM by supplying 15 sets of Key, Plaintext, AAD, IV, [AES](#abbr_AES)-GCM by supplying 15 sets of Key, Plaintext, AAD, IV, and Tag data for every combination of the following parameters as and Tag data for every combination of the following parameters as selected in the [ST](#abbr_ST) and supported by the implementation under selected in the [ST](#abbr_ST) and supported by the implementation under test: test: - **Key size in bits:** Each selected and supported key size (e.g., - **Key size in bits:** Each selected and supported key size (e.g., 128, 192, or 256 bits). 128, 192, or 256 bits). - **Plaintext length in bits:** Up to four values for plaintext - **Plaintext length in bits:** Up to four values for plaintext length: Two values that are non-zero integer multiples of 128, if length: Two values that are non-zero integer multiples of 128, if supported. And two values that are non-multiples of 128, if supported. And two values that are non-multiples of 128, if supported. supported. - **AAD length in bits:** Up to five values for AAD length: - **AAD length in bits:** Up to five values for AAD length: Zero-length, if supported. Two values that are non-zero integer Zero-length, if supported. Two values that are non-zero integer multiples of 128, if supported. And two values that are integer multiples of 128, if supported. And two values that are integer non-multiples of 128, if supported. non-multiples of 128, if supported. - **IV length in bits:** Up to three values for IV length: 96 bits. - **IV length in bits:** Up to three values for IV length: 96 bits. Minimum and maximum supported lengths, if different. Minimum and maximum supported lengths, if different. - **[MAC](#abbr_MAC) length in bits:** Each supported length (e.g., - **[MAC](#abbr_MAC) length in bits:** Each supported length (e.g., 128, 120, 112, 104, 96). 128, 120, 112, 104, 96). To determine correctness, the evaluator shall compare the resulting To determine correctness, the evaluator shall compare the resulting values to those obtained by submitting the same inputs to a known-good values to those obtained by submitting the same inputs to a known-good implementation. implementation. The evaluator shall test the authenticated decrypt functionality of The evaluator shall test the authenticated decrypt functionality of [AES](#abbr_AES)-GCM by supplying 15 Ciphertext-Tag pairs for every [AES](#abbr_AES)-GCM by supplying 15 Ciphertext-Tag pairs for every combination of the above parameters, replacing Plaintext length with combination of the above parameters, replacing Plaintext length with Ciphertext length. For each parameter combination the evaluator shall Ciphertext length. For each parameter combination the evaluator shall introduce an error into either the Ciphertext or the Tag such that introduce an error into either the Ciphertext or the Tag such that approximately half of the cases are correct and half the cases contain approximately half of the cases are correct and half the cases contain errors. To determine correctness, the evaluator shall compare the errors. To determine correctness, the evaluator shall compare the resulting pass/fail status and Plaintext values to the results obtained resulting pass/fail status and Plaintext values to the results obtained by submitting the same inputs to a known-good implementation. by submitting the same inputs to a known-good implementation. **[AES](#abbr_AES)-CTR:** **[AES](#abbr_AES)-CTR:** For the [AES](#abbr_AES)-CTR tests described below, the plaintext and For the [AES](#abbr_AES)-CTR tests described below, the plaintext and ciphertext values shall consist of 128-bit blocks. To determine ciphertext values shall consist of 128-bit blocks. To determine correctness, the evaluator shall compare the resulting values to those correctness, the evaluator shall compare the resulting values to those obtained by submitting the same inputs to a known-good implementation. obtained by submitting the same inputs to a known-good implementation. These tests are intended to be equivalent to those described in These tests are intended to be equivalent to those described in [NIST](#abbr_NIST)'s [AES](#abbr_AES) Algorithm Validation Suite [NIST](#abbr_NIST)'s [AES](#abbr_AES) Algorithm Validation Suite (AESAVS) ( (AESAVS) ( ). It is ). It is not recommended that the evaluator use values obtained from static not recommended that the evaluator use values obtained from static sources such as the example [NIST](#abbr_NIST)'s [AES](#abbr_AES) Known sources such as the example [NIST](#abbr_NIST)'s [AES](#abbr_AES) Known Answer Test Values from the AESAVS document, or use values not generated Answer Test Values from the AESAVS document, or use values not generated expressly to exercise the [AES](#abbr_AES)-CTR implementation. expressly to exercise the [AES](#abbr_AES)-CTR implementation. ***[AES](#abbr_AES)-CTR Known Answer Tests*** ***[AES](#abbr_AES)-CTR Known Answer Tests*** [KAT-1 (GFSBox):]{.underline} To test the encrypt functionality of [KAT-1 (GFSBox):]{.underline} To test the encrypt functionality of [AES](#abbr_AES)-CTR, the evaluator shall supply a set of five different [AES](#abbr_AES)-CTR, the evaluator shall supply a set of five different plaintext values for each selected key size and obtain the ciphertext plaintext values for each selected key size and obtain the ciphertext value that results from [AES](#abbr_AES)-CTR encryption of the given value that results from [AES](#abbr_AES)-CTR encryption of the given plaintext using a key value of all zeros. plaintext using a key value of all zeros. To test the decrypt functionality of [AES](#abbr_AES)-CTR, the evaluator To test the decrypt functionality of [AES](#abbr_AES)-CTR, the evaluator shall supply a set of five different ciphertext values for each selected shall supply a set of five different ciphertext values for each selected key size and obtain the plaintext value that results from key size and obtain the plaintext value that results from [AES](#abbr_AES)-CTR decryption of the given ciphertext using a key [AES](#abbr_AES)-CTR decryption of the given ciphertext using a key value of all zeros. value of all zeros. [KAT-2 (KeySBox):]{.underline} To test the encrypt functionality of [KAT-2 (KeySBox):]{.underline} To test the encrypt functionality of [AES](#abbr_AES)-CTR, the evaluator shall supply a set of five different [AES](#abbr_AES)-CTR, the evaluator shall supply a set of five different key values for each selected key size and obtain the ciphertext value key values for each selected key size and obtain the ciphertext value that results from [AES](#abbr_AES)-CTR encryption of an all-zeros that results from [AES](#abbr_AES)-CTR encryption of an all-zeros plaintext using the given key value. plaintext using the given key value. To test the decrypt functionality of [AES](#abbr_AES)-CTR, the evaluator To test the decrypt functionality of [AES](#abbr_AES)-CTR, the evaluator shall supply a set of five different key values for each selected key shall supply a set of five different key values for each selected key size and obtain the plaintext that results from [AES](#abbr_AES)-CTR size and obtain the plaintext that results from [AES](#abbr_AES)-CTR decryption of an all-zeros ciphertext using the given key. decryption of an all-zeros ciphertext using the given key. [KAT-3 (Variable Key):]{.underline} To test the encrypt functionality of [KAT-3 (Variable Key):]{.underline} To test the encrypt functionality of [AES](#abbr_AES)-CTR, the evaluator shall supply a set of keys for each [AES](#abbr_AES)-CTR, the evaluator shall supply a set of keys for each selected key size (as described below) and obtain the ciphertext value selected key size (as described below) and obtain the ciphertext value that results from [AES](#abbr_AES) encryption of an all-zeros plaintext that results from [AES](#abbr_AES) encryption of an all-zeros plaintext using each key. using each key. Key i in each set shall have the leftmost i bits set to ones and the Key i in each set shall have the leftmost i bits set to ones and the remaining bits to zeros, for values of i from 1 to the key size. The remaining bits to zeros, for values of i from 1 to the key size. The keys and corresponding ciphertext are listed in AESAVS, Appendix E. keys and corresponding ciphertext are listed in AESAVS, Appendix E. To test the decrypt functionality of [AES](#abbr_AES)-CTR, the evaluator To test the decrypt functionality of [AES](#abbr_AES)-CTR, the evaluator shall use the same keys as above to decrypt the ciphertext results from shall use the same keys as above to decrypt the ciphertext results from above. Each decryption should result in an all-zeros plaintext. above. Each decryption should result in an all-zeros plaintext. [KAT-4 (Variable Text):]{.underline} To test the encrypt functionality [KAT-4 (Variable Text):]{.underline} To test the encrypt functionality of [AES](#abbr_AES)-CTR, for each selected key size, the evaluator shall of [AES](#abbr_AES)-CTR, for each selected key size, the evaluator shall supply a set of 128-bit plaintext values (as described below) and obtain supply a set of 128-bit plaintext values (as described below) and obtain the ciphertext values that result from [AES](#abbr_AES)-CTR encryption the ciphertext values that result from [AES](#abbr_AES)-CTR encryption of each plaintext value using a key of each size. of each plaintext value using a key of each size. Plaintext value i shall have the leftmost i bits set to ones and the Plaintext value i shall have the leftmost i bits set to ones and the remaining bits set to zeros, for values of i from 1 to 128. The remaining bits set to zeros, for values of i from 1 to 128. The plaintext values are listed in AESAVS, Appendix D. plaintext values are listed in AESAVS, Appendix D. To test the decrypt functionality of [AES](#abbr_AES)-CTR, for each To test the decrypt functionality of [AES](#abbr_AES)-CTR, for each selected key size, use the plaintext values from above as ciphertext selected key size, use the plaintext values from above as ciphertext input, and [AES](#abbr_AES)-CTR decrypt each ciphertext value using key input, and [AES](#abbr_AES)-CTR decrypt each ciphertext value using key of each size consisting of all zeros. of each size consisting of all zeros. ***[AES](#abbr_AES)-CTR Multi-Block Message Test*** ***[AES](#abbr_AES)-CTR Multi-Block Message Test*** The evaluator shall test the encrypt functionality by encrypting nine The evaluator shall test the encrypt functionality by encrypting nine i-block messages for each selected key size, for 2 ≤ i ≤ 10. For each i-block messages for each selected key size, for 2 ≤ i ≤ 10. For each test, the evaluator shall supply a key and a plaintext message of length test, the evaluator shall supply a key and a plaintext message of length i blocks, and encrypt the message using [AES](#abbr_AES)-CTR. The i blocks, and encrypt the message using [AES](#abbr_AES)-CTR. The resulting ciphertext values shall be compared to the results of resulting ciphertext values shall be compared to the results of encrypting the plaintext messages using a known good implementation. encrypting the plaintext messages using a known good implementation. The evaluator shall test the decrypt functionality by decrypting nine The evaluator shall test the decrypt functionality by decrypting nine i-block messages for each selected key size, for 2 ≤ i ≤ 10. For each i-block messages for each selected key size, for 2 ≤ i ≤ 10. For each test, the evaluator shall supply a key and a ciphertext message of test, the evaluator shall supply a key and a ciphertext message of length i blocks, and decrypt the message using [AES](#abbr_AES)-CTR. The length i blocks, and decrypt the message using [AES](#abbr_AES)-CTR. The resulting plaintext values shall be compared to the results of resulting plaintext values shall be compared to the results of decrypting the ciphertext messages using a known good implementation. decrypting the ciphertext messages using a known good implementation. ***[AES](#abbr_AES)-CTR Monte Carlo Tests*** ***[AES](#abbr_AES)-CTR Monte Carlo Tests*** The evaluator shall test the encrypt functionality for each selected key The evaluator shall test the encrypt functionality for each selected key size using 100 2-tuples of pseudo-random values for plaintext and keys. size using 100 2-tuples of pseudo-random values for plaintext and keys. The evaluator shall supply a single 2-tuple of pseudo-random values for The evaluator shall supply a single 2-tuple of pseudo-random values for each selected key size. This 2-tuple of plaintext and key is provided as each selected key size. This 2-tuple of plaintext and key is provided as input to the below algorithm to generate the remaining 99 2-tuples, and input to the below algorithm to generate the remaining 99 2-tuples, and to run each 2-tuple through 1000 iterations of [AES](#abbr_AES)-CTR to run each 2-tuple through 1000 iterations of [AES](#abbr_AES)-CTR encryption. encryption. # Input: PT, Key # Input: PT, Key Key[0] = Key Key[0] = Key PT[0] = PT PT[0] = PT for i = 0 to 99 { for i = 0 to 99 { Output Key[i], PT[0] Output Key[i], PT[0] for j = 0 to 999 { for j = 0 to 999 { CT[j] = AES-CTR-Encrypt(Key[i], PT[j]) CT[j] = AES-CTR-Encrypt(Key[i], PT[j]) PT[j+1] = CT[j] PT[j+1] = CT[j] } } Output CT[j] Output CT[j] If (KeySize == 128) Key[i+1] = Key[i] xor CT[j] If (KeySize == 128) Key[i+1] = Key[i] xor CT[j] If (KeySize == 192) Key[i+1] = Key[i] xor (last 64 bits of CT[j-1] || If (KeySize == 192) Key[i+1] = Key[i] xor (last 64 bits of CT[j-1] || If (KeySize == 256) Key[i+1] = Key[i] xor ((CT[j-1] | CT[j]) If (KeySize == 256) Key[i+1] = Key[i] xor ((CT[j-1] | CT[j]) PT[0] = CT[j] PT[0] = CT[j] } } The ciphertext computed in the 1000th iteration (CT\[999\]) is the The ciphertext computed in the 1000th iteration (CT\[999\]) is the result for each of the 100 2-tuples for each selected key size. This result for each of the 100 2-tuples for each selected key size. This result shall be compared to the result of running 1000 iterations with result shall be compared to the result of running 1000 iterations with the same values using a known good implementation. the same values using a known good implementation. The evaluator shall test the decrypt functionality using the same test The evaluator shall test the decrypt functionality using the same test as above, exchanging CT and PT, and replacing as above, exchanging CT and PT, and replacing [AES](#abbr_AES)-CTR-Encrypt with [AES](#abbr_AES)-CTR-Decrypt. 198 Note [AES](#abbr_AES)-CTR-Encrypt with [AES](#abbr_AES)-CTR-Decrypt. 198 Note additional design considerations for this mode are addressed in the KMD additional design considerations for this mode are addressed in the KMD requirements. requirements. **XTS-AES:** These tests are intended to be equivalent to those **XTS-AES:** These tests are intended to be equivalent to those described in the [NIST](#abbr_NIST) document, "The XTS-AES Validation described in the [NIST](#abbr_NIST) document, "The XTS-AES Validation System (XTSVS)," updated 5 Sept 2013, found at System (XTSVS)," updated 5 Sept 2013, found at It is not recommended that the evaluator use values obtained from static It is not recommended that the evaluator use values obtained from static sources such as the XTS-AES test vectors at sources such as the XTS-AES test vectors at http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip or http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip or use values not generated expressly to exercise the XTS-AES use values not generated expressly to exercise the XTS-AES implementation. implementation. The evaluator shall generate test values as follows: The evaluator shall generate test values as follows: For each supported key size (256 bit (for [AES](#abbr_AES)-128) and 512 For each supported key size (256 bit (for [AES](#abbr_AES)-128) and 512 bit (for [AES](#abbr_AES)-256) keys), the evaluator shall provide up to bit (for [AES](#abbr_AES)-256) keys), the evaluator shall provide up to five data lengths: five data lengths: - Two data lengths divisible by the 128-bit block size, If data unit - Two data lengths divisible by the 128-bit block size, If data unit lengths of complete block sizes are supported. lengths of complete block sizes are supported. - Two data lengths not divisible by the 128-bit block size, if data - Two data lengths not divisible by the 128-bit block size, if data unit lengths of partial block sizes are supported. unit lengths of partial block sizes are supported. - The largest data length supported by the implementation, or 2\^16 - The largest data length supported by the implementation, or 2\^16 (65536), whichever is larger. (65536), whichever is larger. The evaluator shall specify whether the implementation supports tweak The evaluator shall specify whether the implementation supports tweak values of 128-bit hexadecimal strings or a data unit sequence numbers, values of 128-bit hexadecimal strings or a data unit sequence numbers, or both. or both. For each combination of key size and data length, the evaluator shall For each combination of key size and data length, the evaluator shall provide 100 sets of input data and obtain the ciphertext that results provide 100 sets of input data and obtain the ciphertext that results from XTS-AES encryption. If both kinds of tweak values are supported, from XTS-AES encryption. If both kinds of tweak values are supported, then each type of tweak value shall be used in half of every 100 sets of then each type of tweak value shall be used in half of every 100 sets of input data, for all combinations of key size and data length. The input data, for all combinations of key size and data length. The evaluator shall verify that the resulting ciphertext matches the results evaluator shall verify that the resulting ciphertext matches the results from submitting the same inputs to a known-good implementation of from submitting the same inputs to a known-good implementation of XTS-AES. XTS-AES. The evaluator shall test the decrypt functionality of XTS-AES using the The evaluator shall test the decrypt functionality of XTS-AES using the same test as for encrypt, replacing plaintext values with ciphertext same test as for encrypt, replacing plaintext values with ciphertext values and XTS-AES encrypt with XTS- [AES](#abbr_AES) decrypt. values and XTS-AES encrypt with XTS- [AES](#abbr_AES) decrypt. The evaluator shall check that the full length keys are created by The evaluator shall check that the full length keys are created by methods that ensure that the two halves are different and independent. methods that ensure that the two halves are different and independent. **[AES](#abbr_AES)-KWP:** **[AES](#abbr_AES)-KWP:** The tests below are derived from "The Key Wrap Validation System (KWVS), The tests below are derived from "The Key Wrap Validation System (KWVS), Updated: June 20, 2014" from the National Institute of Standards and Updated: June 20, 2014" from the National Institute of Standards and Technology. Technology. The evaluator shall test the authenticated-encryption functionality of The evaluator shall test the authenticated-encryption functionality of [AES](#abbr_AES)-KWP (KWP-AE) using the same test as for [AES](#abbr_AES)-KWP (KWP-AE) using the same test as for [AES](#abbr_AES)-KW authenticated-encryption with the following change [AES](#abbr_AES)-KW authenticated-encryption with the following change in the five plaintext lengths: in the five plaintext lengths: - Four lengths that are multiples of 8 bits - Four lengths that are multiples of 8 bits - The largest supported length less than or equal to 4096 bits. - The largest supported length less than or equal to 4096 bits. The evaluator shall test the authenticated-decryption (KWP-AD) The evaluator shall test the authenticated-decryption (KWP-AD) functionality of [AES](#abbr_AES)-KWP using the same test as for functionality of [AES](#abbr_AES)-KWP using the same test as for [AES](#abbr_AES)-KWP authenticated-encryption, replacing plaintext [AES](#abbr_AES)-KWP authenticated-encryption, replacing plaintext values with ciphertext values and [AES](#abbr_AES)-KWP authenticated values with ciphertext values and [AES](#abbr_AES)-KWP authenticated encryption with [AES](#abbr_AES)-KWP authenticated-decryption. For the encryption with [AES](#abbr_AES)-KWP authenticated-decryption. For the Authenticated Decryption test, 20 out of the 100 trials per plaintext Authenticated Decryption test, 20 out of the 100 trials per plaintext length have ciphertext values that fail authentication. length have ciphertext values that fail authentication. Additionally, the evaluator shall perform the following negative tests: Additionally, the evaluator shall perform the following negative tests: **Test 1: (invalid plaintext length):** Determine the valid plaintext **Test 1: (invalid plaintext length):** Determine the valid plaintext lengths of the implementation from the [TOE](#abbr_TOE) specification. lengths of the implementation from the [TOE](#abbr_TOE) specification. Verify that the implementation of KWP-AE in the [TOE](#abbr_TOE) rejects Verify that the implementation of KWP-AE in the [TOE](#abbr_TOE) rejects plaintext of invalid length by testing plaintext of the following plaintext of invalid length by testing plaintext of the following lengths: 1) plaintext with length greater than 64 semi-blocks, 2) lengths: 1) plaintext with length greater than 64 semi-blocks, 2) plaintext with bit-length not divisible by 8, and 3) plaintext with plaintext with bit-length not divisible by 8, and 3) plaintext with length 0. length 0. **Test 2: (invalid ciphertext length):** Determine the valid ciphertext **Test 2: (invalid ciphertext length):** Determine the valid ciphertext lengths of the implementation from the [TOE](#abbr_TOE) specification. lengths of the implementation from the [TOE](#abbr_TOE) specification. Verify that the implementation of KWP-AD in the [TOE](#abbr_TOE) rejects Verify that the implementation of KWP-AD in the [TOE](#abbr_TOE) rejects ciphertext of invalid length by testing ciphertext of the following ciphertext of invalid length by testing ciphertext of the following lengths: 1) ciphertext with length greater than 65 semi-blocks, 2) lengths: 1) ciphertext with length greater than 65 semi-blocks, 2) ciphertext with bit-length not divisible by 64, 3) ciphertext with ciphertext with bit-length not divisible by 64, 3) ciphertext with length 0, and 4) ciphertext with length of one semi-block. length 0, and 4) ciphertext with length of one semi-block. **Test 3: (invalid ICV2):** Test that the implementation detects invalid **Test 3: (invalid ICV2):** Test that the implementation detects invalid ICV2 values by encrypting any plaintext value four times using a ICV2 values by encrypting any plaintext value four times using a different value for ICV2 each time as follows: Start with a base ICV2 of different value for ICV2 each time as follows: Start with a base ICV2 of 0xA65959A6. For each of the four tests change a different byte of ICV2 0xA65959A6. For each of the four tests change a different byte of ICV2 to a different value, so that each of the four bytes is changed once. to a different value, so that each of the four bytes is changed once. Verify that the implementation of KWP-AD in the [TOE](#abbr_TOE) outputs Verify that the implementation of KWP-AD in the [TOE](#abbr_TOE) outputs FAIL for each test. FAIL for each test. **Test 4: (invalid padding length):** Generate one ciphertext using **Test 4: (invalid padding length):** Generate one ciphertext using algorithm KWP-AE with substring \[len(P)/8\]32 of S replaced by each of algorithm KWP-AE with substring \[len(P)/8\]32 of S replaced by each of the following 32-bit values, where len(P) is the length of P in bits and the following 32-bit values, where len(P) is the length of P in bits and \[ \]32 denotes the representation of an integer in 32 bits: \[ \]32 denotes the representation of an integer in 32 bits: - \[0\]32 - \[0\]32 - \[len(P)/8-8\]32 - \[len(P)/8-8\]32 - \[len(P)/8+8\]32 - \[len(P)/8+8\]32 - \[513\]32. - \[513\]32. Verify that the implementation of KWP-AD in the [TOE](#abbr_TOE) outputs Verify that the implementation of KWP-AD in the [TOE](#abbr_TOE) outputs FAIL on those inputs. FAIL on those inputs. **Test 5: (invalid padding bits):** If the implementation supports **Test 5: (invalid padding bits):** If the implementation supports plaintext of length not a multiple of 64-bits, then plaintext of length not a multiple of 64-bits, then for each PAD length [1..7] for each PAD length [1..7] for each byte in PAD set a zero PAD value; for each byte in PAD set a zero PAD value; replace current byte by a non-zero value and use the resulting pl replace current byte by a non-zero value and use the resulting pl input to algorithm KWP-AE to generate ciphertext; input to algorithm KWP-AE to generate ciphertext; verify that the implementation of KWP-AD in the TOE outputs FAIL verify that the implementation of KWP-AD in the TOE outputs FAIL this input. this input. **[AES](#abbr_AES)-KW:** **[AES](#abbr_AES)-KW:** The tests below are derived from "The Key Wrap Validation System (KWVS), The tests below are derived from "The Key Wrap Validation System (KWVS), Updated: June 20, 2014" from the National Institute of Standards and Updated: June 20, 2014" from the National Institute of Standards and Technology. Technology. The evaluator shall test the authenticated-encryption functionality of The evaluator shall test the authenticated-encryption functionality of [AES](#abbr_AES)-KW for each combination of the following input [AES](#abbr_AES)-KW for each combination of the following input parameters: parameters: - Supported key lengths selected in the [ST](#abbr_ST) (e.g. 128 bits, - Supported key lengths selected in the [ST](#abbr_ST) (e.g. 128 bits, 256 bits) 256 bits) - Five plaintext lengths: - Five plaintext lengths: - Two lengths that are non-zero multiples of 128 bits (two - Two lengths that are non-zero multiples of 128 bits (two semi-block lengths) semi-block lengths) - Two lengths that are odd multiples of the semi-block length (64 - Two lengths that are odd multiples of the semi-block length (64 bits) bits) - The largest supported plaintext length less than or equal to - The largest supported plaintext length less than or equal to 4096 bits. 4096 bits. For each set of the above parameters the evaluator shall generate a set For each set of the above parameters the evaluator shall generate a set of 100 key and plaintext pairs and obtain the ciphertext that results of 100 key and plaintext pairs and obtain the ciphertext that results from [AES](#abbr_AES)-KW authenticated encryption. To determine from [AES](#abbr_AES)-KW authenticated encryption. To determine correctness, the evaluator shall compare the results with those obtained correctness, the evaluator shall compare the results with those obtained from the [AES](#abbr_AES)-KW authenticated-encryption function of a from the [AES](#abbr_AES)-KW authenticated-encryption function of a known good implementation. known good implementation. The evaluator shall test the authenticated-decryption functionality of The evaluator shall test the authenticated-decryption functionality of [AES](#abbr_AES)-KW using the same test as for authenticated-encryption, [AES](#abbr_AES)-KW using the same test as for authenticated-encryption, replacing plaintext values with ciphertext values and replacing plaintext values with ciphertext values and [AES](#abbr_AES)-KW authenticated-encryption (KW-AE) with [AES](#abbr_AES)-KW authenticated-encryption (KW-AE) with [AES](#abbr_AES)-KW authenticated-decryption (KW-AD). For the [AES](#abbr_AES)-KW authenticated-decryption (KW-AD). For the authenticated-decryption test, 20 out of the 100 trials per plaintext authenticated-decryption test, 20 out of the 100 trials per plaintext length must have ciphertext values that are not authentic; that is, they length must have ciphertext values that are not authentic; that is, they fail authentication. fail authentication. Additionally, the evaluator shall perform the following negative tests: Additionally, the evaluator shall perform the following negative tests: **Test 1 (invalid plaintext length):** Determine the valid plaintext **Test 1 (invalid plaintext length):** Determine the valid plaintext lengths of the implementation from the [TOE](#abbr_TOE) specification. lengths of the implementation from the [TOE](#abbr_TOE) specification. Verify that the implementation of KW-AES in the [TOE](#abbr_TOE) rejects Verify that the implementation of KW-AES in the [TOE](#abbr_TOE) rejects plaintext of invalid length by testing plaintext of the following plaintext of invalid length by testing plaintext of the following lengths: 1) plaintext length greater than 64 semi-blocks, 2) plaintext lengths: 1) plaintext length greater than 64 semi-blocks, 2) plaintext bit-length not divisible by 64, 3) plaintext with length 0, and 4) bit-length not divisible by 64, 3) plaintext with length 0, and 4) plaintext with one semi-block. plaintext with one semi-block. **Test 2 (invalid ciphertext length):** Determine the valid ciphertext **Test 2 (invalid ciphertext length):** Determine the valid ciphertext lengths of the implementation from the [TOE](#abbr_TOE) specification. lengths of the implementation from the [TOE](#abbr_TOE) specification. Verify that the implementation of KW-AD in the [TOE](#abbr_TOE) rejects Verify that the implementation of KW-AD in the [TOE](#abbr_TOE) rejects ciphertext of invalid length by testing ciphertext of the following ciphertext of invalid length by testing ciphertext of the following lengths: 1) ciphertext with length greater than 65 semi-blocks, 2) lengths: 1) ciphertext with length greater than 65 semi-blocks, 2) ciphertext with bit-length not divisible by 64, 3) ciphertext with ciphertext with bit-length not divisible by 64, 3) ciphertext with length 0, 4) ciphertext with length of one semiblock, and 5) ciphertext length 0, 4) ciphertext with length of one semiblock, and 5) ciphertext with length of two semi-blocks. with length of two semi-blocks. **Test 3 (invalid ICV1):** Test that the implementation detects invalid **Test 3 (invalid ICV1):** Test that the implementation detects invalid ICV1 values by encrypting any plaintext value eight times using a ICV1 values by encrypting any plaintext value eight times using a different value for ICV1 each time as follows: Start with a base ICV1 of different value for ICV1 each time as follows: Start with a base ICV1 of 0xA6A6A6A6A6A6A6A6. For each of the eight tests change a different byte 0xA6A6A6A6A6A6A6A6. For each of the eight tests change a different byte to a different value, so that each of the eight bytes is changed once. to a different value, so that each of the eight bytes is changed once. Verify that the implementation of KW-AD in the [TOE](#abbr_TOE) outputs Verify that the implementation of KW-AD in the [TOE](#abbr_TOE) outputs FAIL for each test. FAIL for each test. ::: ::: ::: ::: ::: ::: ::: {#FCS_HTTPS_EXT.1 .comp} ::: {#FCS_HTTPS_EXT.1 .comp} #### FCS\_HTTPS\_EXT.1 HTTPS Protocol #### FCS\_HTTPS\_EXT.1 HTTPS Protocol ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FIA\_X509\_EXT.2.1](#FIA_X509_EXT.2.1), selection in [FIA\_X509\_EXT.2.1](#FIA_X509_EXT.2.1), [FTP\_ITC\_EXT.1.1](#FTP_ITC_EXT.1.1).*** [FTP\_ITC\_EXT.1.1](#FTP_ITC_EXT.1.1).*** ::: ::: ::: {.element} ::: {.element} ::: {#FCS_HTTPS_EXT.1.1 .reqid} ::: {#FCS_HTTPS_EXT.1.1 .reqid} [FCS\_HTTPS\_EXT.1.1](#FCS_HTTPS_EXT.1.1){.abbr} [FCS\_HTTPS\_EXT.1.1](#FCS_HTTPS_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall implement the [HTTPS](#abbr_HTTPS) protocol The [TSF](#abbr_TSF) shall implement the [HTTPS](#abbr_HTTPS) protocol that complies with [RFC](#abbr_RFC) 2818. that complies with [RFC](#abbr_RFC) 2818. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in the [ST](#abbr_ST) if the [ST](#abbr_ST) Author selects the [ST](#abbr_ST) if the [ST](#abbr_ST) Author selects \"*[TLS](#abbr_TLS)/[HTTPS](#abbr_HTTPS)*\" in \"*[TLS](#abbr_TLS)/[HTTPS](#abbr_HTTPS)*\" in [FTP\_ITC\_EXT.1.1](#FTP_ITC_EXT.1.1) or \"*[HTTPS](#abbr_HTTPS)*\" in [FTP\_ITC\_EXT.1.1](#FTP_ITC_EXT.1.1) or \"*[HTTPS](#abbr_HTTPS)*\" in [FIA\_X509\_EXT.2](#FIA_X509_EXT.2).]{.note} [FIA\_X509\_EXT.2](#FIA_X509_EXT.2).]{.note} If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then the If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then the [*Functional Package for Transport Layer [*Functional Package for Transport Layer Security*](https://www.niap-ccevs.org/MMO/PP/-439-/) must also be Security*](https://www.niap-ccevs.org/MMO/PP/-439-/) must also be claimed. claimed. ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_HTTPS_EXT.1.2 .reqid} ::: {#FCS_HTTPS_EXT.1.2 .reqid} [FCS\_HTTPS\_EXT.1.2](#FCS_HTTPS_EXT.1.2){.abbr} [FCS\_HTTPS\_EXT.1.2](#FCS_HTTPS_EXT.1.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall implement [HTTPS](#abbr_HTTPS) using The [TSF](#abbr_TSF) shall implement [HTTPS](#abbr_HTTPS) using [TLS](#abbr_TLS). [TLS](#abbr_TLS). ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_HTTPS\_EXT.1](#FCS_HTTPS_EXT.1) [FCS\_HTTPS\_EXT.1](#FCS_HTTPS_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall check the [TSS](#abbr_TSS) to ensure that it is The evaluator shall check the [TSS](#abbr_TSS) to ensure that it is clear on how [HTTPS](#abbr_HTTPS) uses [TLS](#abbr_TLS) to establish an clear on how [HTTPS](#abbr_HTTPS) uses [TLS](#abbr_TLS) to establish an administrative session, focusing on any client authentication required administrative session, focusing on any client authentication required by the [TLS](#abbr_TLS) protocol vs. security administrator by the [TLS](#abbr_TLS) protocol vs. security administrator authentication which may be done at a different level of the processing authentication which may be done at a different level of the processing stack. stack. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component.. There are no AGD evaluation activities for this component.. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: Testing for this activity is done as part of the [TLS](#abbr_TLS) Testing for this activity is done as part of the [TLS](#abbr_TLS) testing; this may result in additional testing if the [TLS](#abbr_TLS) testing; this may result in additional testing if the [TLS](#abbr_TLS) tests are done at the [TLS](#abbr_TLS) protocol level. tests are done at the [TLS](#abbr_TLS) protocol level. ::: ::: ::: ::: ::: ::: ::: {#FCS_IPSEC_EXT.1 .comp} ::: {#FCS_IPSEC_EXT.1 .comp} #### FCS\_IPSEC\_EXT.1 IPsec Protocol #### FCS\_IPSEC\_EXT.1 IPsec Protocol ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FIA\_X509\_EXT.2.1](#FIA_X509_EXT.2.1), selection in [FIA\_X509\_EXT.2.1](#FIA_X509_EXT.2.1), [FTP\_ITC\_EXT.1.1](#FTP_ITC_EXT.1.1).*** [FTP\_ITC\_EXT.1.1](#FTP_ITC_EXT.1.1).*** ::: ::: ::: {.element} ::: {.element} ::: {#FCS_IPSEC_EXT.1.1 .reqid} ::: {#FCS_IPSEC_EXT.1.1 .reqid} [FCS\_IPSEC\_EXT.1.1](#FCS_IPSEC_EXT.1.1){.abbr} [FCS\_IPSEC\_EXT.1.1](#FCS_IPSEC_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall implement the IPsec architecture as specified The [TSF](#abbr_TSF) shall implement the IPsec architecture as specified in [RFC](#abbr_RFC) 4301. in [RFC](#abbr_RFC) 4301. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if the [ST](#abbr_ST) Author selects included in the [ST](#abbr_ST) if the [ST](#abbr_ST) Author selects \"*IPsec*\" in [FTP\_ITC\_EXT.1.1](#FTP_ITC_EXT.1.1) or in \"*IPsec*\" in [FTP\_ITC\_EXT.1.1](#FTP_ITC_EXT.1.1) or in [FIA\_X509\_EXT.2.1](#FIA_X509_EXT.2.1).]{.note} [FIA\_X509\_EXT.2.1](#FIA_X509_EXT.2.1).]{.note} If this [SFR](#abbr_SFR) is claimed, then If this [SFR](#abbr_SFR) is claimed, then [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) and [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) and [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) must also be claimed. [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) must also be claimed. [RFC](#abbr_RFC) 4301 calls for an IPsec implementation to protect [RFC](#abbr_RFC) 4301 calls for an IPsec implementation to protect [IP](#abbr_IP) traffic through the use of a Security Policy Database [IP](#abbr_IP) traffic through the use of a Security Policy Database ([SPD](#abbr_SPD)). The [SPD](#abbr_SPD) is used to define how ([SPD](#abbr_SPD)). The [SPD](#abbr_SPD) is used to define how [IP](#abbr_IP) packets are to be handled: PROTECT the packet (e.g., [IP](#abbr_IP) packets are to be handled: PROTECT the packet (e.g., encrypt the packet), BYPASS the IPsec services (e.g., no encryption), or encrypt the packet), BYPASS the IPsec services (e.g., no encryption), or DISCARD the packet (e.g., drop the packet). The [SPD](#abbr_SPD) can be DISCARD the packet (e.g., drop the packet). The [SPD](#abbr_SPD) can be implemented in various ways, including router access control lists, implemented in various ways, including router access control lists, firewall rule-sets, a \"traditional\" [SPD](#abbr_SPD), etc. Regardless firewall rule-sets, a \"traditional\" [SPD](#abbr_SPD), etc. Regardless of the implementation details, there is a notion of a \"rule\" that a of the implementation details, there is a notion of a \"rule\" that a packet is \"matched\" against and a resulting action that takes place. packet is \"matched\" against and a resulting action that takes place. While there must be a means to order the rules, a general approach to While there must be a means to order the rules, a general approach to ordering is not mandated, as long as the [TOE](#abbr_TOE) can ordering is not mandated, as long as the [TOE](#abbr_TOE) can distinguish the [IP](#abbr_IP) packets and apply the rules accordingly. distinguish the [IP](#abbr_IP) packets and apply the rules accordingly. There may be multiple SPDs (one for each network interface), but this is There may be multiple SPDs (one for each network interface), but this is not required. not required. ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_IPSEC_EXT.1.2 .reqid} ::: {#FCS_IPSEC_EXT.1.2 .reqid} [FCS\_IPSEC\_EXT.1.2](#FCS_IPSEC_EXT.1.2){.abbr} [FCS\_IPSEC\_EXT.1.2](#FCS_IPSEC_EXT.1.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall implement \[**selection**: *transport mode*, The [TSF](#abbr_TSF) shall implement \[**selection**: *transport mode*, *tunnel mode*\]. *tunnel mode*\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ If the [TOE](#abbr_TOE) is used to [Application Note: ]{.note-header}[ If the [TOE](#abbr_TOE) is used to connect to a [VPN](#abbr_VPN) gateway for the purposes of establishing a connect to a [VPN](#abbr_VPN) gateway for the purposes of establishing a secure connection to a private network, the [ST](#abbr_ST) Author should secure connection to a private network, the [ST](#abbr_ST) Author should select tunnel mode. If the [TOE](#abbr_TOE) uses IPsec to establish an select tunnel mode. If the [TOE](#abbr_TOE) uses IPsec to establish an end-to-end connection to another IPsec [VPN](#abbr_VPN) Client, the end-to-end connection to another IPsec [VPN](#abbr_VPN) Client, the [ST](#abbr_ST) Author should select transport mode. If the [ST](#abbr_ST) Author should select transport mode. If the [TOE](#abbr_TOE) uses IPsec to establish a connection to a specific [TOE](#abbr_TOE) uses IPsec to establish a connection to a specific endpoint device for the purpose of secure remote administration, the endpoint device for the purpose of secure remote administration, the [ST](#abbr_ST) Author should select transport mode.]{.note} [ST](#abbr_ST) Author should select transport mode.]{.note} ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_IPSEC_EXT.1.3 .reqid} ::: {#FCS_IPSEC_EXT.1.3 .reqid} [FCS\_IPSEC\_EXT.1.3](#FCS_IPSEC_EXT.1.3){.abbr} [FCS\_IPSEC\_EXT.1.3](#FCS_IPSEC_EXT.1.3){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall have a nominal, final entry in the The [TSF](#abbr_TSF) shall have a nominal, final entry in the [SPD](#abbr_SPD) that matches anything that is otherwise unmatched, and [SPD](#abbr_SPD) that matches anything that is otherwise unmatched, and discards it. discards it. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_IPSEC_EXT.1.4 .reqid} ::: {#FCS_IPSEC_EXT.1.4 .reqid} [FCS\_IPSEC\_EXT.1.4](#FCS_IPSEC_EXT.1.4){.abbr} [FCS\_IPSEC\_EXT.1.4](#FCS_IPSEC_EXT.1.4){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall implement the IPsec protocol ESP as defined The [TSF](#abbr_TSF) shall implement the IPsec protocol ESP as defined by [RFC](#abbr_RFC) 4303 using the cryptographic algorithms by [RFC](#abbr_RFC) 4303 using the cryptographic algorithms \[[AES](#abbr_AES)-GCM-128, [AES](#abbr_AES)-GCM-256 (as specified in \[[AES](#abbr_AES)-GCM-128, [AES](#abbr_AES)-GCM-256 (as specified in [RFC](#abbr_RFC) 4106), \[**selection**: *[AES](#abbr_AES)-CBC-128 [RFC](#abbr_RFC) 4106), \[**selection**: *[AES](#abbr_AES)-CBC-128 (specified in [RFC](#abbr_RFC) 3602)*, *[AES](#abbr_AES)-CBC-256 (specified in [RFC](#abbr_RFC) 3602)*, *[AES](#abbr_AES)-CBC-256 (specified in [RFC](#abbr_RFC) 3602)*, *no other algorithms*\]\] (specified in [RFC](#abbr_RFC) 3602)*, *no other algorithms*\]\] together with a Secure Hash Algorithm ([SHA](#abbr_SHA))-based together with a Secure Hash Algorithm ([SHA](#abbr_SHA))-based [HMAC](#abbr_HMAC). [HMAC](#abbr_HMAC). ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_IPSEC_EXT.1.5 .reqid} ::: {#FCS_IPSEC_EXT.1.5 .reqid} [FCS\_IPSEC\_EXT.1.5](#FCS_IPSEC_EXT.1.5){.abbr} [FCS\_IPSEC\_EXT.1.5](#FCS_IPSEC_EXT.1.5){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall implement the protocol: The [TSF](#abbr_TSF) shall implement the protocol: \[**selection**: \[**selection**: - *IKEv1, using Main Mode for Phase 1 exchanges, as defined in - *IKEv1, using Main Mode for Phase 1 exchanges, as defined in [RFC](#abbr_RFC) 2407, [RFC](#abbr_RFC) 2408, [RFC](#abbr_RFC) 2409, [RFC](#abbr_RFC) 2407, [RFC](#abbr_RFC) 2408, [RFC](#abbr_RFC) 2409, [RFC](#abbr_RFC) 4109, \[**selection**: *no other RFCs for extended | [RFC](#abbr_RFC) 4109, \[**selection, choose one of**: *no other sequence numbers*, *[RFC](#abbr_RFC) 4304 for extended sequence | RFCs for extended sequence numbers*, *[RFC](#abbr_RFC) 4304 for numbers*\], \[**selection**: *no other RFCs for hash functions*, | extended sequence numbers*\], \[**selection, choose one of**: *no *[RFC](#abbr_RFC) 4868 for hash functions*\], and \[**selection**: | other RFCs for hash functions*, *[RFC](#abbr_RFC) 4868 for hash *support for XAUTH*, *no support for XAUTH*\]* , | functions*\], and \[**selection, choose one of**: *support for > XAUTH*, *no support for XAUTH*\]* , - *IKEv2 as defined in [RFC](#abbr_RFC) 7296 (with mandatory support - *IKEv2 as defined in [RFC](#abbr_RFC) 7296 (with mandatory support for NAT traversal as specified in section 2.23), [RFC](#abbr_RFC) for NAT traversal as specified in section 2.23), [RFC](#abbr_RFC) 8784, [RFC](#abbr_RFC) 8247, and \[**selection**: *no other RFCs for | 8784, [RFC](#abbr_RFC) 8247, and \[**selection, choose one of**: *no hash functions*, *[RFC](#abbr_RFC) 4868 for hash functions*\]* | other RFCs for hash functions*, *[RFC](#abbr_RFC) 4868 for hash > functions*\]* \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[If the [TOE](#abbr_TOE) implements [Application Note: ]{.note-header}[If the [TOE](#abbr_TOE) implements [SHA](#abbr_SHA)-2 hash algorithms for IKEv1 or IKEv2, the [SHA](#abbr_SHA)-2 hash algorithms for IKEv1 or IKEv2, the [ST](#abbr_ST) Author should select [RFC](#abbr_RFC) 4868. ]{.note} [ST](#abbr_ST) Author should select [RFC](#abbr_RFC) 4868. ]{.note} ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_IPSEC_EXT.1.6 .reqid} ::: {#FCS_IPSEC_EXT.1.6 .reqid} [FCS\_IPSEC\_EXT.1.6](#FCS_IPSEC_EXT.1.6){.abbr} [FCS\_IPSEC\_EXT.1.6](#FCS_IPSEC_EXT.1.6){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall ensure the encrypted payload in the The [TSF](#abbr_TSF) shall ensure the encrypted payload in the \[**selection**: *IKEv1*, *IKEv2*\] protocol uses the cryptographic \[**selection**: *IKEv1*, *IKEv2*\] protocol uses the cryptographic algorithms [AES](#abbr_AES)-CBC-128, [AES](#abbr_AES)-CBC-256 as algorithms [AES](#abbr_AES)-CBC-128, [AES](#abbr_AES)-CBC-256 as specified in [RFC](#abbr_RFC) 6379 and \[**selection**: specified in [RFC](#abbr_RFC) 6379 and \[**selection**: *[AES](#abbr_AES)-GCM-128 as specified in [RFC](#abbr_RFC) 5282*, *[AES](#abbr_AES)-GCM-128 as specified in [RFC](#abbr_RFC) 5282*, *[AES](#abbr_AES)-GCM-256 as specified in [RFC](#abbr_RFC) 5282*, *no *[AES](#abbr_AES)-GCM-256 as specified in [RFC](#abbr_RFC) 5282*, *no other algorithm*\]. other algorithm*\]. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_IPSEC_EXT.1.7 .reqid} ::: {#FCS_IPSEC_EXT.1.7 .reqid} [FCS\_IPSEC\_EXT.1.7](#FCS_IPSEC_EXT.1.7){.abbr} [FCS\_IPSEC\_EXT.1.7](#FCS_IPSEC_EXT.1.7){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall ensure that \[**selection**: The [TSF](#abbr_TSF) shall ensure that \[**selection**: - *IKEv2 [SA](#abbr_SA) lifetimes can be configured by - *IKEv2 [SA](#abbr_SA) lifetimes can be configured by \[**selection**: *an Administrator*, *a [VPN](#abbr_VPN) Gateway*\] \[**selection**: *an Administrator*, *a [VPN](#abbr_VPN) Gateway*\] based on \[**selection**: *number of packets/number of bytes*, based on \[**selection**: *number of packets/number of bytes*, *length of time*\]*, *length of time*\]*, - *IKEv1 [SA](#abbr_SA) lifetimes can be configured by - *IKEv1 [SA](#abbr_SA) lifetimes can be configured by \[**selection**: *an Administrator*, *a [VPN](#abbr_VPN) Gateway*\] \[**selection**: *an Administrator*, *a [VPN](#abbr_VPN) Gateway*\] based on \[**selection**: *number of packets/number of bytes*, based on \[**selection**: *number of packets/number of bytes*, *length of time*\]*, *length of time*\]*, - *IKEv1 [SA](#abbr_SA) lifetimes are fixed based on \[**selection**: - *IKEv1 [SA](#abbr_SA) lifetimes are fixed based on \[**selection**: *number of packets/number of bytes*, *length of time*\]. If length *number of packets/number of bytes*, *length of time*\]. If length of time is used, it must include at least one option that is 24 of time is used, it must include at least one option that is 24 hours or less for Phase 1 SAs and 8 hours or less for Phase 2 SAs.* hours or less for Phase 1 SAs and 8 hours or less for Phase 2 SAs.* \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ The [ST](#abbr_ST) Author is [Application Note: ]{.note-header}[ The [ST](#abbr_ST) Author is afforded a selection based on the version of IKE in their afforded a selection based on the version of IKE in their implementation. There is a further selection within this selection that implementation. There is a further selection within this selection that allows the [ST](#abbr_ST) Author to specify which entity is responsible allows the [ST](#abbr_ST) Author to specify which entity is responsible for "configuring" the life of the [SA](#abbr_SA). An implementation that for "configuring" the life of the [SA](#abbr_SA). An implementation that allows an administrator to configure the client or a [VPN](#abbr_VPN) allows an administrator to configure the client or a [VPN](#abbr_VPN) gateway that pushes the [SA](#abbr_SA) lifetime down to the client are gateway that pushes the [SA](#abbr_SA) lifetime down to the client are both acceptable.]{.note} both acceptable.]{.note} As far as [SA](#abbr_SA) lifetimes are concerned, the [TOE](#abbr_TOE) As far as [SA](#abbr_SA) lifetimes are concerned, the [TOE](#abbr_TOE) can limit the lifetime based on the number of bytes transmitted, or the can limit the lifetime based on the number of bytes transmitted, or the number of packets transmitted. Either packet-based or volume-based number of packets transmitted. Either packet-based or volume-based [SA](#abbr_SA) lifetimes are acceptable; the [ST](#abbr_ST) Author makes [SA](#abbr_SA) lifetimes are acceptable; the [ST](#abbr_ST) Author makes the appropriate selection to indicate which type of lifetime limits are the appropriate selection to indicate which type of lifetime limits are supported. supported. The [ST](#abbr_ST) Author chooses either the IKEv1 requirements or IKEv2 The [ST](#abbr_ST) Author chooses either the IKEv1 requirements or IKEv2 requirements (or both, depending on the selection in requirements (or both, depending on the selection in [FCS\_IPSEC\_EXT.1.5](#FCS_IPSEC_EXT.1.5). The IKEv1 requirement can be [FCS\_IPSEC\_EXT.1.5](#FCS_IPSEC_EXT.1.5). The IKEv1 requirement can be accomplished either by providing Authorized Administrator-configurable accomplished either by providing Authorized Administrator-configurable lifetimes (with appropriate instructions in documents mandated by lifetimes (with appropriate instructions in documents mandated by AGD\_OPE), or by "hard coding" the limits in the implementation. For AGD\_OPE), or by "hard coding" the limits in the implementation. For IKEv2, there are no hard-coded limits, but in this case it is required IKEv2, there are no hard-coded limits, but in this case it is required that an administrator be able to configure the values. In general, that an administrator be able to configure the values. In general, instructions for setting the parameters of the implementation, including instructions for setting the parameters of the implementation, including lifetime of the SAs, should be included in the operational guidance lifetime of the SAs, should be included in the operational guidance generated for AGD\_OPE. It is appropriate to refine the requirement in generated for AGD\_OPE. It is appropriate to refine the requirement in terms of number of MB/KB instead of number of packets, as long as the terms of number of MB/KB instead of number of packets, as long as the [TOE](#abbr_TOE) is capable of setting a limit on the amount of traffic [TOE](#abbr_TOE) is capable of setting a limit on the amount of traffic that is protected by the same key (the total volume of all IPsec traffic that is protected by the same key (the total volume of all IPsec traffic protected by that key). protected by that key). ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_IPSEC_EXT.1.8 .reqid} ::: {#FCS_IPSEC_EXT.1.8 .reqid} [FCS\_IPSEC\_EXT.1.8](#FCS_IPSEC_EXT.1.8){.abbr} [FCS\_IPSEC\_EXT.1.8](#FCS_IPSEC_EXT.1.8){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall ensure that all IKE protocols implement The [TSF](#abbr_TSF) shall ensure that all IKE protocols implement [DH](#abbr_DH) groups \[*19 (256-bit Random ECP), 20 (384-bit Random [DH](#abbr_DH) groups \[*19 (256-bit Random ECP), 20 (384-bit Random ECP), and* \[**selection**: *24 (2048-bit MODP with 256-bit POS)*, *15 ECP), and* \[**selection**: *24 (2048-bit MODP with 256-bit POS)*, *15 (3072-bit MODP)*, *14 (2048-bit MODP)*, *no other [DH](#abbr_DH) (3072-bit MODP)*, *14 (2048-bit MODP)*, *no other [DH](#abbr_DH) groups*\]\]. groups*\]\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ The selection is used to specify [Application Note: ]{.note-header}[ The selection is used to specify additional [DH](#abbr_DH) groups supported. This applies to IKEv1 and additional [DH](#abbr_DH) groups supported. This applies to IKEv1 and IKEv2 exchanges. It should be noted that if any additional IKEv2 exchanges. It should be noted that if any additional [DH](#abbr_DH) groups are specified, they must comply with the [DH](#abbr_DH) groups are specified, they must comply with the requirements (in terms of the ephemeral keys that are established) requirements (in terms of the ephemeral keys that are established) listed in FCS\_CKM.1.]{.note} listed in FCS\_CKM.1.]{.note} Since the implementation may allow different Diffie-Hellman groups to be Since the implementation may allow different Diffie-Hellman groups to be negotiated for use in forming the SAs, the assignments in negotiated for use in forming the SAs, the assignments in [FCS\_IPSEC\_EXT.1.9](#FCS_IPSEC_EXT.1.9) and [FCS\_IPSEC\_EXT.1.9](#FCS_IPSEC_EXT.1.9) and [FCS\_IPSEC\_EXT.1.10](#FCS_IPSEC_EXT.1.10) may contain multiple values. [FCS\_IPSEC\_EXT.1.10](#FCS_IPSEC_EXT.1.10) may contain multiple values. For each [DH](#abbr_DH) group supported, the [ST](#abbr_ST) Author For each [DH](#abbr_DH) group supported, the [ST](#abbr_ST) Author consults Table 2 in 800-57 to determine the "bits of security" consults Table 2 in 800-57 to determine the "bits of security" associated with the [DH](#abbr_DH) group. Each unique value is then used associated with the [DH](#abbr_DH) group. Each unique value is then used to fill in the assignment (for 1.9 they are doubled; for 1.10 they are to fill in the assignment (for 1.9 they are doubled; for 1.10 they are inserted directly into the assignment). For example, suppose the inserted directly into the assignment). For example, suppose the implementation supports [DH](#abbr_DH) group 14 (2048-bit MODP) and implementation supports [DH](#abbr_DH) group 14 (2048-bit MODP) and group 20 (ECDH using [NIST](#abbr_NIST) curve P-384). From Table 2, the group 20 (ECDH using [NIST](#abbr_NIST) curve P-384). From Table 2, the bits of security value for group 14 is 112, and for group 20 it is 192. bits of security value for group 14 is 112, and for group 20 it is 192. For [FCS\_IPSEC\_EXT.1.9](#FCS_IPSEC_EXT.1.9), then, the assignment For [FCS\_IPSEC\_EXT.1.9](#FCS_IPSEC_EXT.1.9), then, the assignment would read "\[224, 384\]" and for would read "\[224, 384\]" and for [FCS\_IPSEC\_EXT.1.10](#FCS_IPSEC_EXT.1.10) it would read "\[112, 192\]" [FCS\_IPSEC\_EXT.1.10](#FCS_IPSEC_EXT.1.10) it would read "\[112, 192\]" (although in this case the requirement should probably be refined so (although in this case the requirement should probably be refined so that it makes sense mathematically). that it makes sense mathematically). ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_IPSEC_EXT.1.9 .reqid} ::: {#FCS_IPSEC_EXT.1.9 .reqid} [FCS\_IPSEC\_EXT.1.9](#FCS_IPSEC_EXT.1.9){.abbr} [FCS\_IPSEC\_EXT.1.9](#FCS_IPSEC_EXT.1.9){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall generate the secret value x used in the IKE The [TSF](#abbr_TSF) shall generate the secret value x used in the IKE Diffie-Hellman key exchange ("x" in gx mod p) using the random bit Diffie-Hellman key exchange ("x" in gx mod p) using the random bit generator specified in [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1), and having a generator specified in [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1), and having a length of at least \[**assignment**: [(one or more) number(s) of bits length of at least \[**assignment**: [(one or more) number(s) of bits that is at least twice the "bits of security" value associated with the that is at least twice the "bits of security" value associated with the negotiated Diffie-Hellman group as listed in Table 2 of negotiated Diffie-Hellman group as listed in Table 2 of [NIST](#abbr_NIST) SP 800-57, Recommendation for Key Management -- Part [NIST](#abbr_NIST) SP 800-57, Recommendation for Key Management -- Part 1: General]{.assignable-content}\] bits. 1: General]{.assignable-content}\] bits. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_IPSEC_EXT.1.10 .reqid} ::: {#FCS_IPSEC_EXT.1.10 .reqid} [FCS\_IPSEC\_EXT.1.10](#FCS_IPSEC_EXT.1.10){.abbr} [FCS\_IPSEC\_EXT.1.10](#FCS_IPSEC_EXT.1.10){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall generate nonces used in IKE exchanges in a The [TSF](#abbr_TSF) shall generate nonces used in IKE exchanges in a manner such that the probability that a specific nonce value will be manner such that the probability that a specific nonce value will be repeated during the life a specific IPsec [SA](#abbr_SA) is less than 1 repeated during the life a specific IPsec [SA](#abbr_SA) is less than 1 in 2\^\[**assignment**: [(one or more) "bits of security" value(s) in 2\^\[**assignment**: [(one or more) "bits of security" value(s) associated with the negotiated Diffie-Hellman group as listed in Table 2 associated with the negotiated Diffie-Hellman group as listed in Table 2 of [NIST](#abbr_NIST) SP 800-57, Recommendation for Key Management -- of [NIST](#abbr_NIST) SP 800-57, Recommendation for Key Management -- Part 1: General]{.assignable-content}\]. Part 1: General]{.assignable-content}\]. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_IPSEC_EXT.1.11 .reqid} ::: {#FCS_IPSEC_EXT.1.11 .reqid} [FCS\_IPSEC\_EXT.1.11](#FCS_IPSEC_EXT.1.11){.abbr} [FCS\_IPSEC\_EXT.1.11](#FCS_IPSEC_EXT.1.11){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall ensure that all IKE protocols perform peer The [TSF](#abbr_TSF) shall ensure that all IKE protocols perform peer authentication using a \[**selection**: *RSA*, *[ECDSA](#abbr_ECDSA)*\] authentication using a \[**selection**: *RSA*, *[ECDSA](#abbr_ECDSA)*\] that use X.509v3 certificates that conform to [RFC](#abbr_RFC) 4945 and that use X.509v3 certificates that conform to [RFC](#abbr_RFC) 4945 and \[**selection**: *Pre-shared Keys*, *no other method*\]. | \[**selection, choose one of**: *Pre-shared Keys*, *no other method*\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ At least one public-key-based Peer [Application Note: ]{.note-header}[ At least one public-key-based Peer Authentication method is required in order to conform to this Authentication method is required in order to conform to this [PP-Module](#abbr_PP-Module). One or more of the public key schemes is [PP-Module](#abbr_PP-Module). One or more of the public key schemes is chosen by the [ST](#abbr_ST) Author to reflect what is implemented. The chosen by the [ST](#abbr_ST) Author to reflect what is implemented. The [ST](#abbr_ST) Author also ensures that appropriate FCS requirements [ST](#abbr_ST) Author also ensures that appropriate FCS requirements reflecting the algorithms used (and key generation capabilities, if reflecting the algorithms used (and key generation capabilities, if provided) are listed to support those methods.]{.note} provided) are listed to support those methods.]{.note} If "*pre-shared keys*" is selected, the selection-based requirement If "*pre-shared keys*" is selected, the selection-based requirement FIA\_PSK\_EXT.1 must be claimed. FIA\_PSK\_EXT.1 must be claimed. ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_IPSEC_EXT.1.12 .reqid} ::: {#FCS_IPSEC_EXT.1.12 .reqid} [FCS\_IPSEC\_EXT.1.12](#FCS_IPSEC_EXT.1.12){.abbr} [FCS\_IPSEC\_EXT.1.12](#FCS_IPSEC_EXT.1.12){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall not establish an [SA](#abbr_SA) if the The [TSF](#abbr_TSF) shall not establish an [SA](#abbr_SA) if the \[**selection**: *[IP](#abbr_IP) address*, *Fully Qualified Domain Name \[**selection**: *[IP](#abbr_IP) address*, *Fully Qualified Domain Name ([FQDN](#abbr_FQDN))*, *user [FQDN](#abbr_FQDN)*, *Distinguished Name ([FQDN](#abbr_FQDN))*, *user [FQDN](#abbr_FQDN)*, *Distinguished Name ([DN](#abbr_DN))*\] and \[**selection**: *no other reference identifier | ([DN](#abbr_DN))*\] and \[**selection, choose one of**: *no other type*, *\[**assignment**: [other supported reference identifier | reference identifier type*, *\[**assignment**: [other supported types]{.assignable-content}\]*\] contained in a certificate does not | reference identifier types]{.assignable-content}\]*\] contained in a match the expected value(s) for the entity attempting to establish a | certificate does not match the expected value(s) for the entity connection. | attempting to establish a connection. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ The [TOE](#abbr_TOE) must support at [Application Note: ]{.note-header}[ The [TOE](#abbr_TOE) must support at least one of the following identifier types: [IP](#abbr_IP) address, least one of the following identifier types: [IP](#abbr_IP) address, Fully Qualified Domain Name ([FQDN](#abbr_FQDN)), user Fully Qualified Domain Name ([FQDN](#abbr_FQDN)), user [FQDN](#abbr_FQDN), or Distinguished Name ([DN](#abbr_DN)). In the [FQDN](#abbr_FQDN), or Distinguished Name ([DN](#abbr_DN)). In the future, the [TOE](#abbr_TOE) will be required to support all of these future, the [TOE](#abbr_TOE) will be required to support all of these identifier types. The [TOE](#abbr_TOE) is expected to support as many identifier types. The [TOE](#abbr_TOE) is expected to support as many [IP](#abbr_IP) address formats (IPv4 and IPv6) as [IP](#abbr_IP) [IP](#abbr_IP) address formats (IPv4 and IPv6) as [IP](#abbr_IP) versions supported by the [TOE](#abbr_TOE) in general. The versions supported by the [TOE](#abbr_TOE) in general. The [ST](#abbr_ST) Author may assign additional supported identifier types [ST](#abbr_ST) Author may assign additional supported identifier types in the second selection. ]{.note} in the second selection. ]{.note} ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_IPSEC_EXT.1.13 .reqid} ::: {#FCS_IPSEC_EXT.1.13 .reqid} [FCS\_IPSEC\_EXT.1.13](#FCS_IPSEC_EXT.1.13){.abbr} [FCS\_IPSEC\_EXT.1.13](#FCS_IPSEC_EXT.1.13){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall not establish an [SA](#abbr_SA) if the The [TSF](#abbr_TSF) shall not establish an [SA](#abbr_SA) if the presented identifier does not match the configured reference identifier presented identifier does not match the configured reference identifier of the peer. of the peer. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ At this time, only the comparison [Application Note: ]{.note-header}[ At this time, only the comparison between the presented identifier in the peer's certificate and the between the presented identifier in the peer's certificate and the peer's reference identifier is mandated by the testing below. However, peer's reference identifier is mandated by the testing below. However, in the future, this requirement will address two aspects of the peer in the future, this requirement will address two aspects of the peer certificate validation: 1) comparison of the peer's ID payload to the certificate validation: 1) comparison of the peer's ID payload to the peer's certificate which are both presented identifiers, as required by peer's certificate which are both presented identifiers, as required by [RFC](#abbr_RFC) 4945 and 2) verification that the peer identified by [RFC](#abbr_RFC) 4945 and 2) verification that the peer identified by the ID payload and the certificate is the peer expected by the the ID payload and the certificate is the peer expected by the [TOE](#abbr_TOE) (per the reference identifier). At that time, the [TOE](#abbr_TOE) (per the reference identifier). At that time, the [TOE](#abbr_TOE) will be required to demonstrate both aspects (i.e. that [TOE](#abbr_TOE) will be required to demonstrate both aspects (i.e. that the [TOE](#abbr_TOE) enforces that the peer's ID payload matches the the [TOE](#abbr_TOE) enforces that the peer's ID payload matches the peer's certificate which both match configured peer reference peer's certificate which both match configured peer reference identifiers).]{.note} identifiers).]{.note} Excluding the [DN](#abbr_DN) identifier type (which is necessarily the Excluding the [DN](#abbr_DN) identifier type (which is necessarily the Subject [DN](#abbr_DN) in the peer certificate), the [TOE](#abbr_TOE) Subject [DN](#abbr_DN) in the peer certificate), the [TOE](#abbr_TOE) may support the identifier in either the Common Name or Subject may support the identifier in either the Common Name or Subject Alternative Name ([SAN](#abbr_SAN)) or both. If both are supported, the Alternative Name ([SAN](#abbr_SAN)) or both. If both are supported, the preferred logic is to compare the reference identifier to a presented preferred logic is to compare the reference identifier to a presented [SAN](#abbr_SAN), and only if the peer's certificate does not contain a [SAN](#abbr_SAN), and only if the peer's certificate does not contain a [SAN](#abbr_SAN), to fall back to a comparison against the Common Name. [SAN](#abbr_SAN), to fall back to a comparison against the Common Name. In the future, the [TOE](#abbr_TOE) will be required to compare the In the future, the [TOE](#abbr_TOE) will be required to compare the reference identifier to the presented identifier in the [SAN](#abbr_SAN) reference identifier to the presented identifier in the [SAN](#abbr_SAN) only, ignoring the Common Name. only, ignoring the Common Name. The configuration of the peer reference identifier is addressed by The configuration of the peer reference identifier is addressed by [FMT\_SMF.1.1](#FMT_SMF.1.1)/[VPN](#abbr_VPN). [FMT\_SMF.1.1](#FMT_SMF.1.1)/[VPN](#abbr_VPN). ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_IPSEC_EXT.1.14 .reqid} ::: {#FCS_IPSEC_EXT.1.14 .reqid} [FCS\_IPSEC\_EXT.1.14](#FCS_IPSEC_EXT.1.14){.abbr} [FCS\_IPSEC\_EXT.1.14](#FCS_IPSEC_EXT.1.14){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The \[**selection**: *[TSF](#abbr_TSF)*, *[VPN](#abbr_VPN) Gateway*\] The \[**selection**: *[TSF](#abbr_TSF)*, *[VPN](#abbr_VPN) Gateway*\] shall be able to ensure by default that the strength of the symmetric shall be able to ensure by default that the strength of the symmetric algorithm (in terms of the number of bits in the key) negotiated to algorithm (in terms of the number of bits in the key) negotiated to protect the \[**selection**: *IKEv1 Phase 1*, *IKEv2 IKE\_SA*\] protect the \[**selection**: *IKEv1 Phase 1*, *IKEv2 IKE\_SA*\] connection is greater than or equal to the strength of the symmetric connection is greater than or equal to the strength of the symmetric algorithm (in terms of the number of bits in the key) negotiated to algorithm (in terms of the number of bits in the key) negotiated to protect the \[**selection**: *IKEv1 Phase 2*, *IKEv2 CHILD\_SA*\] protect the \[**selection**: *IKEv1 Phase 2*, *IKEv2 CHILD\_SA*\] connection. connection. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ If this functionality is [Application Note: ]{.note-header}[ If this functionality is configurable, the [TSF](#abbr_TSF) may be configured by a configurable, the [TSF](#abbr_TSF) may be configured by a [VPN](#abbr_VPN) Gateway or by an Administrator of the [TOE](#abbr_TOE) [VPN](#abbr_VPN) Gateway or by an Administrator of the [TOE](#abbr_TOE) itself.]{.note} itself.]{.note} The [ST](#abbr_ST) Author chooses either or both of the IKE selections The [ST](#abbr_ST) Author chooses either or both of the IKE selections based on what is implemented by the [TOE](#abbr_TOE). Obviously, the IKE based on what is implemented by the [TOE](#abbr_TOE). Obviously, the IKE version(s) chosen should be consistent not only in this element, but version(s) chosen should be consistent not only in this element, but with other choices for other elements in this component. While it is with other choices for other elements in this component. While it is acceptable for this capability to be configurable, the default acceptable for this capability to be configurable, the default configuration in the evaluated configuration (either \"out of the box\" configuration in the evaluated configuration (either \"out of the box\" or by configuration guidance in the AGD documentation) must enable this or by configuration guidance in the AGD documentation) must enable this functionality. functionality. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: In addition to the [TSS](#abbr_TSS) EAs for the individual In addition to the [TSS](#abbr_TSS) EAs for the individual [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) elements below, the evaluator [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) elements below, the evaluator shall perform the following: shall perform the following: If the [TOE](#abbr_TOE) boundary includes a general-purpose operating If the [TOE](#abbr_TOE) boundary includes a general-purpose operating system or mobile device, the evaluator shall examine the system or mobile device, the evaluator shall examine the [TSS](#abbr_TSS) to ensure that it describes whether the [TSS](#abbr_TSS) to ensure that it describes whether the [VPN](#abbr_VPN) client capability is architecturally integrated with [VPN](#abbr_VPN) client capability is architecturally integrated with the platform itself or whether it is a separate executable that is the platform itself or whether it is a separate executable that is bundled with the platform. bundled with the platform. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: In addition to the AGD EAs for the individual In addition to the AGD EAs for the individual [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) elements below, the evaluator [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) elements below, the evaluator shall perform the following: shall perform the following: If the configuration of the IPsec behavior is from an environmental If the configuration of the IPsec behavior is from an environmental source, most notably a [VPN](#abbr_VPN) gateway (e.g through receipt of source, most notably a [VPN](#abbr_VPN) gateway (e.g through receipt of required connection parameters from a [VPN](#abbr_VPN) gateway), the required connection parameters from a [VPN](#abbr_VPN) gateway), the evaluator shall ensure that the AGD contains any appropriate information evaluator shall ensure that the AGD contains any appropriate information for ensuring that this configuration can be properly applied. for ensuring that this configuration can be properly applied. Note in this case that the implementation of the IPsec protocol must be Note in this case that the implementation of the IPsec protocol must be enforced entirely within the [TOE](#abbr_TOE) boundary; i.e. it is not enforced entirely within the [TOE](#abbr_TOE) boundary; i.e. it is not permissible for a software application [TOE](#abbr_TOE) to be a permissible for a software application [TOE](#abbr_TOE) to be a graphical front-end for IPsec functionality implemented totally or in graphical front-end for IPsec functionality implemented totally or in part by the underlying [OS](#abbr_OS) platform. The behavior referenced part by the underlying [OS](#abbr_OS) platform. The behavior referenced here is for the possibility that the configuration of the IPsec here is for the possibility that the configuration of the IPsec connection is initiated from outside the [TOE](#abbr_TOE), which is connection is initiated from outside the [TOE](#abbr_TOE), which is permissible so long as the [TSF](#abbr_TSF) is solely responsible for permissible so long as the [TSF](#abbr_TSF) is solely responsible for enforcing the configured behavior. However, it is allowable for the enforcing the configured behavior. However, it is allowable for the [TSF](#abbr_TSF) to rely on low-level platform-provided networking [TSF](#abbr_TSF) to rely on low-level platform-provided networking functions to implement the [SPD](#abbr_SPD) from the client (e.g., functions to implement the [SPD](#abbr_SPD) from the client (e.g., enforcement of packet routing decisions). enforcement of packet routing decisions). ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: As a prerequisite for performing the Test EAs for the individual As a prerequisite for performing the Test EAs for the individual [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) elements below, the evaluator [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) elements below, the evaluator shall do the following: shall do the following: The evaluator shall minimally create a test environment equivalent to The evaluator shall minimally create a test environment equivalent to the test environment illustrated below. The traffic generator used to the test environment illustrated below. The traffic generator used to construct network packets should provide the evaluator with the ability construct network packets should provide the evaluator with the ability manipulate fields in the ICMP, IPv4, IPv6, UDP, and TCP packet headers. manipulate fields in the ICMP, IPv4, IPv6, UDP, and TCP packet headers. The evaluator shall provide justification for any differences in the The evaluator shall provide justification for any differences in the test environment. test environment. ::: {#figure-fig-ipsectest .figure} ::: {#figure-fig-ipsectest .figure} ![](images/network.png){#fig-ipsectest}\ ![](images/network.png){#fig-ipsectest}\ [Figure [2]{.counter}]{.ctr data-myid="fig-ipsectest" [Figure [2]{.counter}]{.ctr data-myid="fig-ipsectest" data-counter-type="ct-figure"}: IPsec Test Environment data-counter-type="ct-figure"}: IPsec Test Environment ::: ::: ::: {.element-activity-header} ::: {.element-activity-header} [FCS\_IPSEC\_EXT.1.1](#FCS_IPSEC_EXT.1.1) [FCS\_IPSEC\_EXT.1.1](#FCS_IPSEC_EXT.1.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) and determine that it The evaluator shall examine the [TSS](#abbr_TSS) and determine that it describes how the IPsec capabilities are implemented. describes how the IPsec capabilities are implemented. The evaluator shall ensure that the [TSS](#abbr_TSS) describes at a high The evaluator shall ensure that the [TSS](#abbr_TSS) describes at a high level the architectural relationship between the IPsec implementation level the architectural relationship between the IPsec implementation and the rest of the [TOE](#abbr_TOE). and the rest of the [TOE](#abbr_TOE). The evaluator shall ensure that the [TSS](#abbr_TSS) describes how the The evaluator shall ensure that the [TSS](#abbr_TSS) describes how the [SPD](#abbr_SPD) is implemented and the rules for processing both [SPD](#abbr_SPD) is implemented and the rules for processing both inbound and outbound packets in terms of the IPsec policy. The inbound and outbound packets in terms of the IPsec policy. The [TSS](#abbr_TSS) describes the rules that are available and the [TSS](#abbr_TSS) describes the rules that are available and the resulting actions available after matching a rule. The [TSS](#abbr_TSS) resulting actions available after matching a rule. The [TSS](#abbr_TSS) describes how the available rules and actions form the [SPD](#abbr_SPD) describes how the available rules and actions form the [SPD](#abbr_SPD) using terms defined in [RFC](#abbr_RFC) 4301 such as BYPASS (e.g., no using terms defined in [RFC](#abbr_RFC) 4301 such as BYPASS (e.g., no encryption), DISCARD (e.g., drop the packet), and PROTECT (e.g., encrypt encryption), DISCARD (e.g., drop the packet), and PROTECT (e.g., encrypt the packet) actions defined in [RFC](#abbr_RFC) 4301. the packet) actions defined in [RFC](#abbr_RFC) 4301. As noted in section 4.4.1 of [RFC](#abbr_RFC) 4301, the processing of As noted in section 4.4.1 of [RFC](#abbr_RFC) 4301, the processing of entries in the [SPD](#abbr_SPD) is non-trivial and the evaluator shall entries in the [SPD](#abbr_SPD) is non-trivial and the evaluator shall determine that the description in the [TSS](#abbr_TSS) is sufficient to determine that the description in the [TSS](#abbr_TSS) is sufficient to determine which rules will be applied given the rule structure determine which rules will be applied given the rule structure implemented by the [TOE](#abbr_TOE). For example, if the implemented by the [TOE](#abbr_TOE). For example, if the [TOE](#abbr_TOE) allows specification of ranges, conditional rules, [TOE](#abbr_TOE) allows specification of ranges, conditional rules, etc., the evaluator shall determine that the description of rule etc., the evaluator shall determine that the description of rule processing (for both inbound and outbound packets) is sufficient to processing (for both inbound and outbound packets) is sufficient to determine the action that will be applied, especially in the case where determine the action that will be applied, especially in the case where two different rules may apply. This description shall cover both the two different rules may apply. This description shall cover both the initial packets (that is, no [SA](#abbr_SA) is established on the initial packets (that is, no [SA](#abbr_SA) is established on the interface or for that particular packet) as well as packets that are interface or for that particular packet) as well as packets that are part of an established [SA](#abbr_SA).\ part of an established [SA](#abbr_SA).\ \ \ ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to verify it instructs the The evaluator shall examine the AGD to verify it instructs the Administrator how to construct entries into the [SPD](#abbr_SPD) that Administrator how to construct entries into the [SPD](#abbr_SPD) that specify a rule for processing a packet. The description includes all specify a rule for processing a packet. The description includes all three cases -- a rule that ensures packets are encrypted/decrypted, three cases -- a rule that ensures packets are encrypted/decrypted, dropped, and flow through the [TOE](#abbr_TOE) without being encrypted. dropped, and flow through the [TOE](#abbr_TOE) without being encrypted. The evaluator shall determine that the description in the AGD is The evaluator shall determine that the description in the AGD is consistent with the description in the [TSS](#abbr_TSS), and that the consistent with the description in the [TSS](#abbr_TSS), and that the level of detail in the AGD is sufficient to allow the administrator to level of detail in the AGD is sufficient to allow the administrator to set up the [SPD](#abbr_SPD) in an unambiguous fashion. This includes a set up the [SPD](#abbr_SPD) in an unambiguous fashion. This includes a discussion of how ordering of rules impacts the processing of an discussion of how ordering of rules impacts the processing of an [IP](#abbr_IP) packet.\ [IP](#abbr_IP) packet.\ \ \ ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this element.\ There are no KMD evaluation activities for this element.\ \ \ ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator uses the operational guidance to configure the The evaluator uses the operational guidance to configure the [TOE](#abbr_TOE) to carry out the following tests: [TOE](#abbr_TOE) to carry out the following tests: - **Test 1:** The evaluator shall configure the [SPD](#abbr_SPD) such - **Test 1:** The evaluator shall configure the [SPD](#abbr_SPD) such that there is a rule for dropping a packet, encrypting a packet, and that there is a rule for dropping a packet, encrypting a packet, and allowing a packet to flow in plaintext. The selectors used in the allowing a packet to flow in plaintext. The selectors used in the construction of the rule shall be different such that the evaluator construction of the rule shall be different such that the evaluator can generate a packet and send packets to the gateway with the can generate a packet and send packets to the gateway with the appropriate fields (fields that are used by the rule - e.g., the appropriate fields (fields that are used by the rule - e.g., the [IP](#abbr_IP) addresses, TCP/UDP ports) in the packet header. The [IP](#abbr_IP) addresses, TCP/UDP ports) in the packet header. The evaluator performs both positive and negative test cases for each evaluator performs both positive and negative test cases for each type of rule (e.g., a packet that matches the rule and another that type of rule (e.g., a packet that matches the rule and another that does not match the rule). The evaluator observes via the audit does not match the rule). The evaluator observes via the audit trail, and packet captures that the [TOE](#abbr_TOE) exhibited the trail, and packet captures that the [TOE](#abbr_TOE) exhibited the expected behavior: appropriate packets were dropped, allowed to flow expected behavior: appropriate packets were dropped, allowed to flow without modification, encrypted by the IPsec implementation. without modification, encrypted by the IPsec implementation. - **Test 2:** The evaluator shall devise several tests that cover a - **Test 2:** The evaluator shall devise several tests that cover a variety of scenarios for packet processing. As with Test 1, the variety of scenarios for packet processing. As with Test 1, the evaluator ensures both positive and negative test cases are evaluator ensures both positive and negative test cases are constructed. These scenarios shall exercise the range of constructed. These scenarios shall exercise the range of possibilities for [SPD](#abbr_SPD) entries and processing modes as possibilities for [SPD](#abbr_SPD) entries and processing modes as outlined in the [TSS](#abbr_TSS) and operational guidance. Potential outlined in the [TSS](#abbr_TSS) and operational guidance. Potential areas to cover include rules with overlapping ranges and conflicting areas to cover include rules with overlapping ranges and conflicting entries, inbound and outbound packets, and packets that establish entries, inbound and outbound packets, and packets that establish SAs as well as packets that belong to established SAs. The evaluator SAs as well as packets that belong to established SAs. The evaluator shall verify, via the audit trail and packet captures, for each shall verify, via the audit trail and packet captures, for each scenario that the expected behavior is exhibited, and is consistent scenario that the expected behavior is exhibited, and is consistent with both the [TSS](#abbr_TSS) and the operational guidance. with both the [TSS](#abbr_TSS) and the operational guidance. \ \ ::: {.element-activity-header} ::: {.element-activity-header} [FCS\_IPSEC\_EXT.1.2](#FCS_IPSEC_EXT.1.2) [FCS\_IPSEC\_EXT.1.2](#FCS_IPSEC_EXT.1.2) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator checks the [TSS](#abbr_TSS) to ensure it states that an The evaluator checks the [TSS](#abbr_TSS) to ensure it states that an IPsec [VPN](#abbr_VPN) can be established to operate in tunnel mode or IPsec [VPN](#abbr_VPN) can be established to operate in tunnel mode or transport mode (as selected).\ transport mode (as selected).\ \ \ ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall confirm that the AGD contains instructions on how to The evaluator shall confirm that the AGD contains instructions on how to configure the connection in each mode selected. configure the connection in each mode selected. If both transport mode and tunnel mode are implemented, the evaluator If both transport mode and tunnel mode are implemented, the evaluator shall review the AGD to determine how the use of a given mode is shall review the AGD to determine how the use of a given mode is specified.\ specified.\ \ \ ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this element.\ There are no KMD evaluation activities for this element.\ \ \ ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following test(s) based on the The evaluator shall perform the following test(s) based on the selections chosen: selections chosen: - **Test 1:** \[conditional\] If tunnel mode is selected, the - **Test 1:** \[conditional\] If tunnel mode is selected, the evaluator uses the operational guidance to configure the evaluator uses the operational guidance to configure the [TOE](#abbr_TOE)/platform to operate in tunnel mode and also [TOE](#abbr_TOE)/platform to operate in tunnel mode and also configures a [VPN](#abbr_VPN) peer to operate in tunnel mode. The configures a [VPN](#abbr_VPN) peer to operate in tunnel mode. The evaluator configures the [TOE](#abbr_TOE)/platform and the evaluator configures the [TOE](#abbr_TOE)/platform and the [VPN](#abbr_VPN) peer to use any of the allowable cryptographic [VPN](#abbr_VPN) peer to use any of the allowable cryptographic algorithms, authentication methods, etc. to ensure an allowable algorithms, authentication methods, etc. to ensure an allowable [SA](#abbr_SA) can be negotiated. The evaluator shall then initiate [SA](#abbr_SA) can be negotiated. The evaluator shall then initiate a connection from the [TOE](#abbr_TOE)/Platform to the a connection from the [TOE](#abbr_TOE)/Platform to the [VPN](#abbr_VPN) peer. The evaluator observes (for example, in the [VPN](#abbr_VPN) peer. The evaluator observes (for example, in the audit trail and the captured packets) that a successful connection audit trail and the captured packets) that a successful connection was established using the tunnel mode. was established using the tunnel mode. - **Test 2:** \[conditional\] If transport mode is selected, the - **Test 2:** \[conditional\] If transport mode is selected, the evaluator uses the operational guidance to configure the evaluator uses the operational guidance to configure the [TOE](#abbr_TOE)/platform to operate in transport mode and also [TOE](#abbr_TOE)/platform to operate in transport mode and also configures a [VPN](#abbr_VPN) peer to operate in transport mode. The configures a [VPN](#abbr_VPN) peer to operate in transport mode. The evaluator configures the [TOE](#abbr_TOE)/platform and the evaluator configures the [TOE](#abbr_TOE)/platform and the [VPN](#abbr_VPN) peer to use any of the allowed cryptographic [VPN](#abbr_VPN) peer to use any of the allowed cryptographic algorithms, authentication methods, etc. to ensure an allowable algorithms, authentication methods, etc. to ensure an allowable [SA](#abbr_SA) can be negotiated. The evaluator then initiates a [SA](#abbr_SA) can be negotiated. The evaluator then initiates a connection from the [TOE](#abbr_TOE)/platform to connect to the connection from the [TOE](#abbr_TOE)/platform to connect to the [VPN](#abbr_VPN) peer. The evaluator observes (for example, in the [VPN](#abbr_VPN) peer. The evaluator observes (for example, in the audit trail and the captured packets) that a successful connection audit trail and the captured packets) that a successful connection was established using the transport mode. was established using the transport mode. \ \ ::: {.element-activity-header} ::: {.element-activity-header} [FCS\_IPSEC\_EXT.1.3](#FCS_IPSEC_EXT.1.3) [FCS\_IPSEC\_EXT.1.3](#FCS_IPSEC_EXT.1.3) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: There are no [TSS](#abbr_TSS) evaluation activities for this element.\ There are no [TSS](#abbr_TSS) evaluation activities for this element.\ \ \ ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall check that the AGD provides instructions on how to The evaluator shall check that the AGD provides instructions on how to construct or acquire the [SPD](#abbr_SPD) and uses the AGD to configure construct or acquire the [SPD](#abbr_SPD) and uses the AGD to configure the [TOE](#abbr_TOE) for the following test.\ the [TOE](#abbr_TOE) for the following test.\ If both transport mode and tunnel mode are implemented, the evaluator If both transport mode and tunnel mode are implemented, the evaluator shall review the AGD to determine how the use of a given mode is shall review the AGD to determine how the use of a given mode is specified.\ specified.\ \ \ ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this element.\ There are no KMD evaluation activities for this element.\ \ \ ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following test: The evaluator shall perform the following test: The evaluator shall configure the [SPD](#abbr_SPD) such that it has The evaluator shall configure the [SPD](#abbr_SPD) such that it has entries that contain operations that DISCARD, PROTECT, and (if entries that contain operations that DISCARD, PROTECT, and (if applicable) BYPASS network packets. The evaluator may use the applicable) BYPASS network packets. The evaluator may use the [SPD](#abbr_SPD) that was created for verification of [SPD](#abbr_SPD) that was created for verification of [FCS\_IPSEC\_EXT.1.1](#FCS_IPSEC_EXT.1.1). The evaluator shall construct [FCS\_IPSEC\_EXT.1.1](#FCS_IPSEC_EXT.1.1). The evaluator shall construct a network packet that matches a BYPASS entry and send that packet. The a network packet that matches a BYPASS entry and send that packet. The evaluator should observe that the network packet is passed to the proper evaluator should observe that the network packet is passed to the proper destination interface with no modification. The evaluator shall then destination interface with no modification. The evaluator shall then modify a field in the packet header; such that it no longer matches the modify a field in the packet header; such that it no longer matches the evaluator-created entries (there may be a "[TOE](#abbr_TOE)-created" evaluator-created entries (there may be a "[TOE](#abbr_TOE)-created" final entry that discards packets that do not match any previous final entry that discards packets that do not match any previous entries). The evaluator sends the packet, and observes that the packet entries). The evaluator sends the packet, and observes that the packet was not permitted to flow to any of the [TOE](#abbr_TOE)'s interfaces.\ was not permitted to flow to any of the [TOE](#abbr_TOE)'s interfaces.\ \ \ ::: {.element-activity-header} ::: {.element-activity-header} [FCS\_IPSEC\_EXT.1.4](#FCS_IPSEC_EXT.1.4) [FCS\_IPSEC\_EXT.1.4](#FCS_IPSEC_EXT.1.4) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to verify that the The evaluator shall examine the [TSS](#abbr_TSS) to verify that the algorithms [AES](#abbr_AES)-GCM-128 and [AES](#abbr_AES)-GCM-256 are algorithms [AES](#abbr_AES)-GCM-128 and [AES](#abbr_AES)-GCM-256 are implemented. If the [ST](#abbr_ST) Author has selected either implemented. If the [ST](#abbr_ST) Author has selected either [AES](#abbr_AES)-CBC-128 or [AES](#abbr_AES)-CBC-256 in the requirement, [AES](#abbr_AES)-CBC-128 or [AES](#abbr_AES)-CBC-256 in the requirement, then the evaluator verifies the [TSS](#abbr_TSS) describes these as then the evaluator verifies the [TSS](#abbr_TSS) describes these as well. In addition, the evaluator ensures that the [SHA](#abbr_SHA)-based well. In addition, the evaluator ensures that the [SHA](#abbr_SHA)-based [HMAC](#abbr_HMAC) algorithm conforms to the algorithms specified in [HMAC](#abbr_HMAC) algorithm conforms to the algorithms specified in [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) Cryptographic Operations [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) Cryptographic Operations (Keyed Hash Algorithms).\ (Keyed Hash Algorithms).\ \ \ ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator checks the AGD to ensure it provides instructions on how The evaluator checks the AGD to ensure it provides instructions on how the [TOE](#abbr_TOE) is configured to use the algorithms selected in the [TOE](#abbr_TOE) is configured to use the algorithms selected in this component and whether this is performed through direct this component and whether this is performed through direct configuration, defined during initial installation, or defined by configuration, defined during initial installation, or defined by acquiring configuration settings from an environmental component.\ acquiring configuration settings from an environmental component.\ \ \ ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this element.\ There are no KMD evaluation activities for this element.\ \ \ ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following test: The evaluator shall perform the following test: The evaluator shall configure the [TOE](#abbr_TOE)/platform as indicated The evaluator shall configure the [TOE](#abbr_TOE)/platform as indicated in the operational guidance configuring the [TOE](#abbr_TOE)/platform to in the operational guidance configuring the [TOE](#abbr_TOE)/platform to use each of the supported algorithms, attempt to establish a connection use each of the supported algorithms, attempt to establish a connection using ESP, and verify that the attempt succeeds.\ using ESP, and verify that the attempt succeeds.\ \ \ ::: {.element-activity-header} ::: {.element-activity-header} [FCS\_IPSEC\_EXT.1.5](#FCS_IPSEC_EXT.1.5) [FCS\_IPSEC\_EXT.1.5](#FCS_IPSEC_EXT.1.5) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to verify that IKEv1 The evaluator shall examine the [TSS](#abbr_TSS) to verify that IKEv1 and/or IKEv2 are implemented. If IKEv1 is implemented, the evaluator and/or IKEv2 are implemented. If IKEv1 is implemented, the evaluator shall verify that the [TSS](#abbr_TSS) indicates whether or not XAUTH is shall verify that the [TSS](#abbr_TSS) indicates whether or not XAUTH is supported, and that aggressive mode is not used for IKEv1 Phase 1 supported, and that aggressive mode is not used for IKEv1 Phase 1 exchanges (i.e. only main mode is used). It may be that these are exchanges (i.e. only main mode is used). It may be that these are configurable options.\ configurable options.\ \ \ ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall check the AGD to ensure it instructs the The evaluator shall check the AGD to ensure it instructs the administrator how to configure the [TOE](#abbr_TOE) to use IKEv1 and/or administrator how to configure the [TOE](#abbr_TOE) to use IKEv1 and/or IKEv2 (as selected), and uses the guidance to configure the IKEv2 (as selected), and uses the guidance to configure the [TOE](#abbr_TOE) to perform NAT traversal for the test below. If XAUTH [TOE](#abbr_TOE) to perform NAT traversal for the test below. If XAUTH is implemented, the evaluator shall verify that the AGD provides is implemented, the evaluator shall verify that the AGD provides instructions on how it is enabled or disabled.\ instructions on how it is enabled or disabled.\ If the [TOE](#abbr_TOE) supports IKEv1, the evaluator shall verify that If the [TOE](#abbr_TOE) supports IKEv1, the evaluator shall verify that the AGD either asserts that only main mode is used for Phase 1 the AGD either asserts that only main mode is used for Phase 1 exchanges, or provides instructions for disabling aggressive mode. exchanges, or provides instructions for disabling aggressive mode. \ \ ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this element.\ There are no KMD evaluation activities for this element.\ \ \ ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: Tests are performed in conjunction with the other IPsec evaluation Tests are performed in conjunction with the other IPsec evaluation activities with the exception of the activities below: activities with the exception of the activities below: - **Test 1:** The evaluator shall configure the [TOE](#abbr_TOE) so - **Test 1:** The evaluator shall configure the [TOE](#abbr_TOE) so that it will perform NAT traversal processing as described in the that it will perform NAT traversal processing as described in the [TSS](#abbr_TSS) and [RFC](#abbr_RFC) 7296, section 2.23. The [TSS](#abbr_TSS) and [RFC](#abbr_RFC) 7296, section 2.23. The evaluator shall initiate an IPsec connection and determine that the evaluator shall initiate an IPsec connection and determine that the NAT is successfully traversed. If the [TOE](#abbr_TOE) supports NAT is successfully traversed. If the [TOE](#abbr_TOE) supports IKEv1 with or without XAUTH, the evaluator shall verify that this IKEv1 with or without XAUTH, the evaluator shall verify that this test can be successfully repeated with XAUTH enabled and disabled in test can be successfully repeated with XAUTH enabled and disabled in the manner specified by the operational guidance. If the the manner specified by the operational guidance. If the [TOE](#abbr_TOE) only supports IKEv1 with XAUTH, the evaluator shall [TOE](#abbr_TOE) only supports IKEv1 with XAUTH, the evaluator shall verify that connections not using XAUTH are unsuccessful. If the verify that connections not using XAUTH are unsuccessful. If the [TOE](#abbr_TOE) only supports IKEv1 without XAUTH, the evaluator [TOE](#abbr_TOE) only supports IKEv1 without XAUTH, the evaluator shall verify that connections using XAUTH are unsuccessful. shall verify that connections using XAUTH are unsuccessful. - **Test 2:** \[conditional\] If the [TOE](#abbr_TOE) supports IKEv1, - **Test 2:** \[conditional\] If the [TOE](#abbr_TOE) supports IKEv1, the evaluator shall perform any applicable operational guidance the evaluator shall perform any applicable operational guidance steps to disable the use of aggressive mode and then attempt to steps to disable the use of aggressive mode and then attempt to establish a connection using an IKEv1 Phase 1 connection in establish a connection using an IKEv1 Phase 1 connection in aggressive mode. This attempt should fail. The evaluator shall show aggressive mode. This attempt should fail. The evaluator shall show that the [TOE](#abbr_TOE) will reject a [VPN](#abbr_VPN) gateway that the [TOE](#abbr_TOE) will reject a [VPN](#abbr_VPN) gateway from initiating an IKEv1 Phase 1 connection in aggressive mode. The from initiating an IKEv1 Phase 1 connection in aggressive mode. The evaluator should then show that main mode exchanges are supported. evaluator should then show that main mode exchanges are supported. \ \ ::: {.element-activity-header} ::: {.element-activity-header} [FCS\_IPSEC\_EXT.1.6](#FCS_IPSEC_EXT.1.6) [FCS\_IPSEC\_EXT.1.6](#FCS_IPSEC_EXT.1.6) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall ensure the [TSS](#abbr_TSS) identifies the The evaluator shall ensure the [TSS](#abbr_TSS) identifies the algorithms used for encrypting the IKEv1 and/or IKEv2 payload, and that algorithms used for encrypting the IKEv1 and/or IKEv2 payload, and that the algorithms [AES](#abbr_AES)-CBC-128, [AES](#abbr_AES)-CBC-256 are the algorithms [AES](#abbr_AES)-CBC-128, [AES](#abbr_AES)-CBC-256 are specified, and if others are chosen in the selection of the requirement, specified, and if others are chosen in the selection of the requirement, those are included in the [TSS](#abbr_TSS) discussion.\ those are included in the [TSS](#abbr_TSS) discussion.\ \ \ ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator checks the AGD to ensure it provides instructions on how The evaluator checks the AGD to ensure it provides instructions on how the [TOE](#abbr_TOE) is configured to use the algorithms selected in the [TOE](#abbr_TOE) is configured to use the algorithms selected in this component and whether this is performed through direct this component and whether this is performed through direct configuration, defined during initial installation, or defined by configuration, defined during initial installation, or defined by acquiring configuration settings from an environmental component.\ acquiring configuration settings from an environmental component.\ \ \ ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this element.\ There are no KMD evaluation activities for this element.\ \ \ ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall use the operational guidance to configure the The evaluator shall use the operational guidance to configure the [TOE](#abbr_TOE) (or to configure the Operational Environment to have [TOE](#abbr_TOE) (or to configure the Operational Environment to have the [TOE](#abbr_TOE) receive configuration) to perform the following the [TOE](#abbr_TOE) receive configuration) to perform the following test for each ciphersuite selected: test for each ciphersuite selected: The evaluator shall configure the [TOE](#abbr_TOE) to use the The evaluator shall configure the [TOE](#abbr_TOE) to use the ciphersuite under test to encrypt the IKEv1 and/or IKEv2 payload and ciphersuite under test to encrypt the IKEv1 and/or IKEv2 payload and establish a connection with a peer device, which is configured to only establish a connection with a peer device, which is configured to only accept the payload encrypted using the indicated ciphersuite. The accept the payload encrypted using the indicated ciphersuite. The evaluator will confirm the algorithm was that used in the negotiation. evaluator will confirm the algorithm was that used in the negotiation. The evaluator will confirm that the connection is successful by The evaluator will confirm that the connection is successful by confirming that data can be passed through the connection once it is confirming that data can be passed through the connection once it is established. For example, the evaluator may connect to a webpage on the established. For example, the evaluator may connect to a webpage on the remote network and verify that it can be reached.\ remote network and verify that it can be reached.\ \ \ ::: {.element-activity-header} ::: {.element-activity-header} [FCS\_IPSEC\_EXT.1.7](#FCS_IPSEC_EXT.1.7) [FCS\_IPSEC\_EXT.1.7](#FCS_IPSEC_EXT.1.7) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: There are no [TSS](#abbr_TSS) EAs for this element.\ There are no [TSS](#abbr_TSS) EAs for this element.\ \ \ ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall check the AGD to ensure it provides instructions on The evaluator shall check the AGD to ensure it provides instructions on how the [TOE](#abbr_TOE) configures the values for [SA](#abbr_SA) how the [TOE](#abbr_TOE) configures the values for [SA](#abbr_SA) lifetimes. In addition, the evaluator shall check that the AGD has the lifetimes. In addition, the evaluator shall check that the AGD has the option for either the Administrator or [VPN](#abbr_VPN) Gateway to option for either the Administrator or [VPN](#abbr_VPN) Gateway to configure Phase 1 SAs if time-based limits are supported. Currently configure Phase 1 SAs if time-based limits are supported. Currently there are no values mandated for the number of packets or number of there are no values mandated for the number of packets or number of bytes, the evaluator shall simply check the AGD to ensure that this can bytes, the evaluator shall simply check the AGD to ensure that this can be configured if selected in the requirement.\ be configured if selected in the requirement.\ \ \ ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this element.\ There are no KMD evaluation activities for this element.\ \ \ ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: When testing this functionality, the evaluator needs to ensure that both When testing this functionality, the evaluator needs to ensure that both sides are configured appropriately. From the [RFC](#abbr_RFC) "A sides are configured appropriately. From the [RFC](#abbr_RFC) "A difference between IKEv1 and IKEv2 is that in IKEv1 [SA](#abbr_SA) difference between IKEv1 and IKEv2 is that in IKEv1 [SA](#abbr_SA) lifetimes were negotiated. In IKEv2, each end of the [SA](#abbr_SA) is lifetimes were negotiated. In IKEv2, each end of the [SA](#abbr_SA) is responsible for enforcing its own lifetime policy on the [SA](#abbr_SA) responsible for enforcing its own lifetime policy on the [SA](#abbr_SA) and rekeying the [SA](#abbr_SA) when necessary. If the two ends have and rekeying the [SA](#abbr_SA) when necessary. If the two ends have different lifetime policies, the end with the shorter lifetime will end different lifetime policies, the end with the shorter lifetime will end up always being the one to request the rekeying. If the two ends have up always being the one to request the rekeying. If the two ends have the same lifetime policies, it is possible that both will initiate a the same lifetime policies, it is possible that both will initiate a rekeying at the same time (which will result in redundant SAs). To rekeying at the same time (which will result in redundant SAs). To reduce the probability of this happening, the timing of rekeying reduce the probability of this happening, the timing of rekeying requests SHOULD be jittered." requests SHOULD be jittered." Each of the following tests shall be performed for each version of IKE Each of the following tests shall be performed for each version of IKE selected in the [FCS\_IPSEC\_EXT.1.5](#FCS_IPSEC_EXT.1.5) protocol selected in the [FCS\_IPSEC\_EXT.1.5](#FCS_IPSEC_EXT.1.5) protocol selection: selection: - **Test 1:** \[conditional\] The evaluator shall configure a maximum - **Test 1:** \[conditional\] The evaluator shall configure a maximum lifetime in terms of the \# of packets (or bytes) allowed following lifetime in terms of the \# of packets (or bytes) allowed following the operational guidance. The evaluator shall establish an the operational guidance. The evaluator shall establish an [SA](#abbr_SA) and determine that once the allowed \# of packets (or [SA](#abbr_SA) and determine that once the allowed \# of packets (or bytes) through this [SA](#abbr_SA) is exceeded, the connection is bytes) through this [SA](#abbr_SA) is exceeded, the connection is closed. closed. - **Test 2:** \[conditional\] The evaluator shall construct a test - **Test 2:** \[conditional\] The evaluator shall construct a test where a Phase 1 [SA](#abbr_SA) is established and attempted to be where a Phase 1 [SA](#abbr_SA) is established and attempted to be maintained for more than 24 hours before it is renegotiated. The maintained for more than 24 hours before it is renegotiated. The evaluator shall observe that this [SA](#abbr_SA) is closed or evaluator shall observe that this [SA](#abbr_SA) is closed or renegotiated in 24 hours or less. If such an action requires that renegotiated in 24 hours or less. If such an action requires that the [TOE](#abbr_TOE) be configured in a specific way, the evaluator the [TOE](#abbr_TOE) be configured in a specific way, the evaluator shall implement tests demonstrating that the configuration shall implement tests demonstrating that the configuration capability of the [TOE](#abbr_TOE) works as documented in the capability of the [TOE](#abbr_TOE) works as documented in the operational guidance. operational guidance. - **Test 3:** \[conditional\] The evaluator shall perform a test - **Test 3:** \[conditional\] The evaluator shall perform a test similar to Test 2 for Phase 2 SAs, except that the lifetime will be similar to Test 2 for Phase 2 SAs, except that the lifetime will be 8 hours or less instead of 24 hours or less. 8 hours or less instead of 24 hours or less. - **Test 4:** \[conditional\] If a fixed limit for IKEv1 SAs is - **Test 4:** \[conditional\] If a fixed limit for IKEv1 SAs is supported, the evaluator shall establish an [SA](#abbr_SA) and supported, the evaluator shall establish an [SA](#abbr_SA) and observe that the connection is closed after the fixed traffic and/or observe that the connection is closed after the fixed traffic and/or time value is reached. time value is reached. \ \ ::: {.element-activity-header} ::: {.element-activity-header} [FCS\_IPSEC\_EXT.1.8](#FCS_IPSEC_EXT.1.8) [FCS\_IPSEC\_EXT.1.8](#FCS_IPSEC_EXT.1.8) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall check to ensure that the [DH](#abbr_DH) groups The evaluator shall check to ensure that the [DH](#abbr_DH) groups specified in the requirement are listed as being supported in the specified in the requirement are listed as being supported in the [TSS](#abbr_TSS). If there is more than one [DH](#abbr_DH) group [TSS](#abbr_TSS). If there is more than one [DH](#abbr_DH) group supported, the evaluator checks to ensure the [TSS](#abbr_TSS) describes supported, the evaluator checks to ensure the [TSS](#abbr_TSS) describes how a particular [DH](#abbr_DH) group is specified/negotiated with a how a particular [DH](#abbr_DH) group is specified/negotiated with a peer.\ peer.\ \ \ ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD EAs for this requirement.\ There are no AGD EAs for this requirement.\ \ \ ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this element.\ There are no KMD evaluation activities for this element.\ \ \ ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following test: The evaluator shall perform the following test: For each supported [DH](#abbr_DH) group, the evaluator shall test to For each supported [DH](#abbr_DH) group, the evaluator shall test to ensure that all supported IKE protocols can be successfully completed ensure that all supported IKE protocols can be successfully completed using that particular [DH](#abbr_DH) group.\ using that particular [DH](#abbr_DH) group.\ \ \ ::: {.element-activity-header} ::: {.element-activity-header} [FCS\_IPSEC\_EXT.1.9](#FCS_IPSEC_EXT.1.9) [FCS\_IPSEC\_EXT.1.9](#FCS_IPSEC_EXT.1.9) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall check to ensure that, for each [DH](#abbr_DH) group The evaluator shall check to ensure that, for each [DH](#abbr_DH) group supported, the [TSS](#abbr_TSS) describes the process for generating supported, the [TSS](#abbr_TSS) describes the process for generating \"x\" (as defined in [FCS\_IPSEC\_EXT.1.9](#FCS_IPSEC_EXT.1.9)) and each \"x\" (as defined in [FCS\_IPSEC\_EXT.1.9](#FCS_IPSEC_EXT.1.9)) and each nonce. The evaluator shall verify that the [TSS](#abbr_TSS) indicates nonce. The evaluator shall verify that the [TSS](#abbr_TSS) indicates that the random number generated that meets the requirements in this that the random number generated that meets the requirements in this [EP](#abbr_EP) is used, and that the length of \"x\" and the nonces meet [EP](#abbr_EP) is used, and that the length of \"x\" and the nonces meet the stipulations in the requirement.\ the stipulations in the requirement.\ \ \ ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD EAs for this element.\ There are no AGD EAs for this element.\ \ \ ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this element.\ There are no KMD evaluation activities for this element.\ \ \ ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: There are no test EAs for this element.\ There are no test EAs for this element.\ \ \ ::: {.element-activity-header} ::: {.element-activity-header} [FCS\_IPSEC\_EXT.1.10](#FCS_IPSEC_EXT.1.10) [FCS\_IPSEC\_EXT.1.10](#FCS_IPSEC_EXT.1.10) ::: ::: EAs for this element are tested through EAs for EAs for this element are tested through EAs for [FCS\_IPSEC\_EXT.1.9](#FCS_IPSEC_EXT.1.9). [FCS\_IPSEC\_EXT.1.9](#FCS_IPSEC_EXT.1.9). ::: {.element-activity-header} ::: {.element-activity-header} [FCS\_IPSEC\_EXT.1.11](#FCS_IPSEC_EXT.1.11) [FCS\_IPSEC\_EXT.1.11](#FCS_IPSEC_EXT.1.11) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator ensures that the [TSS](#abbr_TSS) identifies RSA and/or The evaluator ensures that the [TSS](#abbr_TSS) identifies RSA and/or [ECDSA](#abbr_ECDSA) as being used to perform peer authentication. [ECDSA](#abbr_ECDSA) as being used to perform peer authentication. If pre-shared keys are chosen in the selection, the evaluator shall If pre-shared keys are chosen in the selection, the evaluator shall check to ensure that the [TSS](#abbr_TSS) describes how pre-shared keys check to ensure that the [TSS](#abbr_TSS) describes how pre-shared keys are established and used in authentication of IPsec connections. The are established and used in authentication of IPsec connections. The description in the [TSS](#abbr_TSS) shall also indicate how pre-shared description in the [TSS](#abbr_TSS) shall also indicate how pre-shared key establishment is accomplished depending on whether the key establishment is accomplished depending on whether the [TSF](#abbr_TSF) can generate a pre-shared key, accept a pre-shared key, [TSF](#abbr_TSF) can generate a pre-shared key, accept a pre-shared key, or both. or both. The evaluator shall ensure that the [TSS](#abbr_TSS) describes how the The evaluator shall ensure that the [TSS](#abbr_TSS) describes how the [TOE](#abbr_TOE) compares the peer's presented identifier to the [TOE](#abbr_TOE) compares the peer's presented identifier to the reference identifier. This description shall include whether the reference identifier. This description shall include whether the certificate presented identifier is compared to the ID payload presented certificate presented identifier is compared to the ID payload presented identifier, which field(s) of the certificate are used as the presented identifier, which field(s) of the certificate are used as the presented identifier ([DN](#abbr_DN), Common Name, or [SAN](#abbr_SAN)) and, if identifier ([DN](#abbr_DN), Common Name, or [SAN](#abbr_SAN)) and, if multiple fields are supported, the logical order comparison. If the multiple fields are supported, the logical order comparison. If the [ST](#abbr_ST) Author assigned an additional identifier type, the [ST](#abbr_ST) Author assigned an additional identifier type, the [TSS](#abbr_TSS) description shall also include a description of that [TSS](#abbr_TSS) description shall also include a description of that type and the method by which that type is compared to the peer's type and the method by which that type is compared to the peer's presented certificate.\ presented certificate.\ \ \ ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall check that the AGD describes how pre-shared keys are The evaluator shall check that the AGD describes how pre-shared keys are to be generated and established. to be generated and established. The evaluator ensures the AGD describes how to set up the The evaluator ensures the AGD describes how to set up the [TOE](#abbr_TOE) to use the cryptographic algorithms RSA and/or [TOE](#abbr_TOE) to use the cryptographic algorithms RSA and/or [ECDSA](#abbr_ECDSA). [ECDSA](#abbr_ECDSA). In order to construct the environment and configure the [TOE](#abbr_TOE) In order to construct the environment and configure the [TOE](#abbr_TOE) for the following tests, the evaluator will ensure that the AGD also for the following tests, the evaluator will ensure that the AGD also describes how to configure the [TOE](#abbr_TOE) to connect to a trusted describes how to configure the [TOE](#abbr_TOE) to connect to a trusted CA, and ensure a valid certificate for that CA is loaded into the CA, and ensure a valid certificate for that CA is loaded into the [TOE](#abbr_TOE) as a trusted CA. [TOE](#abbr_TOE) as a trusted CA. The evaluator shall also ensure that the AGD includes the configuration The evaluator shall also ensure that the AGD includes the configuration of the reference identifier(s) for the peer.\ of the reference identifier(s) for the peer.\ \ \ ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this element.\ There are no KMD evaluation activities for this element.\ \ \ ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: For efficiency's sake, the testing that is performed here has been For efficiency's sake, the testing that is performed here has been combined with the testing for [FIA\_X509\_EXT.2](#FIA_X509_EXT.2) and combined with the testing for [FIA\_X509\_EXT.2](#FIA_X509_EXT.2) and FIA\_X509\_EXT.3 (for IPsec connections and depending on the FIA\_X509\_EXT.3 (for IPsec connections and depending on the [Base-PP](#abbr_Base-PP)), [FCS\_IPSEC\_EXT.1.12](#FCS_IPSEC_EXT.1.12), [Base-PP](#abbr_Base-PP)), [FCS\_IPSEC\_EXT.1.12](#FCS_IPSEC_EXT.1.12), and [FCS\_IPSEC\_EXT.1.13](#FCS_IPSEC_EXT.1.13). The following tests and [FCS\_IPSEC\_EXT.1.13](#FCS_IPSEC_EXT.1.13). The following tests shall be repeated for each peer authentication protocol selected in the shall be repeated for each peer authentication protocol selected in the [FCS\_IPSEC\_EXT.1.11](#FCS_IPSEC_EXT.1.11) selection above: [FCS\_IPSEC\_EXT.1.11](#FCS_IPSEC_EXT.1.11) selection above: - **Test 1:** The evaluator shall have the [TOE](#abbr_TOE) generate a - **Test 1:** The evaluator shall have the [TOE](#abbr_TOE) generate a public-private key pair, and submit a CSR (Certificate Signing public-private key pair, and submit a CSR (Certificate Signing Request) to a CA (trusted by both the [TOE](#abbr_TOE) and the peer Request) to a CA (trusted by both the [TOE](#abbr_TOE) and the peer [VPN](#abbr_VPN) used to establish a connection) for its signature. [VPN](#abbr_VPN) used to establish a connection) for its signature. The values for the [DN](#abbr_DN) (Common Name, Organization, The values for the [DN](#abbr_DN) (Common Name, Organization, Organizational Unit, and Country) will also be passed in the Organizational Unit, and Country) will also be passed in the request. Alternatively, the evaluator may import to the request. Alternatively, the evaluator may import to the [TOE](#abbr_TOE) a previously generated private key and [TOE](#abbr_TOE) a previously generated private key and corresponding certificate. corresponding certificate. - **Test 2:** The evaluator shall configure the [TOE](#abbr_TOE) to - **Test 2:** The evaluator shall configure the [TOE](#abbr_TOE) to use a private key and associated certificate signed by a trusted CA use a private key and associated certificate signed by a trusted CA and shall establish an IPsec connection with the peer. and shall establish an IPsec connection with the peer. - **Test 3:** The evaluator shall test that the [TOE](#abbr_TOE) can - **Test 3:** The evaluator shall test that the [TOE](#abbr_TOE) can properly handle revoked certificates -- conditional on whether properly handle revoked certificates -- conditional on whether [CRL](#abbr_CRL) or [OCSP](#abbr_OCSP) is selected; if both are [CRL](#abbr_CRL) or [OCSP](#abbr_OCSP) is selected; if both are selected, then a test is performed for each method. For this current selected, then a test is performed for each method. For this current version of the [PP-Module](#abbr_PP-Module), the evaluator has to version of the [PP-Module](#abbr_PP-Module), the evaluator has to only test one up in the trust chain (future drafts may require to only test one up in the trust chain (future drafts may require to ensure the validation is done up the entire chain). The evaluator ensure the validation is done up the entire chain). The evaluator shall ensure that a valid certificate is used, and that the shall ensure that a valid certificate is used, and that the [SA](#abbr_SA) is established. The evaluator then attempts the test [SA](#abbr_SA) is established. The evaluator then attempts the test with a certificate that will be revoked (for each method chosen in with a certificate that will be revoked (for each method chosen in the selection) to ensure when the certificate is no longer valid the selection) to ensure when the certificate is no longer valid that the [TOE](#abbr_TOE) will not establish an [SA](#abbr_SA). that the [TOE](#abbr_TOE) will not establish an [SA](#abbr_SA). - **Test 4:** \[conditional\] The evaluator shall generate a - **Test 4:** \[conditional\] The evaluator shall generate a pre-shared key and use it, as indicated in the operational guidance, pre-shared key and use it, as indicated in the operational guidance, to establish an IPsec connection with the [VPN](#abbr_VPN) GW peer. to establish an IPsec connection with the [VPN](#abbr_VPN) GW peer. If the generation of the pre-shared key is supported, the evaluator If the generation of the pre-shared key is supported, the evaluator shall ensure that establishment of the key is carried out for an shall ensure that establishment of the key is carried out for an instance of the [TOE](#abbr_TOE) generating the key as well as an instance of the [TOE](#abbr_TOE) generating the key as well as an instance of the [TOE](#abbr_TOE) merely taking in and using the key. instance of the [TOE](#abbr_TOE) merely taking in and using the key. For each supported identifier type (excluding DNs), the evaluator For each supported identifier type (excluding DNs), the evaluator shall repeat the following tests: shall repeat the following tests: - **Test 5:** For each field of the certificate supported for - **Test 5:** For each field of the certificate supported for comparison, the evaluator shall configure the peer's reference comparison, the evaluator shall configure the peer's reference identifier on the [TOE](#abbr_TOE) (per the administrative guidance) identifier on the [TOE](#abbr_TOE) (per the administrative guidance) to match the field in the peer's presented certificate and shall to match the field in the peer's presented certificate and shall verify that the IKE authentication succeeds. verify that the IKE authentication succeeds. - **Test 6:** For each field of the certificate support for - **Test 6:** For each field of the certificate support for comparison, the evaluator shall configure the peer's reference comparison, the evaluator shall configure the peer's reference identifier on the [TOE](#abbr_TOE) (per the administrative guidance) identifier on the [TOE](#abbr_TOE) (per the administrative guidance) to not match the field in the peer's presented certificate and shall to not match the field in the peer's presented certificate and shall verify that the IKE authentication fails. verify that the IKE authentication fails. The following tests are conditional: The following tests are conditional: - **Test 7:** \[conditional\] If, according to the [TSS](#abbr_TSS), - **Test 7:** \[conditional\] If, according to the [TSS](#abbr_TSS), the [TOE](#abbr_TOE) supports both Common Name and [SAN](#abbr_SAN) the [TOE](#abbr_TOE) supports both Common Name and [SAN](#abbr_SAN) certificate fields and uses the preferred logic outlined in the certificate fields and uses the preferred logic outlined in the Application Note, the tests above with the Common Name field shall Application Note, the tests above with the Common Name field shall be performed using peer certificates with no [SAN](#abbr_SAN) be performed using peer certificates with no [SAN](#abbr_SAN) extension. Additionally, the evaluator shall configure the peer's extension. Additionally, the evaluator shall configure the peer's reference identifier on the [TOE](#abbr_TOE) to not match the reference identifier on the [TOE](#abbr_TOE) to not match the [SAN](#abbr_SAN) in the peer's presented certificate but to match [SAN](#abbr_SAN) in the peer's presented certificate but to match the Common Name in the peer's presented certificate, and verify that the Common Name in the peer's presented certificate, and verify that the IKE authentication fails. the IKE authentication fails. - **Test 8:** \[conditional\] If the [TOE](#abbr_TOE) supports - **Test 8:** \[conditional\] If the [TOE](#abbr_TOE) supports [DN](#abbr_DN) identifier types, the evaluator shall configure the [DN](#abbr_DN) identifier types, the evaluator shall configure the peer\'s reference identifier on the [TOE](#abbr_TOE) (per the peer\'s reference identifier on the [TOE](#abbr_TOE) (per the administrative guidance) to match the subject [DN](#abbr_DN) in the administrative guidance) to match the subject [DN](#abbr_DN) in the peer\'s presented certificate and shall verify that the IKE peer\'s presented certificate and shall verify that the IKE authentication succeeds. To demonstrate a bit-wise comparison of the authentication succeeds. To demonstrate a bit-wise comparison of the [DN](#abbr_DN), the evaluator shall change a single bit in the [DN](#abbr_DN), the evaluator shall change a single bit in the [DN](#abbr_DN) (preferably, in an Object Identifier [DN](#abbr_DN) (preferably, in an Object Identifier ([OID](#abbr_OID)) in the [DN](#abbr_DN)) and verify that the IKE ([OID](#abbr_OID)) in the [DN](#abbr_DN)) and verify that the IKE authentication fails. To demonstrate a comparison of [DN](#abbr_DN) authentication fails. To demonstrate a comparison of [DN](#abbr_DN) values, the evaluator shall change any one of the four values, the evaluator shall change any one of the four [DN](#abbr_DN) values and verify that the IKE authentication fails. [DN](#abbr_DN) values and verify that the IKE authentication fails. - **Test 9:** \[conditional\] If the [TOE](#abbr_TOE) supports both - **Test 9:** \[conditional\] If the [TOE](#abbr_TOE) supports both IPv4 and IPv6 and supports [IP](#abbr_IP) address identifier types, IPv4 and IPv6 and supports [IP](#abbr_IP) address identifier types, the evaluator must repeat test 1 and 2 with both IPv4 address the evaluator must repeat test 1 and 2 with both IPv4 address identifiers and IPv6 identifiers. Additionally, the evaluator shall identifiers and IPv6 identifiers. Additionally, the evaluator shall verify that the [TOE](#abbr_TOE) verifies that the [IP](#abbr_IP) verify that the [TOE](#abbr_TOE) verifies that the [IP](#abbr_IP) header matches the identifiers by setting the presented identifiers header matches the identifiers by setting the presented identifiers and the reference identifier with the same [IP](#abbr_IP) address and the reference identifier with the same [IP](#abbr_IP) address that differs from the actual [IP](#abbr_IP) address of the peer in that differs from the actual [IP](#abbr_IP) address of the peer in the [IP](#abbr_IP) headers and verifying that the IKE authentication the [IP](#abbr_IP) headers and verifying that the IKE authentication fails. fails. - **Test 10:** \[conditional\] If, according to the [TSS](#abbr_TSS), - **Test 10:** \[conditional\] If, according to the [TSS](#abbr_TSS), the [TOE](#abbr_TOE) performs comparisons between the peer's ID the [TOE](#abbr_TOE) performs comparisons between the peer's ID payload and the peer's certificate, the evaluator shall repeat the payload and the peer's certificate, the evaluator shall repeat the following test for each combination of supported identifier types following test for each combination of supported identifier types and supported certificate fields (as above). The evaluator shall and supported certificate fields (as above). The evaluator shall configure the peer to present a different ID payload than the field configure the peer to present a different ID payload than the field in the peer's presented certificate and verify that the in the peer's presented certificate and verify that the [TOE](#abbr_TOE) fails to authenticate the IKE peer. [TOE](#abbr_TOE) fails to authenticate the IKE peer. \ \ ::: {.element-activity-header} ::: {.element-activity-header} [FCS\_IPSEC\_EXT.1.12](#FCS_IPSEC_EXT.1.12) [FCS\_IPSEC\_EXT.1.12](#FCS_IPSEC_EXT.1.12) ::: ::: EAs for this element are tested through EAs for EAs for this element are tested through EAs for [FCS\_IPSEC\_EXT.1.11](#FCS_IPSEC_EXT.1.11). [FCS\_IPSEC\_EXT.1.11](#FCS_IPSEC_EXT.1.11). ::: {.element-activity-header} ::: {.element-activity-header} [FCS\_IPSEC\_EXT.1.13](#FCS_IPSEC_EXT.1.13) [FCS\_IPSEC\_EXT.1.13](#FCS_IPSEC_EXT.1.13) ::: ::: EAs for this element are tested through EAs for EAs for this element are tested through EAs for [FCS\_IPSEC\_EXT.1.11](#FCS_IPSEC_EXT.1.11). [FCS\_IPSEC\_EXT.1.11](#FCS_IPSEC_EXT.1.11). ::: {.element-activity-header} ::: {.element-activity-header} [FCS\_IPSEC\_EXT.1.14](#FCS_IPSEC_EXT.1.14) [FCS\_IPSEC\_EXT.1.14](#FCS_IPSEC_EXT.1.14) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall check that the [TSS](#abbr_TSS) describes the The evaluator shall check that the [TSS](#abbr_TSS) describes the potential strengths (in terms of the number of bits in the symmetric potential strengths (in terms of the number of bits in the symmetric key) of the algorithms that are allowed for the IKE and ESP exchanges. key) of the algorithms that are allowed for the IKE and ESP exchanges. The [TSS](#abbr_TSS) shall also describe the checks that are done when The [TSS](#abbr_TSS) shall also describe the checks that are done when negotiating IKEv1 Phase 2 and/or IKEv2 CHILD\_SA suites to ensure that negotiating IKEv1 Phase 2 and/or IKEv2 CHILD\_SA suites to ensure that the strength (in terms of the number of bits of key in the symmetric the strength (in terms of the number of bits of key in the symmetric algorithm) of the negotiated algorithm is less than or equal to that of algorithm) of the negotiated algorithm is less than or equal to that of the IKE [SA](#abbr_SA) this is protecting the negotiation.\ the IKE [SA](#abbr_SA) this is protecting the negotiation.\ \ \ ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD EAs for this element.\ There are no AGD EAs for this element.\ \ \ ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this element.\ There are no KMD evaluation activities for this element.\ \ \ ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator follows the guidance to configure the [TOE](#abbr_TOE) to The evaluator follows the guidance to configure the [TOE](#abbr_TOE) to perform the following tests for each version of IKE supported: perform the following tests for each version of IKE supported: - **Test 1:** The evaluator shall successfully negotiate an IPsec - **Test 1:** The evaluator shall successfully negotiate an IPsec connection using each of the supported algorithms and hash functions connection using each of the supported algorithms and hash functions identified in the requirements. identified in the requirements. - **Test 2:** \[conditional\]The evaluator shall attempt to establish - **Test 2:** \[conditional\]The evaluator shall attempt to establish an [SA](#abbr_SA) for ESP that selects an encryption algorithm with an [SA](#abbr_SA) for ESP that selects an encryption algorithm with more strength than that being used for the IKE [SA](#abbr_SA) (i.e., more strength than that being used for the IKE [SA](#abbr_SA) (i.e., symmetric algorithm with a key size larger than that being used for symmetric algorithm with a key size larger than that being used for the IKE [SA](#abbr_SA)). Such attempts should fail. the IKE [SA](#abbr_SA)). Such attempts should fail. - **Test 3:** The evaluator shall attempt to establish an IKE - **Test 3:** The evaluator shall attempt to establish an IKE [SA](#abbr_SA) using an algorithm that is not one of the supported [SA](#abbr_SA) using an algorithm that is not one of the supported algorithms and hash functions identified in the requirements. Such algorithms and hash functions identified in the requirements. Such an attempt should fail. an attempt should fail. - **Test 4:** The evaluator shall attempt to establish an - **Test 4:** The evaluator shall attempt to establish an [SA](#abbr_SA) for ESP (assumes the proper parameters where used to [SA](#abbr_SA) for ESP (assumes the proper parameters where used to establish the IKE [SA](#abbr_SA)) that selects an encryption establish the IKE [SA](#abbr_SA)) that selects an encryption algorithm that is not identified in algorithm that is not identified in [FCS\_IPSEC\_EXT.1.4](#FCS_IPSEC_EXT.1.4). Such an attempt should [FCS\_IPSEC\_EXT.1.4](#FCS_IPSEC_EXT.1.4). Such an attempt should fail. fail. \ \ ::: ::: ::: ::: ::: ::: ::: {#FCS_RBG_EXT.1 .comp} ::: {#FCS_RBG_EXT.1 .comp} #### FCS\_RBG\_EXT.1 Random Bit Generation #### FCS\_RBG\_EXT.1 Random Bit Generation ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FCS\_CKM\_EXT.5.1](#FCS_CKM_EXT.5.1).*** selection in [FCS\_CKM\_EXT.5.1](#FCS_CKM_EXT.5.1).*** ***This component must be included in the [ST](#abbr_ST) if any of the ***This component must be included in the [ST](#abbr_ST) if any of the following SFRs are included:***\ following SFRs are included:***\ - ***[FCS\_CKM.1/AK](#FCS_CKM.1/AK)*** - ***[FCS\_CKM.1/AK](#FCS_CKM.1/AK)*** - ***[FCS\_CKM.1/SK](#FCS_CKM.1/SK)*** - ***[FCS\_CKM.1/SK](#FCS_CKM.1/SK)*** - ***[FCS\_COP.1/SigGen](#FCS_COP.1/SigGen)*** - ***[FCS\_COP.1/SigGen](#FCS_COP.1/SigGen)*** - ***[FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1)*** - ***[FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1)*** - ***[FCS\_SLT\_EXT.1](#FCS_SLT_EXT.1)*** - ***[FCS\_SLT\_EXT.1](#FCS_SLT_EXT.1)*** ***This component may also be included in the [ST](#abbr_ST) as if ***This component may also be included in the [ST](#abbr_ST) as if optional.*** optional.*** ::: ::: ::: {.element} ::: {.element} ::: {#FCS_RBG_EXT.1.1 .reqid} ::: {#FCS_RBG_EXT.1.1 .reqid} [FCS\_RBG\_EXT.1.1](#FCS_RBG_EXT.1.1){.abbr} [FCS\_RBG\_EXT.1.1](#FCS_RBG_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall perform all deterministic random bit The [TSF](#abbr_TSF) shall perform all deterministic random bit generation services in accordance with [ISO](#abbr_ISO)/[IEC](#abbr_IEC) generation services in accordance with [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 18031:2011 using \[**selection**: *Hash\_DRBG (any)*, *HMAC\_DRBG 18031:2011 using \[**selection**: *Hash\_DRBG (any)*, *HMAC\_DRBG (any)*, *CTR\_DRBG ([AES](#abbr_AES))*\]. (any)*, *CTR\_DRBG ([AES](#abbr_AES))*\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if random bits are provided by the included in the [ST](#abbr_ST) if random bits are provided by the [TOE](#abbr_TOE) to tenant software, or if it is used by the [TOE](#abbr_TOE) to tenant software, or if it is used by the [TOE](#abbr_TOE) itself to support or implement [PP](#abbr_PP)-specified [TOE](#abbr_TOE) itself to support or implement [PP](#abbr_PP)-specified security functionality.]{.note} security functionality.]{.note} This [SFR](#abbr_SFR) is also needed if the following SFRs are included This [SFR](#abbr_SFR) is also needed if the following SFRs are included in the [ST](#abbr_ST): [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1), in the [ST](#abbr_ST): [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1), [FCS\_SLT\_EXT.1](#FCS_SLT_EXT.1), [FCS\_CKM.1/AK](#FCS_CKM.1/AK), [FCS\_SLT\_EXT.1](#FCS_SLT_EXT.1), [FCS\_CKM.1/AK](#FCS_CKM.1/AK), [FCS\_CKM.1/SK](#FCS_CKM.1/SK), and [FCS\_CKM.1/SK](#FCS_CKM.1/SK), and [FCS\_COP.1/SigGen](#FCS_COP.1/SigGen). [FCS\_COP.1/SigGen](#FCS_COP.1/SigGen). Also, this [SFR](#abbr_SFR) must be claimed if Also, this [SFR](#abbr_SFR) must be claimed if \"*[KDF](#abbr_KDF)-CTR*,\" \"*[KDF](#abbr_KDF)-FB*,\" or \"*[KDF](#abbr_KDF)-CTR*,\" \"*[KDF](#abbr_KDF)-FB*,\" or \"*[KDF](#abbr_KDF)-DPI*\" is selected in \"*[KDF](#abbr_KDF)-DPI*\" is selected in [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5). [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5). If \"*HMAC\_DRBG (any)*\" is selected, then If \"*HMAC\_DRBG (any)*\" is selected, then [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) must be claimed. [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash) must be claimed. If \"*Hash\_DRBG (any)*\" is selected, then If \"*Hash\_DRBG (any)*\" is selected, then [FCS\_COP.1/Hash](#FCS_COP.1/Hash) must be claimed. If \"*CTR\_DRBG [FCS\_COP.1/Hash](#FCS_COP.1/Hash) must be claimed. If \"*CTR\_DRBG (any)*\" is selected, then [FCS\_COP.1/SKC](#FCS_COP.1/SKC) must be (any)*\" is selected, then [FCS\_COP.1/SKC](#FCS_COP.1/SKC) must be claimed. claimed. ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_RBG_EXT.1.2 .reqid} ::: {#FCS_RBG_EXT.1.2 .reqid} [FCS\_RBG\_EXT.1.2](#FCS_RBG_EXT.1.2){.abbr} [FCS\_RBG\_EXT.1.2](#FCS_RBG_EXT.1.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The deterministic [RBG](#abbr_RBG) shall be seeded by at least one The deterministic [RBG](#abbr_RBG) shall be seeded by at least one entropy source in accordance with [NIST](#abbr_NIST) SP 800-90B that entropy source in accordance with [NIST](#abbr_NIST) SP 800-90B that accumulates entropy from \[**selection**: *\[**assignment**: [number of accumulates entropy from \[**selection**: *\[**assignment**: [number of software-based sources]{.assignable-content}\] software-based noise software-based sources]{.assignable-content}\] software-based noise source*, *\[**assignment**: [number of hardware-based source*, *\[**assignment**: [number of hardware-based sources]{.assignable-content}\] hardware-based noise source*\] with a sources]{.assignable-content}\] hardware-based noise source*\] with a minimum of \[**selection**: *128*, *192*, *256*\] bits of entropy at minimum of \[**selection**: *128*, *192*, *256*\] bits of entropy at least equal to the greatest security strength, according to least equal to the greatest security strength, according to [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 18031:2011, of the keys and CSPs that [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 18031:2011, of the keys and CSPs that it will generate. it will generate. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ For the selection in [Application Note: ]{.note-header}[ For the selection in [FCS\_RBG\_EXT.1.2](#FCS_RBG_EXT.1.2), the [ST](#abbr_ST) Author selects [FCS\_RBG\_EXT.1.2](#FCS_RBG_EXT.1.2), the [ST](#abbr_ST) Author selects the appropriate number of bits of entropy that corresponds to the the appropriate number of bits of entropy that corresponds to the greatest security strength of the algorithms included in the greatest security strength of the algorithms included in the [ST](#abbr_ST). Security strength is defined in Tables 2 and 3 of [ST](#abbr_ST). Security strength is defined in Tables 2 and 3 of [NIST](#abbr_NIST) SP 800-57A. For example, if the implementation [NIST](#abbr_NIST) SP 800-57A. For example, if the implementation includes 2048-bit RSA (security strength of 112 bits), [AES](#abbr_AES) includes 2048-bit RSA (security strength of 112 bits), [AES](#abbr_AES) 128 (security strength 128 bits), and [HMAC](#abbr_HMAC)-SHA-256 128 (security strength 128 bits), and [HMAC](#abbr_HMAC)-SHA-256 (security strength 256 bits), then the [ST](#abbr_ST) Author would (security strength 256 bits), then the [ST](#abbr_ST) Author would select 256 bits. ]{.note} select 256 bits. ]{.note} ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_RBG_EXT.1.3 .reqid} ::: {#FCS_RBG_EXT.1.3 .reqid} [FCS\_RBG\_EXT.1.3](#FCS_RBG_EXT.1.3){.abbr} [FCS\_RBG\_EXT.1.3](#FCS_RBG_EXT.1.3){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall be capable of providing output of the The [TSF](#abbr_TSF) shall be capable of providing output of the [RBG](#abbr_RBG) to tenant software on the [TOE](#abbr_TOE) that request [RBG](#abbr_RBG) to tenant software on the [TOE](#abbr_TOE) that request random bits. random bits. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ [ISO](#abbr_ISO)/[IEC](#abbr_IEC) [Application Note: ]{.note-header}[ [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 18031:2011 contains three different methods of generating random 18031:2011 contains three different methods of generating random numbers. Each of these in turn depends on underlying cryptographic numbers. Each of these in turn depends on underlying cryptographic primitives (hash functions/ciphers). This [PP](#abbr_PP) allows primitives (hash functions/ciphers). This [PP](#abbr_PP) allows [SHA](#abbr_SHA)-1, [SHA](#abbr_SHA)-224, [SHA](#abbr_SHA)-256, [SHA](#abbr_SHA)-1, [SHA](#abbr_SHA)-224, [SHA](#abbr_SHA)-256, [SHA](#abbr_SHA)-384, and [SHA](#abbr_SHA)-512 for Hash\_DRBG or [SHA](#abbr_SHA)-384, and [SHA](#abbr_SHA)-512 for Hash\_DRBG or HMAC\_DRBG and only [AES](#abbr_AES)-based implementations for HMAC\_DRBG and only [AES](#abbr_AES)-based implementations for CTR\_DRBG. ]{.note} CTR\_DRBG. ]{.note} This requirement must be included in the [ST](#abbr_ST) if the This requirement must be included in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) generates keys, signatures, or salts for its own use or [TOE](#abbr_TOE) generates keys, signatures, or salts for its own use or for tenant software ([FCS\_CKM.1/AK](#FCS_CKM.1/AK), for tenant software ([FCS\_CKM.1/AK](#FCS_CKM.1/AK), [FCS\_CKM.1/SK](#FCS_CKM.1/SK), [FCS\_COP.1/SigGen](#FCS_COP.1/SigGen), [FCS\_CKM.1/SK](#FCS_CKM.1/SK), [FCS\_COP.1/SigGen](#FCS_COP.1/SigGen), [FCS\_SLT\_EXT.1](#FCS_SLT_EXT.1)) or if it provides [RNG](#abbr_RNG) [FCS\_SLT\_EXT.1](#FCS_SLT_EXT.1)) or if it provides [RNG](#abbr_RNG) services for tenant software ([FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1)). services for tenant software ([FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1)). ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to determine that it The evaluator shall examine the [TSS](#abbr_TSS) to determine that it specifies the [DRBG](#abbr_DRBG) type, identifies the entropy sources specifies the [DRBG](#abbr_DRBG) type, identifies the entropy sources seeding the [DRBG](#abbr_DRBG), and state the assumed or calculated seeding the [DRBG](#abbr_DRBG), and state the assumed or calculated min-entropy supplied either separately by each source or the min-entropy min-entropy supplied either separately by each source or the min-entropy contained in the combined seed value. contained in the combined seed value. In addition to the materials below, documentation shall be In addition to the materials below, documentation shall be produced---and the evaluator shall perform the activities---in produced---and the evaluator shall perform the activities---in accordance with [Appendix E - Entropy Documentation and accordance with [Appendix E - Entropy Documentation and Assessment](#appendix-entropy){.dynref}. Assessment](#appendix-entropy){.dynref}. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The following tests require the developer to provide access to a test The following tests require the developer to provide access to a test platform that provides the evaluator with tools that are typically not platform that provides the evaluator with tools that are typically not found on factory products. found on factory products. The evaluator shall perform 15 trials for the [RNG](#abbr_RNG) The evaluator shall perform 15 trials for the [RNG](#abbr_RNG) implementation. If the [RNG](#abbr_RNG) is configurable, the evaluator implementation. If the [RNG](#abbr_RNG) is configurable, the evaluator shall perform 15 trials for each configuration. shall perform 15 trials for each configuration. If the [RNG](#abbr_RNG) has prediction resistance enabled, each trial If the [RNG](#abbr_RNG) has prediction resistance enabled, each trial consists of (1) instantiate [DRBG](#abbr_DRBG), (2) generate the first consists of (1) instantiate [DRBG](#abbr_DRBG), (2) generate the first block of random bits (3) generate a second block of random bits (4) block of random bits (3) generate a second block of random bits (4) uninstantiate. The evaluator verifies that the second block of random uninstantiate. The evaluator verifies that the second block of random bits is the expected value. The evaluator shall generate eight input bits is the expected value. The evaluator shall generate eight input values for each trial. The first is a count (0 -- 14). The next three values for each trial. The first is a count (0 -- 14). The next three are entropy input, nonce, and personalization string for the instantiate are entropy input, nonce, and personalization string for the instantiate operation. The next two are additional input and entropy input for the operation. The next two are additional input and entropy input for the first call to generate. The final two are additional input and entropy first call to generate. The final two are additional input and entropy input for the second call to generate. These values are randomly input for the second call to generate. These values are randomly generated. "generate one block of random bits" means to generate random generated. "generate one block of random bits" means to generate random bits with number of returned bits equal to the Output Block Length (as bits with number of returned bits equal to the Output Block Length (as defined in [NIST](#abbr_NIST) SP 800-90A). defined in [NIST](#abbr_NIST) SP 800-90A). If the [RNG](#abbr_RNG) does not have prediction resistance, each trial If the [RNG](#abbr_RNG) does not have prediction resistance, each trial consists of (1) instantiate [DRBG](#abbr_DRBG), (2) generate the first consists of (1) instantiate [DRBG](#abbr_DRBG), (2) generate the first block of random bits (3) reseed, (4) generate a second block of random block of random bits (3) reseed, (4) generate a second block of random bits (5) uninstantiate. The evaluator verifies that the second block of bits (5) uninstantiate. The evaluator verifies that the second block of random bits is the expected value. The evaluator shall generate eight random bits is the expected value. The evaluator shall generate eight input values for each trial. The first is a count (0 -- 14). The next input values for each trial. The first is a count (0 -- 14). The next three are entropy input, nonce, and personalization string for the three are entropy input, nonce, and personalization string for the instantiate operation. The fifth value is additional input to the first instantiate operation. The fifth value is additional input to the first call to generate. The sixth and seventh are additional input and entropy call to generate. The sixth and seventh are additional input and entropy input to the call to reseed. The final value is additional input to the input to the call to reseed. The final value is additional input to the second generate call. second generate call. The following paragraphs contain more information on some of the input The following paragraphs contain more information on some of the input values to be generated/selected by the evaluator. values to be generated/selected by the evaluator. - **Entropy input:** the length of the entropy input value must equal - **Entropy input:** the length of the entropy input value must equal the seed length. the seed length. - **Nonce:** If a nonce is supported (CTR\_DRBG with no Derivation - **Nonce:** If a nonce is supported (CTR\_DRBG with no Derivation Function does not use a nonce), the nonce bit length is one-half the Function does not use a nonce), the nonce bit length is one-half the seed length. seed length. - **Personalization string:** The length of the personalization string - **Personalization string:** The length of the personalization string must be ≤ seed length. If the implementation only supports one must be ≤ seed length. If the implementation only supports one personalization string length, then the same length can be used for personalization string length, then the same length can be used for both values. If more than one string length is support, the both values. If more than one string length is support, the evaluator shall use personalization strings of two different evaluator shall use personalization strings of two different lengths. If the implementation does not use a personalization lengths. If the implementation does not use a personalization string, no value needs to be supplied. string, no value needs to be supplied. - **Additional input:** the additional input bit lengths have the same - **Additional input:** the additional input bit lengths have the same defaults and restrictions as the personalization string lengths. defaults and restrictions as the personalization string lengths. ::: ::: ::: ::: ::: ::: ::: {#FCS_STG_EXT.2 .comp} ::: {#FCS_STG_EXT.2 .comp} #### FCS\_STG\_EXT.2 Key Storage Encryption #### FCS\_STG\_EXT.2 Key Storage Encryption ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FCS\_STG\_EXT.1.1](#FCS_STG_EXT.1.1).*** selection in [FCS\_STG\_EXT.1.1](#FCS_STG_EXT.1.1).*** ::: ::: ::: {.element} ::: {.element} ::: {#FCS_STG_EXT.2.1 .reqid} ::: {#FCS_STG_EXT.2.1 .reqid} [FCS\_STG\_EXT.2.1](#FCS_STG_EXT.2.1){.abbr} [FCS\_STG\_EXT.2.1](#FCS_STG_EXT.2.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall encrypt \[*AKs, SKs, KEKs, and The [TSF](#abbr_TSF) shall encrypt \[*AKs, SKs, KEKs, and \[**selection**: *long-term trusted channel key material*, *all \[**selection**: *long-term trusted channel key material*, *all software-based key storage*, *no other keys*\]*\] using \[**selection**: software-based key storage*, *no other keys*\]*\] using \[**selection**: *[AES](#abbr_AES)-CCM*, *[AES](#abbr_AES)-GCM*, *[AES](#abbr_AES)-KW*, *[AES](#abbr_AES)-CCM*, *[AES](#abbr_AES)-GCM*, *[AES](#abbr_AES)-KW*, *[AES](#abbr_AES)-KWP*\]. *[AES](#abbr_AES)-KWP*\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in the [ST](#abbr_ST) if \"software-based\" is selected in the [ST](#abbr_ST) if \"software-based\" is selected in [FCS\_STG\_EXT.1](#FCS_STG_EXT.1). ]{.note} [FCS\_STG\_EXT.1](#FCS_STG_EXT.1). ]{.note} ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_STG\_EXT.2](#FCS_STG_EXT.2) [FCS\_STG\_EXT.2](#FCS_STG_EXT.2) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall review the [TSS](#abbr_TSS) to determine that the The evaluator shall review the [TSS](#abbr_TSS) to determine that the [TSS](#abbr_TSS) describes the protection of symmetric keys, KEKs, [TSS](#abbr_TSS) describes the protection of symmetric keys, KEKs, long-term trusted channel key material, and software-based key storage long-term trusted channel key material, and software-based key storage as claimed in [FCS\_STG\_EXT.2.1](#FCS_STG_EXT.2.1). as claimed in [FCS\_STG\_EXT.2.1](#FCS_STG_EXT.2.1). ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component There are no KMD evaluation activities for this component ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: There are no test evaluation activities for this component. There are no test evaluation activities for this component. ::: ::: ::: ::: ::: ::: ::: {#FCS_STG_EXT.3 .comp} ::: {#FCS_STG_EXT.3 .comp} #### FCS\_STG\_EXT.3 Key Integrity Protection #### FCS\_STG\_EXT.3 Key Integrity Protection ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FCS\_STG\_EXT.1.1](#FCS_STG_EXT.1.1).*** selection in [FCS\_STG\_EXT.1.1](#FCS_STG_EXT.1.1).*** ::: ::: ::: {.element} ::: {.element} ::: {#FCS_STG_EXT.3.1 .reqid} ::: {#FCS_STG_EXT.3.1 .reqid} [FCS\_STG\_EXT.3.1](#FCS_STG_EXT.3.1){.abbr} [FCS\_STG\_EXT.3.1](#FCS_STG_EXT.3.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall protect the integrity of any encrypted The [TSF](#abbr_TSF) shall protect the integrity of any encrypted \[*AKs, SKs, KEKs, and \[**selection**: *long-term trusted channel key \[*AKs, SKs, KEKs, and \[**selection**: *long-term trusted channel key material*, *all software-based key storage*, *no other keys*\]*\] by material*, *all software-based key storage*, *no other keys*\]*\] by using \[**selection**: using \[**selection**: - *Symmetric encryption in \[**selection**: *AES\_CCM*, *AES\_GCM*, - *Symmetric encryption in \[**selection**: *AES\_CCM*, *AES\_GCM*, *AES\_KW*, *AES\_KWP*\] mode in accordance with *AES\_KW*, *AES\_KWP*\] mode in accordance with [FCS\_COP.1/SKC](#FCS_COP.1/SKC)*, [FCS\_COP.1/SKC](#FCS_COP.1/SKC)*, - *A keyed hash of the stored key in accordance with - *A keyed hash of the stored key in accordance with [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash)*, [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash)*, - *A digital signature of the stored key in accordance with - *A digital signature of the stored key in accordance with [FCS\_COP.1/SigGen](#FCS_COP.1/SigGen) using an asymmetric key that [FCS\_COP.1/SigGen](#FCS_COP.1/SigGen) using an asymmetric key that is protected in accordance with [FCS\_STG\_EXT.2](#FCS_STG_EXT.2)*, is protected in accordance with [FCS\_STG\_EXT.2](#FCS_STG_EXT.2)*, - *An immediate application of the key for decrypting the protected - *An immediate application of the key for decrypting the protected data followed by a successful verification of the decrypted data data followed by a successful verification of the decrypted data with previously known information* with previously known information* \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in the [ST](#abbr_ST) if \"software-based\" is selected in the [ST](#abbr_ST) if \"software-based\" is selected in [FCS\_STG\_EXT.1](#FCS_STG_EXT.1). ]{.note} [FCS\_STG\_EXT.1](#FCS_STG_EXT.1). ]{.note} ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FCS_STG_EXT.3.2 .reqid} ::: {#FCS_STG_EXT.3.2 .reqid} [FCS\_STG\_EXT.3.2](#FCS_STG_EXT.3.2){.abbr} [FCS\_STG\_EXT.3.2](#FCS_STG_EXT.3.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall verify the integrity of the \[**selection**: The [TSF](#abbr_TSF) shall verify the integrity of the \[**selection**: *digital signature*, *[MAC](#abbr_MAC)*\] of the stored key prior to use *digital signature*, *[MAC](#abbr_MAC)*\] of the stored key prior to use of the key. of the key. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This requirement is not applicable [Application Note: ]{.note-header}[ This requirement is not applicable to derived keys that are not stored. It is not expected that a single to derived keys that are not stored. It is not expected that a single key will be protected from corruption by multiple of these methods; key will be protected from corruption by multiple of these methods; however, a product may use one integrity-protection method for one type however, a product may use one integrity-protection method for one type of key and a different method for other types of keys. ]{.note} of key and a different method for other types of keys. ]{.note} ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FCS\_STG\_EXT.3](#FCS_STG_EXT.3) [FCS\_STG\_EXT.3](#FCS_STG_EXT.3) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) and ensure that it The evaluator shall examine the [TSS](#abbr_TSS) and ensure that it contains a description of how the [TOE](#abbr_TOE) protects the contains a description of how the [TOE](#abbr_TOE) protects the integrity of its keys. integrity of its keys. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: The documentation of the product's encryption key management should be The documentation of the product's encryption key management should be detailed enough that, after reading, the evaluator will thoroughly detailed enough that, after reading, the evaluator will thoroughly understand the product's key management and how it meets the understand the product's key management and how it meets the requirements to ensure the keys are adequately protected. This requirements to ensure the keys are adequately protected. This documentation should include an essay and diagrams. This documentation documentation should include an essay and diagrams. This documentation may be marked as developer proprietary. may be marked as developer proprietary. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: There are no test evaluation activities for this component. There are no test evaluation activities for this component. ::: ::: ::: ::: ::: ::: B.4 Class: User Data Protection (FDP) {#fdp-sel-based .indexable data-level="2"} B.4 Class: User Data Protection (FDP) {#fdp-sel-based .indexable data-level="2"} ------------------------------------- ------------------------------------- ::: {#FDP_ITC_EXT.1 .comp} ::: {#FDP_ITC_EXT.1 .comp} #### FDP\_ITC\_EXT.1 Key/Credential Import #### FDP\_ITC\_EXT.1 Key/Credential Import ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FCS\_STG\_EXT.1.2](#FCS_STG_EXT.1.2).*** selection in [FCS\_STG\_EXT.1.2](#FCS_STG_EXT.1.2).*** ::: ::: ::: {.element} ::: {.element} ::: {#FDP_ITC_EXT.1.1 .reqid} ::: {#FDP_ITC_EXT.1.1 .reqid} [FDP\_ITC\_EXT.1.1](#FDP_ITC_EXT.1.1){.abbr} [FDP\_ITC\_EXT.1.1](#FDP_ITC_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall support importing keys/key material using The [TSF](#abbr_TSF) shall support importing keys/key material using \[**selection**: *physically protected channels as specified in \[**selection**: *physically protected channels as specified in [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1)*, *encrypted data buffers as specified [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1)*, *encrypted data buffers as specified in [FTP\_ITE\_EXT.1](#FTP_ITE_EXT.1)*, *cryptographically protected data in [FTP\_ITE\_EXT.1](#FTP_ITE_EXT.1)*, *cryptographically protected data channels as specified in [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1)*\]. channels as specified in [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1)*\]. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FDP_ITC_EXT.1.2 .reqid} ::: {#FDP_ITC_EXT.1.2 .reqid} [FDP\_ITC\_EXT.1.2](#FDP_ITC_EXT.1.2){.abbr} [FDP\_ITC\_EXT.1.2](#FDP_ITC_EXT.1.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall verify the integrity of imported keys/key The [TSF](#abbr_TSF) shall verify the integrity of imported keys/key material using \[**selection**: material using \[**selection**: - *cryptographic hash as specified in - *cryptographic hash as specified in [FCS\_COP.1/Hash](#FCS_COP.1/Hash)*, [FCS\_COP.1/Hash](#FCS_COP.1/Hash)*, - *keyed hash as specified in - *keyed hash as specified in [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash)*, [FCS\_COP.1/KeyedHash](#FCS_COP.1/KeyedHash)*, - *integrity-providing encryption algorithm as specified in - *integrity-providing encryption algorithm as specified in [FCS\_COP.1/SKC](#FCS_COP.1/SKC) \[**selection**: [FCS\_COP.1/SKC](#FCS_COP.1/SKC) \[**selection**: *[AES](#abbr_AES)-CCM*, *[AES](#abbr_AES)-GCM*, *[AES](#abbr_AES)-CCM*, *[AES](#abbr_AES)-GCM*, *[AES](#abbr_AES)-KW*, *[AES](#abbr_AES)-KWP*\]*, *[AES](#abbr_AES)-KW*, *[AES](#abbr_AES)-KWP*\]*, - *digital signature as specified in - *digital signature as specified in [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer)*, [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer)*, - *integrity verification supported by - *integrity verification supported by [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1)* [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1)* \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in the [ST](#abbr_ST) when \"*importing keys/secrets into the the [ST](#abbr_ST) when \"*importing keys/secrets into the [TOE](#abbr_TOE)*\" is selected in [TOE](#abbr_TOE)*\" is selected in [FCS\_STG\_EXT.1](#FCS_STG_EXT.1).]{.note} [FCS\_STG\_EXT.1](#FCS_STG_EXT.1).]{.note} The way the [TSF](#abbr_TSF) checks the integrity of the keys depends on The way the [TSF](#abbr_TSF) checks the integrity of the keys depends on the method of importation. For example, the encrypted data channel may the method of importation. For example, the encrypted data channel may provide data integrity as part of its service. provide data integrity as part of its service. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1) [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall confirm the [TSS](#abbr_TSS) contains descriptions The evaluator shall confirm the [TSS](#abbr_TSS) contains descriptions of the supported methods the [TSF](#abbr_TSF) uses to import keys and of the supported methods the [TSF](#abbr_TSF) uses to import keys and key material into the [TOE](#abbr_TOE). For each import method selected, key material into the [TOE](#abbr_TOE). For each import method selected, the [TSS](#abbr_TSS) shall describe integrity verification schemes the [TSS](#abbr_TSS) shall describe integrity verification schemes employed. employed. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: For each supported import method selected in For each supported import method selected in [FDP\_ITC\_EXT.1.1](#FDP_ITC_EXT.1.1) and for each supported integrity [FDP\_ITC\_EXT.1.1](#FDP_ITC_EXT.1.1) and for each supported integrity verification method selected in [FDP\_ITC\_EXT.1.2](#FDP_ITC_EXT.1.2). verification method selected in [FDP\_ITC\_EXT.1.2](#FDP_ITC_EXT.1.2). used by the selected import method, provide one key/credential with used by the selected import method, provide one key/credential with valid integrity credentials, one with invalid integrity credentials valid integrity credentials, one with invalid integrity credentials (e.g. hash). The operations with invalid integrity credentials must (e.g. hash). The operations with invalid integrity credentials must result in error. The operations with valid integrity credentials must result in error. The operations with valid integrity credentials must accept the keys/credentials. accept the keys/credentials. ::: ::: ::: ::: ::: ::: B.5 Class: Identification and Authentication (FIA) {#fia-sel-based .indexable data-le B.5 Class: Identification and Authentication (FIA) {#fia-sel-based .indexable data-le -------------------------------------------------- -------------------------------------------------- ::: {#FIA_AFL_EXT.1 .comp} ::: {#FIA_AFL_EXT.1 .comp} #### FIA\_AFL\_EXT.1 Authentication Failure Handling #### FIA\_AFL\_EXT.1 Authentication Failure Handling ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FMT\_SMR.1.1](#FMT_SMR.1.1).*** selection in [FMT\_SMR.1.1](#FMT_SMR.1.1).*** ***This component must also be included in the [ST](#abbr_ST) if any of ***This component must also be included in the [ST](#abbr_ST) if any of the following use cases are selected:***\ the following use cases are selected:***\ - ***[Server-Class Platform, Basic](#uc-server-basic)*** - ***[Server-Class Platform, Basic](#uc-server-basic)*** - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** ::: ::: ::: {.element} ::: {.element} ::: {#FIA_AFL_EXT.1.1 .reqid} ::: {#FIA_AFL_EXT.1.1 .reqid} [FIA\_AFL\_EXT.1.1](#FIA_AFL_EXT.1.1){.abbr} [FIA\_AFL\_EXT.1.1](#FIA_AFL_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall consider password and \[*no other*\] as The [TSF](#abbr_TSF) shall consider password and \[*no other*\] as critical authentication mechanisms. critical authentication mechanisms. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in the [ST](#abbr_ST) if the \"*Administrator*\" role is selected in the [ST](#abbr_ST) if the \"*Administrator*\" role is selected in [FMT\_SMR.1](#FMT_SMR.1), or if the \"*Server-Class Platform, Basic*\" [FMT\_SMR.1](#FMT_SMR.1), or if the \"*Server-Class Platform, Basic*\" or \"*Server-Class Platform, Enhanced*\" use cases are selected.]{.note} or \"*Server-Class Platform, Enhanced*\" use cases are selected.]{.note} If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then If this [SFR](#abbr_SFR) is included in the [ST](#abbr_ST), then [FCS\_CKM.4](#FCS_CKM.4) must also be claimed. [FCS\_CKM.4](#FCS_CKM.4) must also be claimed. This [SFR](#abbr_SFR) specifies the actions to be taken in the event of This [SFR](#abbr_SFR) specifies the actions to be taken in the event of multiple authentication failures. multiple authentication failures. This requirement applies to both critical and non-critical This requirement applies to both critical and non-critical authentication mechanisms. The difference between the two is that authentication mechanisms. The difference between the two is that excessive authentication failures of critical authentication mechanisms excessive authentication failures of critical authentication mechanisms result in the wiping of all protected data (see result in the wiping of all protected data (see [FIA\_AFL\_EXT.1.5](#FIA_AFL_EXT.1.5).). If the [TOE](#abbr_TOE) [FIA\_AFL\_EXT.1.5](#FIA_AFL_EXT.1.5).). If the [TOE](#abbr_TOE) implements multiple Authentication Factor interfaces (for example, a implements multiple Authentication Factor interfaces (for example, a [DAR](#abbr_DAR) decryption interface, a lockscreen interface, an [DAR](#abbr_DAR) decryption interface, a lockscreen interface, an auxiliary boot mode interface), this element applies to all available auxiliary boot mode interface), this element applies to all available interfaces. For example, a password is a critical authentication interfaces. For example, a password is a critical authentication mechanism regardless of if it is being entered at the [DAR](#abbr_DAR) mechanism regardless of if it is being entered at the [DAR](#abbr_DAR) decryption interface or at a lockscreen interface. decryption interface or at a lockscreen interface. ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FIA_AFL_EXT.1.2 .reqid} ::: {#FIA_AFL_EXT.1.2 .reqid} [FIA\_AFL\_EXT.1.2](#FIA_AFL_EXT.1.2){.abbr} [FIA\_AFL\_EXT.1.2](#FIA_AFL_EXT.1.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall detect when a configurable positive integer The [TSF](#abbr_TSF) shall detect when a configurable positive integer within \[**assignment**: [range of acceptable values for each within \[**assignment**: [range of acceptable values for each authentication mechanism]{.assignable-content}\] of \[**selection**: | authentication mechanism]{.assignable-content}\] of \[**selection, *unique*, *non-unique*\] unsuccessful authentication attempts occur | choose one of**: *unique*, *non-unique*\] unsuccessful authentication related to last successful authentication for each authentication | attempts occur related to last successful authentication for each mechanism. | authentication mechanism. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ The positive integer is configured [Application Note: ]{.note-header}[ The positive integer is configured according to [Table [3]{.counter}](#t-manfunc){.t-manfunc-ref} in according to [Table [3]{.counter}](#t-manfunc){.t-manfunc-ref} in [FMT\_SMF.1.1](#FMT_SMF.1.1).]{.note} [FMT\_SMF.1.1](#FMT_SMF.1.1).]{.note} An unique authentication attempt is defined as any attempt to verify an An unique authentication attempt is defined as any attempt to verify an authentication attempt in which the input is different from a previous authentication attempt in which the input is different from a previous attempt. 'Unique' must be selected if the authentication system attempt. 'Unique' must be selected if the authentication system increments the counter only for unique unsuccessful authentication increments the counter only for unique unsuccessful authentication attempts. For example, if the same incorrect password is attempted twice attempts. For example, if the same incorrect password is attempted twice the authentication system increments the counter once. \"*Non-unique*\" the authentication system increments the counter once. \"*Non-unique*\" must be selected if the authentication system increments the counter for must be selected if the authentication system increments the counter for each unsuccessful authentication attempt, regardless of whether the each unsuccessful authentication attempt, regardless of whether the input is unique. For example, if the same incorrect password is input is unique. For example, if the same incorrect password is attempted twice the authentication system increments the counter twice. attempted twice the authentication system increments the counter twice. If the [TOE](#abbr_TOE) supports multiple authentication mechanisms per If the [TOE](#abbr_TOE) supports multiple authentication mechanisms per [FIA\_UAU.5.1](#FIA_UAU.5.1), this element applies to all authentication [FIA\_UAU.5.1](#FIA_UAU.5.1), this element applies to all authentication mechanisms. It is acceptable for each authentication mechanism to mechanisms. It is acceptable for each authentication mechanism to utilize an independent counter or for multiple authentication mechanisms utilize an independent counter or for multiple authentication mechanisms to utilize a shared counter. The interaction between the authentication to utilize a shared counter. The interaction between the authentication factors with regard to the authentication counter must be in accordance factors with regard to the authentication counter must be in accordance with [FIA\_UAU.5.2](#FIA_UAU.5.2). with [FIA\_UAU.5.2](#FIA_UAU.5.2). If the [TOE](#abbr_TOE) implements multiple Authentication Factor If the [TOE](#abbr_TOE) implements multiple Authentication Factor interfaces (for example, a [DAR](#abbr_DAR) decryption interface, a interfaces (for example, a [DAR](#abbr_DAR) decryption interface, a lockscreen interface, an auxiliary boot mode interface), this element lockscreen interface, an auxiliary boot mode interface), this element applies to all available interfaces. However, it is acceptable for each applies to all available interfaces. However, it is acceptable for each Authentication Factor interface to be configurable with a different Authentication Factor interface to be configurable with a different number of unsuccessful authentication attempts. number of unsuccessful authentication attempts. ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FIA_AFL_EXT.1.3 .reqid} ::: {#FIA_AFL_EXT.1.3 .reqid} [FIA\_AFL\_EXT.1.3](#FIA_AFL_EXT.1.3){.abbr} [FIA\_AFL\_EXT.1.3](#FIA_AFL_EXT.1.3){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall maintain the number of unsuccessful The [TSF](#abbr_TSF) shall maintain the number of unsuccessful authentication attempts that have occurred upon power off. authentication attempts that have occurred upon power off. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ The [TOE](#abbr_TOE) may implement [Application Note: ]{.note-header}[ The [TOE](#abbr_TOE) may implement an Authentication Factor interface that precedes another Authentication an Authentication Factor interface that precedes another Authentication Factor interface in the boot sequence (for example, a volume Factor interface in the boot sequence (for example, a volume [DAR](#abbr_DAR) decryption interface which precedes the lockscreen [DAR](#abbr_DAR) decryption interface which precedes the lockscreen interface) before the user can access the [GPCP](#abbr_GPCP). In this interface) before the user can access the [GPCP](#abbr_GPCP). In this situation, because the user must successfully authenticate to the first situation, because the user must successfully authenticate to the first interface to access the second, the number of unsuccessful interface to access the second, the number of unsuccessful authentication attempts need not be maintained for the second interface. authentication attempts need not be maintained for the second interface. ]{.note} ]{.note} ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FIA_AFL_EXT.1.4 .reqid} ::: {#FIA_AFL_EXT.1.4 .reqid} [FIA\_AFL\_EXT.1.4](#FIA_AFL_EXT.1.4){.abbr} [FIA\_AFL\_EXT.1.4](#FIA_AFL_EXT.1.4){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} When the defined number of unsuccessful authentication attempts has When the defined number of unsuccessful authentication attempts has exceeded the maximum allowed for a given authentication mechanism, all exceeded the maximum allowed for a given authentication mechanism, all future authentication attempts shall be limited to other available future authentication attempts shall be limited to other available authentication mechanisms, unless the given mechanism is designated as a authentication mechanisms, unless the given mechanism is designated as a critical authentication mechanism. critical authentication mechanism. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ See [Application Note: ]{.note-header}[ See [FIA\_AFL\_EXT.1.5](#FIA_AFL_EXT.1.5) for exceeding the maximum failure [FIA\_AFL\_EXT.1.5](#FIA_AFL_EXT.1.5) for exceeding the maximum failure threshold for critical authentication mechanisms.]{.note} threshold for critical authentication mechanisms.]{.note} In accordance with [FIA\_AFL\_EXT.1.3](#FIA_AFL_EXT.1.3), this In accordance with [FIA\_AFL\_EXT.1.3](#FIA_AFL_EXT.1.3), this requirement also applies after the [TOE](#abbr_TOE) is powered off and requirement also applies after the [TOE](#abbr_TOE) is powered off and powered back on. powered back on. ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FIA_AFL_EXT.1.5 .reqid} ::: {#FIA_AFL_EXT.1.5 .reqid} [FIA\_AFL\_EXT.1.5](#FIA_AFL_EXT.1.5){.abbr} [FIA\_AFL\_EXT.1.5](#FIA_AFL_EXT.1.5){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} When the defined number of unsuccessful authentication attempts for the When the defined number of unsuccessful authentication attempts for the last available authentication mechanism or a critical authentication last available authentication mechanism or a critical authentication mechanism has been surpassed, the [TSF](#abbr_TSF) shall mechanism has been surpassed, the [TSF](#abbr_TSF) shall \[**selection**: \[**selection**: - *perform a wipe of all protected data*, - *perform a wipe of all protected data*, - *exclude the current User/Administrator from further authentication - *exclude the current User/Administrator from further authentication attempts*, attempts*, - *exclude the current User/Administrator from further authentication - *exclude the current User/Administrator from further authentication attempts for a period of \[**assignment**: [greater than zero attempts for a period of \[**assignment**: [greater than zero seconds]{.assignable-content}\] time* seconds]{.assignable-content}\] time* \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ Wipe is performed in accordance with [Application Note: ]{.note-header}[ Wipe is performed in accordance with [FCS\_CKM\_EXT.4](#FCS_CKM_EXT.4). Protected data is all non-TSF data, [FCS\_CKM\_EXT.4](#FCS_CKM_EXT.4). Protected data is all non-TSF data, including all user or enterprise data. Some or all of this data may be including all user or enterprise data. Some or all of this data may be considered sensitive data as well.]{.note} considered sensitive data as well.]{.note} If the [TOE](#abbr_TOE) implements multiple Authentication Factor If the [TOE](#abbr_TOE) implements multiple Authentication Factor interfaces (for example, a [DAR](#abbr_DAR) decryption interface, a interfaces (for example, a [DAR](#abbr_DAR) decryption interface, a lockscreen interface, an auxiliary boot mode interface), this element lockscreen interface, an auxiliary boot mode interface), this element applies to all available interfaces. applies to all available interfaces. ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FIA_AFL_EXT.1.6 .reqid} ::: {#FIA_AFL_EXT.1.6 .reqid} [FIA\_AFL\_EXT.1.6](#FIA_AFL_EXT.1.6){.abbr} [FIA\_AFL\_EXT.1.6](#FIA_AFL_EXT.1.6){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall increment the number of unsuccessful The [TSF](#abbr_TSF) shall increment the number of unsuccessful authentication attempts prior to notifying the user that the authentication attempts prior to notifying the user that the authentication was unsuccessful. authentication was unsuccessful. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This requirement is to ensure that [Application Note: ]{.note-header}[ This requirement is to ensure that if power is cut to the device directly after an authentication attempt, if power is cut to the device directly after an authentication attempt, the counter will be incremented to reflect that attempt. ]{.note} the counter will be incremented to reflect that attempt. ]{.note} ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1) [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall ensure that the [TSS](#abbr_TSS) describes that a The evaluator shall ensure that the [TSS](#abbr_TSS) describes that a value corresponding to the number of unsuccessful authentication value corresponding to the number of unsuccessful authentication attempts since the last successful authentication is kept for each attempts since the last successful authentication is kept for each Authentication Factor interface. The evaluator shall ensure that this Authentication Factor interface. The evaluator shall ensure that this description also includes if and how this value is maintained when the description also includes if and how this value is maintained when the [TOE](#abbr_TOE) loses power, either through a graceful powered off or [TOE](#abbr_TOE) loses power, either through a graceful powered off or an ungraceful loss of power. The evaluator shall ensure that if the an ungraceful loss of power. The evaluator shall ensure that if the value is not maintained, the interface is after another interface in the value is not maintained, the interface is after another interface in the boot sequence for which the value is maintained. boot sequence for which the value is maintained. If the [TOE](#abbr_TOE) supports multiple authentication mechanisms, the If the [TOE](#abbr_TOE) supports multiple authentication mechanisms, the evaluator shall ensure that this description also includes how the evaluator shall ensure that this description also includes how the unsuccessful authentication attempts for each mechanism selected in unsuccessful authentication attempts for each mechanism selected in [FIA\_UAU.5.1](#FIA_UAU.5.1) is handled. The evaluator shall verify that [FIA\_UAU.5.1](#FIA_UAU.5.1) is handled. The evaluator shall verify that the [TSS](#abbr_TSS) describes if each authentication mechanism utilizes the [TSS](#abbr_TSS) describes if each authentication mechanism utilizes its own counter or if multiple authentication mechanisms utilize a its own counter or if multiple authentication mechanisms utilize a shared counter. If multiple authentication mechanisms utilize a shared shared counter. If multiple authentication mechanisms utilize a shared counter, the evaluator shall verify that the [TSS](#abbr_TSS) describes counter, the evaluator shall verify that the [TSS](#abbr_TSS) describes this interaction. this interaction. The evaluator shall confirm that the [TSS](#abbr_TSS) describes how the The evaluator shall confirm that the [TSS](#abbr_TSS) describes how the process used to determine if the authentication attempt was successful. process used to determine if the authentication attempt was successful. The evaluator shall ensure that the counter would be updated even if The evaluator shall ensure that the counter would be updated even if power to the device is cut immediately following notifying the power to the device is cut immediately following notifying the [TOE](#abbr_TOE) user if the authentication attempt was successful or [TOE](#abbr_TOE) user if the authentication attempt was successful or not. not. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall verify that the AGD describes how the Administrator The evaluator shall verify that the AGD describes how the Administrator configures the maximum number of unique unsuccessful authentication configures the maximum number of unique unsuccessful authentication attempts, and the lockout time period, if applicable. attempts, and the lockout time period, if applicable. The evaluator shall verify that the AGD describes how an Administrator The evaluator shall verify that the AGD describes how an Administrator may recover from authentication failure when another Administrator is may recover from authentication failure when another Administrator is locked out. locked out. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this element. There are no KMD evaluation activities for this element. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall configure the device with all authentication The evaluator shall configure the device with all authentication mechanisms selected in [FIA\_UAU.5.1](#FIA_UAU.5.1), and configure a mechanisms selected in [FIA\_UAU.5.1](#FIA_UAU.5.1), and configure a maximum number of unsuccessful authentication attempts for each maximum number of unsuccessful authentication attempts for each mechanism. mechanism. - **Test 1:** The evaluator shall for each authentication mechanism - **Test 1:** The evaluator shall for each authentication mechanism make unsuccessful authentication attempts until the maximum is make unsuccessful authentication attempts until the maximum is exceeded and verify that the number of failures corresponds to the exceeded and verify that the number of failures corresponds to the configured maximum and that no further authentication attempts can configured maximum and that no further authentication attempts can be made using that mechanism. be made using that mechanism. - **Test 2:** \[conditional\] If the mechanism is critical or if all - **Test 2:** \[conditional\] If the mechanism is critical or if all authentication mechanisms are exhausted, then if \"*perform a wipe authentication mechanisms are exhausted, then if \"*perform a wipe of all protected data*\" is selected in of all protected data*\" is selected in [FIA\_AFL\_EXT.1.5](#FIA_AFL_EXT.1.5) the evaluator shall verify [FIA\_AFL\_EXT.1.5](#FIA_AFL_EXT.1.5) the evaluator shall verify that the wipe is implemented. that the wipe is implemented. - **Test 3:** \[conditional\] If the mechanism is critical or if all - **Test 3:** \[conditional\] If the mechanism is critical or if all authentication mechanisms are exhausted, then if \"*exclude the authentication mechanisms are exhausted, then if \"*exclude the current User/Administrator from further authentication attempts*\" current User/Administrator from further authentication attempts*\" is selected in [FIA\_AFL\_EXT.1.5](#FIA_AFL_EXT.1.5) the evaluator is selected in [FIA\_AFL\_EXT.1.5](#FIA_AFL_EXT.1.5) the evaluator shall verify that the User/Administrator can make no further shall verify that the User/Administrator can make no further authentication attempts. authentication attempts. - **Test 4:** \[conditional\] If the mechanism is critical or if all - **Test 4:** \[conditional\] If the mechanism is critical or if all authentication mechanisms are exhausted, then if \"*exclude the authentication mechanisms are exhausted, then if \"*exclude the current User/Administrator from further authentication attempts for current User/Administrator from further authentication attempts for a period of \[assignment: greater than zero seconds\] time*\" is a period of \[assignment: greater than zero seconds\] time*\" is selected in [FIA\_AFL\_EXT.1.5](#FIA_AFL_EXT.1.5) the evaluator selected in [FIA\_AFL\_EXT.1.5](#FIA_AFL_EXT.1.5) the evaluator shall verify that the User/Administrator can make no further shall verify that the User/Administrator can make no further authentication attempts until the specified time period has expired. authentication attempts until the specified time period has expired. ::: ::: ::: ::: ::: ::: ::: {#FIA_PMG_EXT.1 .comp} ::: {#FIA_PMG_EXT.1 .comp} #### FIA\_PMG\_EXT.1 Password Management #### FIA\_PMG\_EXT.1 Password Management ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FMT\_SMR.1.1](#FMT_SMR.1.1).*** selection in [FMT\_SMR.1.1](#FMT_SMR.1.1).*** ***This component must also be included in the [ST](#abbr_ST) if any of ***This component must also be included in the [ST](#abbr_ST) if any of the following use cases are selected:***\ the following use cases are selected:***\ - ***[Server-Class Platform, Basic](#uc-server-basic)*** - ***[Server-Class Platform, Basic](#uc-server-basic)*** - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** ::: ::: ::: {.element} ::: {.element} ::: {#FIA_PMG_EXT.1.1 .reqid} ::: {#FIA_PMG_EXT.1.1 .reqid} [FIA\_PMG\_EXT.1.1](#FIA_PMG_EXT.1.1){.abbr} [FIA\_PMG\_EXT.1.1](#FIA_PMG_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall support the following for the Password The [TSF](#abbr_TSF) shall support the following for the Password Authentication Factor: Authentication Factor: 1. Passwords shall be able to be composed of any combination of 1. Passwords shall be able to be composed of any combination of \[**selection**: *upper and lower case letters*, *\[**assignment**: \[**selection**: *upper and lower case letters*, *\[**assignment**: [a character set of at least 52 [a character set of at least 52 characters]{.assignable-content}\]*\], numbers, and special characters]{.assignable-content}\]*\], numbers, and special characters: \[**selection**: *\"!\"*, *\"@\"*, *\"\#\"*, *\"\$\"*, characters: \[**selection**: *\"!\"*, *\"@\"*, *\"\#\"*, *\"\$\"*, *\"%\"*, *\"\^\"*, *\"&\"*, *\"\*\"*, *\"(\"*, *\")\"*, *\"%\"*, *\"\^\"*, *\"&\"*, *\"\*\"*, *\"(\"*, *\")\"*, *\[**assignment**: [other characters]{.assignable-content}\]*\] *\[**assignment**: [other characters]{.assignable-content}\]*\] 2. Password length up to \[**assignment**: [an integer greater than or 2. Password length up to \[**assignment**: [an integer greater than or equal to 14]{.assignable-content}\] characters shall be supported. equal to 14]{.assignable-content}\] characters shall be supported. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in the [ST](#abbr_ST) if the \"*Administrator*\" role is selected in the [ST](#abbr_ST) if the \"*Administrator*\" role is selected in [FMT\_SMR.1](#FMT_SMR.1), or if the \"*Server-Class Platform, Basic*\" [FMT\_SMR.1](#FMT_SMR.1), or if the \"*Server-Class Platform, Basic*\" or \"*Server-Class Platform, Enhanced*\" use cases are selected.]{.note} or \"*Server-Class Platform, Enhanced*\" use cases are selected.]{.note} While some corporate policies require passwords of 14 characters or While some corporate policies require passwords of 14 characters or better, the use of a Root Encryption Key for [DAR](#abbr_DAR) protection better, the use of a Root Encryption Key for [DAR](#abbr_DAR) protection and key storage protection and the anti-hammer requirement and key storage protection and the anti-hammer requirement ([FIA\_TRT\_EXT.1](#FIA_TRT_EXT.1)) addresses the threat of attackers ([FIA\_TRT\_EXT.1](#FIA_TRT_EXT.1)) addresses the threat of attackers with physical access using much smaller and less complex passwords. with physical access using much smaller and less complex passwords. The [ST](#abbr_ST) Author selects the character set: either the upper The [ST](#abbr_ST) Author selects the character set: either the upper and lower case Basic Latin letters or another assigned character set and lower case Basic Latin letters or another assigned character set containing at least 52 characters. The assigned character set must be containing at least 52 characters. The assigned character set must be well defined: either according to an international encoding standard well defined: either according to an international encoding standard (such as Unicode) or defined in the assignment by the [ST](#abbr_ST) (such as Unicode) or defined in the assignment by the [ST](#abbr_ST) Author. The [ST](#abbr_ST) Author also selects the special characters Author. The [ST](#abbr_ST) Author also selects the special characters that are supported by [TOE](#abbr_TOE); they may optionally list that are supported by [TOE](#abbr_TOE); they may optionally list additional special characters supported using the assignment. additional special characters supported using the assignment. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FIA\_PMG\_EXT.1](#FIA_PMG_EXT.1) [FIA\_PMG\_EXT.1](#FIA_PMG_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: There are no [TSS](#abbr_TSS) evaluation activities for this component. There are no [TSS](#abbr_TSS) evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to determine that it provides The evaluator shall examine the AGD to determine that it provides guidance to security administrators on the composition of strong guidance to security administrators on the composition of strong passwords, and that it provides instructions on setting the minimum passwords, and that it provides instructions on setting the minimum password length. The evaluator shall also perform the following tests. password length. The evaluator shall also perform the following tests. Note that one or more of these tests can be performed with a single test Note that one or more of these tests can be performed with a single test case. case. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following test: The evaluator shall perform the following test: The evaluator shall compose passwords that either meet the requirements, The evaluator shall compose passwords that either meet the requirements, or fail to meet the requirements, in some way. For each password, the or fail to meet the requirements, in some way. For each password, the evaluator shall verify that the [TOE](#abbr_TOE) supports the password. evaluator shall verify that the [TOE](#abbr_TOE) supports the password. While the evaluator is not required (nor is it feasible) to test all While the evaluator is not required (nor is it feasible) to test all possible compositions of passwords, the evaluator shall ensure that all possible compositions of passwords, the evaluator shall ensure that all characters, rule characteristics, and a minimum length listed in the characters, rule characteristics, and a minimum length listed in the requirement are supported, and justify the subset of those characters requirement are supported, and justify the subset of those characters chosen for testing. chosen for testing. ::: ::: ::: ::: ::: ::: ::: {#FIA_UAU.5 .comp} ::: {#FIA_UAU.5 .comp} #### FIA\_UAU.5 Multiple Authentication Mechanisms #### FIA\_UAU.5 Multiple Authentication Mechanisms ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FMT\_SMR.1.1](#FMT_SMR.1.1).*** selection in [FMT\_SMR.1.1](#FMT_SMR.1.1).*** ***This component must also be included in the [ST](#abbr_ST) if any of ***This component must also be included in the [ST](#abbr_ST) if any of the following use cases are selected:***\ the following use cases are selected:***\ - ***[Server-Class Platform, Basic](#uc-server-basic)*** - ***[Server-Class Platform, Basic](#uc-server-basic)*** - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** ::: ::: ::: {.element} ::: {.element} ::: {#FIA_UAU.5.1 .reqid} ::: {#FIA_UAU.5.1 .reqid} [FIA\_UAU.5.1](#FIA_UAU.5.1){.abbr} [FIA\_UAU.5.1](#FIA_UAU.5.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall provide password and \[**selection**: *X.509 The [TSF](#abbr_TSF) shall provide password and \[**selection**: *X.509 certificate-based authentication*, *[SSH](#abbr_SSH)-based certificate-based authentication*, *[SSH](#abbr_SSH)-based authentication*, *biometric authentication*, *hybrid authentication*, authentication*, *biometric authentication*, *hybrid authentication*, *no other authentication mechanism*\] to support user authentication. *no other authentication mechanism*\] to support user authentication. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in the [ST](#abbr_ST) if the \"*Administrator*\" role is selected in the [ST](#abbr_ST) if the \"*Administrator*\" role is selected in [FMT\_SMR.1](#FMT_SMR.1), or if the \"*Server-Class Platform, Basic*\" [FMT\_SMR.1](#FMT_SMR.1), or if the \"*Server-Class Platform, Basic*\" or \"*Server-Class Platform, Enhanced*\" use cases are selected.]{.note} or \"*Server-Class Platform, Enhanced*\" use cases are selected.]{.note} A \"user\" in the context of this [SFR](#abbr_SFR) is an Administrator. A \"user\" in the context of this [SFR](#abbr_SFR) is an Administrator. The [TSF](#abbr_TSF) must support a Password Authentication Factor and The [TSF](#abbr_TSF) must support a Password Authentication Factor and may optionally implement a biometric authentication factor. A hybrid may optionally implement a biometric authentication factor. A hybrid authentication factor is where a user has to submit a combination of authentication factor is where a user has to submit a combination of PIN/password and biometric sample where both have to pass and if either PIN/password and biometric sample where both have to pass and if either fails the user is not made aware of which factor failed. fails the user is not made aware of which factor failed. The Password Authentication Factor is configured according to The Password Authentication Factor is configured according to [FIA\_PMG\_EXT.1](#FIA_PMG_EXT.1). If \"hybrid\" is selected, a [FIA\_PMG\_EXT.1](#FIA_PMG_EXT.1). If \"hybrid\" is selected, a biometric modality does not need to be selected, but should be selected biometric modality does not need to be selected, but should be selected if the biometric authentication can be used independent of the hybrid if the biometric authentication can be used independent of the hybrid authentication, i.e. without having to enter a PIN/password. authentication, i.e. without having to enter a PIN/password. If \"*X.509 certificate-based authentication*\" is selected, then the If \"*X.509 certificate-based authentication*\" is selected, then the [ST](#abbr_ST) must include [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) and [ST](#abbr_ST) must include [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) and [FIA\_X509\_EXT.2](#FIA_X509_EXT.2). [FIA\_X509\_EXT.2](#FIA_X509_EXT.2). The [ST](#abbr_ST) Author should select \"*[SSH](#abbr_SSH)-based The [ST](#abbr_ST) Author should select \"*[SSH](#abbr_SSH)-based authentication*\" if the [TOE](#abbr_TOE) supports authentication*\" if the [TOE](#abbr_TOE) supports [SSH](#abbr_SSH)-based authentication, whether public key-, password-, [SSH](#abbr_SSH)-based authentication, whether public key-, password-, or certificate-based. In this case, the [ST](#abbr_ST) should include or certificate-based. In this case, the [ST](#abbr_ST) should include the [Functional Package for Secure Shell (SSH), version the [Functional Package for Secure Shell (SSH), version 1.0](https://www.niap-ccevs.org/Profile/Info.cfm?PPID=389&id=389). 1.0](https://www.niap-ccevs.org/Profile/Info.cfm?PPID=389&id=389). ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FIA_UAU.5.2 .reqid} ::: {#FIA_UAU.5.2 .reqid} [FIA\_UAU.5.2](#FIA_UAU.5.2){.abbr} [FIA\_UAU.5.2](#FIA_UAU.5.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall authenticate any user\'s claimed identity The [TSF](#abbr_TSF) shall authenticate any user\'s claimed identity according to the \[**assignment**: [rules describing how each according to the \[**assignment**: [rules describing how each authentication mechanism selected in [FIA\_UAU.5.1](#FIA_UAU.5.1) authentication mechanism selected in [FIA\_UAU.5.1](#FIA_UAU.5.1) provides authentication]{.assignable-content}\]. provides authentication]{.assignable-content}\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ Rules regarding how the [Application Note: ]{.note-header}[ Rules regarding how the authentication factors interact in terms of unsuccessful authentication authentication factors interact in terms of unsuccessful authentication are covered in [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1). ]{.note} are covered in [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1). ]{.note} ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FIA\_UAU.5](#FIA_UAU.5) [FIA\_UAU.5](#FIA_UAU.5) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall ensure that the [TSS](#abbr_TSS) describes each The evaluator shall ensure that the [TSS](#abbr_TSS) describes each mechanism provided to support user authentication and the rules mechanism provided to support user authentication and the rules describing how the authentication mechanism(s) provide authentication. describing how the authentication mechanism(s) provide authentication. Specifically, for all authentication mechanisms specified in Specifically, for all authentication mechanisms specified in [FIA\_UAU.5.1](#FIA_UAU.5.1), the evaluator shall ensure that the [FIA\_UAU.5.1](#FIA_UAU.5.1), the evaluator shall ensure that the [TSS](#abbr_TSS) describes the rules as to how each authentication [TSS](#abbr_TSS) describes the rules as to how each authentication mechanism is used. Example rules are how the authentication mechanism mechanism is used. Example rules are how the authentication mechanism authenticates the user (i.e. how does the [TSF](#abbr_TSF) verify that authenticates the user (i.e. how does the [TSF](#abbr_TSF) verify that the correct password or biometric sample was entered), the result of a the correct password or biometric sample was entered), the result of a successful authentication (i.e. is the user input used to derive or successful authentication (i.e. is the user input used to derive or unlock a key) and which authentication mechanism can be used at which unlock a key) and which authentication mechanism can be used at which authentication factor interfaces (i.e. if there are times, for example, authentication factor interfaces (i.e. if there are times, for example, after a reboot, that only specific authentication mechanisms can be after a reboot, that only specific authentication mechanisms can be used). If multiple Biometric Authentication Factors ([BAF](#abbr_BAF)) used). If multiple Biometric Authentication Factors ([BAF](#abbr_BAF)) are supported per [FIA\_UAU.5.1](#FIA_UAU.5.1), the interaction between are supported per [FIA\_UAU.5.1](#FIA_UAU.5.1), the interaction between the BAFs must be described. For example, whether the multiple BAFs can the BAFs must be described. For example, whether the multiple BAFs can be enabled at the same time. be enabled at the same time. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall verify that configuration information for each The evaluator shall verify that configuration information for each authentication mechanism is addressed in the AGD guidance. authentication mechanism is addressed in the AGD guidance. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following tests: The evaluator shall perform the following tests: - **Test 1:** For each authentication mechanism selected in - **Test 1:** For each authentication mechanism selected in [FIA\_UAU.5.1](#FIA_UAU.5.1), the evaluator shall enable that [FIA\_UAU.5.1](#FIA_UAU.5.1), the evaluator shall enable that mechanism and verify that it can be used to authenticate the user at mechanism and verify that it can be used to authenticate the user at the specified authentication factor interfaces. the specified authentication factor interfaces. - **Test 2:** For each authentication mechanism rule, the evaluator - **Test 2:** For each authentication mechanism rule, the evaluator shall ensure that the authentication mechanism behaves accordingly. shall ensure that the authentication mechanism behaves accordingly. ::: ::: ::: ::: ::: ::: ::: {#FIA_UAU.7 .comp} ::: {#FIA_UAU.7 .comp} #### FIA\_UAU.7 Protected Authentication Feedback #### FIA\_UAU.7 Protected Authentication Feedback ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FMT\_SMR.1.1](#FMT_SMR.1.1).*** selection in [FMT\_SMR.1.1](#FMT_SMR.1.1).*** ***This component must also be included in the [ST](#abbr_ST) if any of ***This component must also be included in the [ST](#abbr_ST) if any of the following use cases are selected:***\ the following use cases are selected:***\ - ***[Server-Class Platform, Basic](#uc-server-basic)*** - ***[Server-Class Platform, Basic](#uc-server-basic)*** - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** ::: ::: ::: {.element} ::: {.element} ::: {#FIA_UAU.7.1 .reqid} ::: {#FIA_UAU.7.1 .reqid} [FIA\_UAU.7.1](#FIA_UAU.7.1){.abbr} [FIA\_UAU.7.1](#FIA_UAU.7.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall provide only \[*obscured feedback*\] to the The [TSF](#abbr_TSF) shall provide only \[*obscured feedback*\] to the user while the authentication is in progress. user while the authentication is in progress. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in the [ST](#abbr_ST) if the \"*Administrator*\" role is selected in the [ST](#abbr_ST) if the \"*Administrator*\" role is selected in [FMT\_SMR.1](#FMT_SMR.1), or if the \"*Server-Class Platform, Basic*\" [FMT\_SMR.1](#FMT_SMR.1), or if the \"*Server-Class Platform, Basic*\" or \"*Server-Class Platform, Enhanced*\" use cases are selected.]{.note} or \"*Server-Class Platform, Enhanced*\" use cases are selected.]{.note} This requirement applies to all authentication mechanisms specified in This requirement applies to all authentication mechanisms specified in [FIA\_UAU.5.1](#FIA_UAU.5.1) that provide feedback to a user or [FIA\_UAU.5.1](#FIA_UAU.5.1) that provide feedback to a user or Administrator during authentication. Administrator during authentication. For authentication mechanisms that require the user or Administrator to For authentication mechanisms that require the user or Administrator to enter a password or PIN, the [TSF](#abbr_TSF) may briefly (1 second or enter a password or PIN, the [TSF](#abbr_TSF) may briefly (1 second or less) display each character or provide an option to allow the user to less) display each character or provide an option to allow the user to unmask the user input; however, the user input must be obscured by unmask the user input; however, the user input must be obscured by default. default. If a [BAF](#abbr_BAF) is selected in [FIA\_UAU.5.1](#FIA_UAU.5.1), the If a [BAF](#abbr_BAF) is selected in [FIA\_UAU.5.1](#FIA_UAU.5.1), the [TSF](#abbr_TSF) must not display sensitive information regarding the [TSF](#abbr_TSF) must not display sensitive information regarding the biometric that could aid an adversary in identifying or spoofing the biometric that could aid an adversary in identifying or spoofing the respective biometric characteristics of a given human user. While it is respective biometric characteristics of a given human user. While it is true that biometric samples, by themselves, are not secret, the analysis true that biometric samples, by themselves, are not secret, the analysis performed by the respective biometric algorithms, as well as output data performed by the respective biometric algorithms, as well as output data from these biometric algorithms, is considered sensitive and must be from these biometric algorithms, is considered sensitive and must be kept secret. Where applicable, the [TSF](#abbr_TSF) must not reveal or kept secret. Where applicable, the [TSF](#abbr_TSF) must not reveal or make public the reasons for authentication failure. make public the reasons for authentication failure. In the cases of [SSH](#abbr_SSH)- or X.509-based authentication, the In the cases of [SSH](#abbr_SSH)- or X.509-based authentication, the [TSF](#abbr_TSF) must likewise not not display sensitive information [TSF](#abbr_TSF) must likewise not not display sensitive information regarding the authentication factors that could aid an adversary in regarding the authentication factors that could aid an adversary in spoofing or circumventing the authentication protocols. spoofing or circumventing the authentication protocols. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FIA\_UAU.7](#FIA_UAU.7) [FIA\_UAU.7](#FIA_UAU.7) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall ensure that the [TSS](#abbr_TSS) describes the means The evaluator shall ensure that the [TSS](#abbr_TSS) describes the means of obscuring the authentication information for all authentication of obscuring the authentication information for all authentication methods specified in [FIA\_UAU.5.1](#FIA_UAU.5.1). methods specified in [FIA\_UAU.5.1](#FIA_UAU.5.1). ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall verify that any configuration of this requirement is The evaluator shall verify that any configuration of this requirement is addressed in the AGD guidance and that user authentication input is addressed in the AGD guidance and that user authentication input is obscured by default. obscured by default. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following tests: The evaluator shall perform the following tests: - **Test 1:** The evaluator shall enter passwords on the device, - **Test 1:** The evaluator shall enter passwords on the device, including at least the Password Authentication Factor at lockscreen, including at least the Password Authentication Factor at lockscreen, and verify that the password is not displayed on the device. and verify that the password is not displayed on the device. - **Test 2:** \[conditional\] For each Biometric Authentication Factor - **Test 2:** \[conditional\] For each Biometric Authentication Factor ([BAF](#abbr_BAF)) selected in [FIA\_UAU.5.1](#FIA_UAU.5.1), the ([BAF](#abbr_BAF)) selected in [FIA\_UAU.5.1](#FIA_UAU.5.1), the evaluator shall authenticate by producing a biometric sample at evaluator shall authenticate by producing a biometric sample at lockscreen. As the biometric algorithms are performed, the evaluator lockscreen. As the biometric algorithms are performed, the evaluator shall verify that sensitive images, audio, or other information shall verify that sensitive images, audio, or other information identifying the user are kept secret and are not revealed to the identifying the user are kept secret and are not revealed to the user. Additionally, the evaluator shall produce a biometric sample user. Additionally, the evaluator shall produce a biometric sample that fails to authenticate and verify that the reason(s) for that fails to authenticate and verify that the reason(s) for authentication failure (user mismatch, low sample quality, etc.) are authentication failure (user mismatch, low sample quality, etc.) are not revealed to the user. It is acceptable for the [BAF](#abbr_BAF) not revealed to the user. It is acceptable for the [BAF](#abbr_BAF) to state that it was unable to physically read the biometric sample, to state that it was unable to physically read the biometric sample, for example, if the sensor is unclean or the biometric sample was for example, if the sensor is unclean or the biometric sample was removed too quickly. However, specifics regarding why the presented removed too quickly. However, specifics regarding why the presented biometric sample failed authentication shall not be revealed to the biometric sample failed authentication shall not be revealed to the user. \[conditional\] For each [SSH](#abbr_SSH)- or X.509-based user. \[conditional\] For each [SSH](#abbr_SSH)- or X.509-based authentication mechanism, the evaluator shall examine whether the authentication mechanism, the evaluator shall examine whether the [TSF](#abbr_TSF) displays sensitive information during the [TSF](#abbr_TSF) displays sensitive information during the authentication process for both successful and failed authentication authentication process for both successful and failed authentication attempts. attempts. ::: ::: ::: ::: ::: ::: ::: {#FIA_UIA_EXT.1 .comp} ::: {#FIA_UIA_EXT.1 .comp} #### FIA\_UIA\_EXT.1 Administrator Identification and Authentication #### FIA\_UIA\_EXT.1 Administrator Identification and Authentication ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FMT\_SMR.1.1](#FMT_SMR.1.1).*** selection in [FMT\_SMR.1.1](#FMT_SMR.1.1).*** ***This component must also be included in the [ST](#abbr_ST) if any of ***This component must also be included in the [ST](#abbr_ST) if any of the following use cases are selected:***\ the following use cases are selected:***\ - ***[Server-Class Platform, Basic](#uc-server-basic)*** - ***[Server-Class Platform, Basic](#uc-server-basic)*** - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** ::: ::: ::: {.element} ::: {.element} ::: {#FIA_UIA_EXT.1.1 .reqid} ::: {#FIA_UIA_EXT.1.1 .reqid} [FIA\_UIA\_EXT.1.1](#FIA_UIA_EXT.1.1){.abbr} [FIA\_UIA\_EXT.1.1](#FIA_UIA_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall require Administrators to be successfully The [TSF](#abbr_TSF) shall require Administrators to be successfully identified and authenticated using one of the methods in identified and authenticated using one of the methods in [FIA\_UAU.5](#FIA_UAU.5) before allowing any [TSF](#abbr_TSF)-mediated [FIA\_UAU.5](#FIA_UAU.5) before allowing any [TSF](#abbr_TSF)-mediated management function to be performed by that Administrator. management function to be performed by that Administrator. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in the [ST](#abbr_ST) if the \"*Administrator*\" role is selected in the [ST](#abbr_ST) if the \"*Administrator*\" role is selected in [FMT\_SMR.1](#FMT_SMR.1), or if the \"*Server-Class Platform, Basic*\" [FMT\_SMR.1](#FMT_SMR.1), or if the \"*Server-Class Platform, Basic*\" or \"*Server-Class Platform, Enhanced*\" use cases are selected.]{.note} or \"*Server-Class Platform, Enhanced*\" use cases are selected.]{.note} Ordinary unprivileged users of the platform need not authenticate to the Ordinary unprivileged users of the platform need not authenticate to the platform, though they may well have to authenticate themselves to tenant platform, though they may well have to authenticate themselves to tenant software such as an Operating System. software such as an Operating System. The [TSF](#abbr_TSF)-mediated management functions are listed in the The [TSF](#abbr_TSF)-mediated management functions are listed in the management functions table ([Table management functions table ([Table [3]{.counter}](#t-manfunc){.t-manfunc-ref}) in [FMT\_SMF.1](#FMT_SMF.1). [3]{.counter}](#t-manfunc){.t-manfunc-ref}) in [FMT\_SMF.1](#FMT_SMF.1). ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FIA\_UIA\_EXT.1](#FIA_UIA_EXT.1) [FIA\_UIA\_EXT.1](#FIA_UIA_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to determine that it The evaluator shall examine the [TSS](#abbr_TSS) to determine that it describes the logon process for each logon method (local, remote describes the logon process for each logon method (local, remote ([HTTPS](#abbr_HTTPS), [SSH](#abbr_SSH), etc.)) supported for the ([HTTPS](#abbr_HTTPS), [SSH](#abbr_SSH), etc.)) supported for the platform. This description shall contain information pertaining to the platform. This description shall contain information pertaining to the credentials allowed/used, any protocol transactions that take place, and credentials allowed/used, any protocol transactions that take place, and what constitutes a "successful logon." what constitutes a "successful logon." ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to determine that any necessary The evaluator shall examine the AGD to determine that any necessary preparatory steps (e.g., establishing credential material such as preparatory steps (e.g., establishing credential material such as pre-shared keys, tunnels, certificates) to logging in are described. For pre-shared keys, tunnels, certificates) to logging in are described. For each supported login method, the evaluator shall ensure the AGD provides each supported login method, the evaluator shall ensure the AGD provides clear instructions for successfully logging on. If configuration is clear instructions for successfully logging on. If configuration is necessary to ensure the services provided before login are limited, the necessary to ensure the services provided before login are limited, the evaluator shall determine that the AGD provides sufficient instruction evaluator shall determine that the AGD provides sufficient instruction on limiting the allowed services. on limiting the allowed services. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: There are no Test evaluation activities for this component. There are no Test evaluation activities for this component. ::: ::: ::: ::: ::: ::: ::: {#FIA_X509_EXT.1 .comp} ::: {#FIA_X509_EXT.1 .comp} #### FIA\_X509\_EXT.1 X.509 Certificate Validation #### FIA\_X509\_EXT.1 X.509 Certificate Validation ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FIA\_UAU.5.1](#FIA_UAU.5.1), selection in [FIA\_UAU.5.1](#FIA_UAU.5.1), [FTP\_ITC\_EXT.1.1](#FTP_ITC_EXT.1.1).*** [FTP\_ITC\_EXT.1.1](#FTP_ITC_EXT.1.1).*** ***This component must be included in the [ST](#abbr_ST) if any of the ***This component must be included in the [ST](#abbr_ST) if any of the following SFRs are included:***\ following SFRs are included:***\ - ***[FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2)*** - ***[FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2)*** ::: ::: ::: {.element} ::: {.element} ::: {#FIA_X509_EXT.1.1 .reqid} ::: {#FIA_X509_EXT.1.1 .reqid} [FIA\_X509\_EXT.1.1](#FIA_X509_EXT.1.1){.abbr} [FIA\_X509\_EXT.1.1](#FIA_X509_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall validate certificates in accordance with the The [TSF](#abbr_TSF) shall validate certificates in accordance with the following rules: following rules: - [RFC](#abbr_RFC) 5280 certificate validation and certificate path - [RFC](#abbr_RFC) 5280 certificate validation and certificate path validation. validation. - The certificate path must terminate with a trusted certificate. - The certificate path must terminate with a trusted certificate. - The [TOE](#abbr_TOE) shall validate a certificate path by ensuring - The [TOE](#abbr_TOE) shall validate a certificate path by ensuring the presence of the basicConstraints extension, that the CA flag is the presence of the basicConstraints extension, that the CA flag is set to TRUE for all CA certificates, and that any path constraints set to TRUE for all CA certificates, and that any path constraints are met. are met. - The [TSF](#abbr_TSF) shall validate that any CA certificate includes - The [TSF](#abbr_TSF) shall validate that any CA certificate includes caSigning purpose in the key usage field. caSigning purpose in the key usage field. - The [TSF](#abbr_TSF) shall validate revocation status of the - The [TSF](#abbr_TSF) shall validate revocation status of the certificate using \[**selection**: *[OCSP](#abbr_OCSP) as specified certificate using \[**selection**: *[OCSP](#abbr_OCSP) as specified in [RFC](#abbr_RFC) 6960*, *a [CRL](#abbr_CRL) as specified in in [RFC](#abbr_RFC) 6960*, *a [CRL](#abbr_CRL) as specified in [RFC](#abbr_RFC) 8603*, *an [OCSP](#abbr_OCSP) [TLS](#abbr_TLS) [RFC](#abbr_RFC) 8603*, *an [OCSP](#abbr_OCSP) [TLS](#abbr_TLS) Status Request Extension ([OCSP](#abbr_OCSP) stapling) as specified Status Request Extension ([OCSP](#abbr_OCSP) stapling) as specified in [RFC](#abbr_RFC) 6066*, *[OCSP](#abbr_OCSP) [TLS](#abbr_TLS) in [RFC](#abbr_RFC) 6066*, *[OCSP](#abbr_OCSP) [TLS](#abbr_TLS) Multi-Certificate Status Request Extension (i.e., [OCSP](#abbr_OCSP) Multi-Certificate Status Request Extension (i.e., [OCSP](#abbr_OCSP) Multi-Stapling) as specified in [RFC](#abbr_RFC) 6961*\]. Multi-Stapling) as specified in [RFC](#abbr_RFC) 6961*\]. - The [TSF](#abbr_TSF) shall validate the extendedKeyUsage field - The [TSF](#abbr_TSF) shall validate the extendedKeyUsage field according to the following rules: according to the following rules: - Certificates used for trusted updates and executable code - Certificates used for trusted updates and executable code integrity verification shall have the Code Signing Purpose integrity verification shall have the Code Signing Purpose (id-kp 3 with [OID](#abbr_OID) 1.3.6.1.5.5.7.3.3) in the (id-kp 3 with [OID](#abbr_OID) 1.3.6.1.5.5.7.3.3) in the extendedKeyUsage field. extendedKeyUsage field. - Server certificates presented for [TLS](#abbr_TLS) shall have - Server certificates presented for [TLS](#abbr_TLS) shall have the Server Authentication purpose (id-kp 1 with [OID](#abbr_OID) the Server Authentication purpose (id-kp 1 with [OID](#abbr_OID) 1.3.6.1.5.5.7.3.1) in the extendedKeyUsage field. 1.3.6.1.5.5.7.3.1) in the extendedKeyUsage field. - Client certificates presented for [TLS](#abbr_TLS) shall have - Client certificates presented for [TLS](#abbr_TLS) shall have the Client Authentication purpose (id-kp 2 with [OID](#abbr_OID) the Client Authentication purpose (id-kp 2 with [OID](#abbr_OID) 1.3.6.1.5.5.7.3.2) in the EKU field. 1.3.6.1.5.5.7.3.2) in the EKU field. - [OCSP](#abbr_OCSP) certificates presented for [OCSP](#abbr_OCSP) - [OCSP](#abbr_OCSP) certificates presented for [OCSP](#abbr_OCSP) responses shall have the [OCSP](#abbr_OCSP) Signing Purpose responses shall have the [OCSP](#abbr_OCSP) Signing Purpose (id-kp 9 with [OID](#abbr_OID) 1.3.6.1.5.5.7.3.9) in the EKU (id-kp 9 with [OID](#abbr_OID) 1.3.6.1.5.5.7.3.9) in the EKU field. field. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if \"*certificate-based authentication of included in the [ST](#abbr_ST) if \"*certificate-based authentication of the remote peer*\" is selected in [FTP\_ITC\_EXT.1.1](#FTP_ITC_EXT.1.1) the remote peer*\" is selected in [FTP\_ITC\_EXT.1.1](#FTP_ITC_EXT.1.1) or if \"*authentication based on X.509 certificates*\" is selected in or if \"*authentication based on X.509 certificates*\" is selected in [FIA\_UAU.5.1](#FIA_UAU.5.1).]{.note} [FIA\_UAU.5.1](#FIA_UAU.5.1).]{.note} [FIA\_X509\_EXT.1.1](#FIA_X509_EXT.1.1) lists the rules for validating [FIA\_X509\_EXT.1.1](#FIA_X509_EXT.1.1) lists the rules for validating certificates. The [ST](#abbr_ST) Author should select whether revocation certificates. The [ST](#abbr_ST) Author should select whether revocation status is verified using [OCSP](#abbr_OCSP) or CRLs. status is verified using [OCSP](#abbr_OCSP) or CRLs. [FIA\_X509\_EXT.2](#FIA_X509_EXT.2) requires that certificates are used [FIA\_X509\_EXT.2](#FIA_X509_EXT.2) requires that certificates are used for IPsec; this use requires that the extendedKeyUsage rules are for IPsec; this use requires that the extendedKeyUsage rules are verified. Certificates may optionally be used for [SSH](#abbr_SSH), verified. Certificates may optionally be used for [SSH](#abbr_SSH), [TLS](#abbr_TLS), and [HTTPS](#abbr_HTTPS) and, if implemented, must be [TLS](#abbr_TLS), and [HTTPS](#abbr_HTTPS) and, if implemented, must be validated to contain the corresponding extendedKeyUsage. validated to contain the corresponding extendedKeyUsage. [OCSP](#abbr_OCSP) stapling and [OCSP](#abbr_OCSP) multi-stapling [OCSP](#abbr_OCSP) stapling and [OCSP](#abbr_OCSP) multi-stapling support only [TLS](#abbr_TLS) server certificate validation. If other support only [TLS](#abbr_TLS) server certificate validation. If other certificate types are validated, either [OCSP](#abbr_OCSP) or certificate types are validated, either [OCSP](#abbr_OCSP) or [CRL](#abbr_CRL) must be claimed. If [OCSP](#abbr_OCSP) is not supported [CRL](#abbr_CRL) must be claimed. If [OCSP](#abbr_OCSP) is not supported the EKU provision for checking the [OCSP](#abbr_OCSP) Signing purpose is the EKU provision for checking the [OCSP](#abbr_OCSP) Signing purpose is met by default. met by default. Regardless of the selection of [TSF](#abbr_TSF) or [TOE](#abbr_TOE) Regardless of the selection of [TSF](#abbr_TSF) or [TOE](#abbr_TOE) platform, the validation must result in a trusted root CA certificate in platform, the validation must result in a trusted root CA certificate in a root store managed by the platform. a root store managed by the platform. [OCSP](#abbr_OCSP) responses are signed using either the certificate's [OCSP](#abbr_OCSP) responses are signed using either the certificate's issuer's CA certificate or an [OCSP](#abbr_OCSP) certificate issued to issuer's CA certificate or an [OCSP](#abbr_OCSP) certificate issued to an [OCSP](#abbr_OCSP) responder delegated by that issuer to sign an [OCSP](#abbr_OCSP) responder delegated by that issuer to sign [OCSP](#abbr_OCSP) responses. A compliant [TOE](#abbr_TOE) is able to [OCSP](#abbr_OCSP) responses. A compliant [TOE](#abbr_TOE) is able to validate [OCSP](#abbr_OCSP) responses in either case, but the validate [OCSP](#abbr_OCSP) responses in either case, but the [OCSP](#abbr_OCSP) signing extended key usage purpose is only required [OCSP](#abbr_OCSP) signing extended key usage purpose is only required to be checked in [OCSP](#abbr_OCSP) certificates. to be checked in [OCSP](#abbr_OCSP) certificates. ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FIA_X509_EXT.1.2 .reqid} ::: {#FIA_X509_EXT.1.2 .reqid} [FIA\_X509\_EXT.1.2](#FIA_X509_EXT.1.2){.abbr} [FIA\_X509\_EXT.1.2](#FIA_X509_EXT.1.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall only treat a certificate as a CA certificate The [TSF](#abbr_TSF) shall only treat a certificate as a CA certificate if the basicConstraints extension is present and the CA flag is set to if the basicConstraints extension is present and the CA flag is set to TRUE. TRUE. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[This requirement applies to [Application Note: ]{.note-header}[This requirement applies to certificates that are used and processed by the [TSF](#abbr_TSF) and certificates that are used and processed by the [TSF](#abbr_TSF) and restricts the certificates that may be added as trusted CA restricts the certificates that may be added as trusted CA certificates.]{.note} certificates.]{.note} ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall ensure the [TSS](#abbr_TSS) describes where the The evaluator shall ensure the [TSS](#abbr_TSS) describes where the check of validity of the certificates takes place. The evaluator ensures check of validity of the certificates takes place. The evaluator ensures the [TSS](#abbr_TSS) also provides a description of the certificate path the [TSS](#abbr_TSS) also provides a description of the certificate path validation algorithm. validation algorithm. The evaluator shall examine the [TSS](#abbr_TSS) to confirm that it The evaluator shall examine the [TSS](#abbr_TSS) to confirm that it describes the behavior of the [TOE](#abbr_TOE) when a connection cannot describes the behavior of the [TOE](#abbr_TOE) when a connection cannot be established during the validity check of a certificate used in be established during the validity check of a certificate used in establishing a trusted channel. If the requirement that the establishing a trusted channel. If the requirement that the administrator is able to specify the default action, then the evaluator administrator is able to specify the default action, then the evaluator shall ensure that the operational guidance contains instructions on how shall ensure that the operational guidance contains instructions on how this configuration action is performed. this configuration action is performed. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The tests described must be performed in conjunction with the other The tests described must be performed in conjunction with the other Certificate Services evaluation activities, including the uses listed in Certificate Services evaluation activities, including the uses listed in [FIA\_X509\_EXT.2.1](#FIA_X509_EXT.2.1). The tests for the [FIA\_X509\_EXT.2.1](#FIA_X509_EXT.2.1). The tests for the extendedKeyUsage rules are performed in conjunction with the uses that extendedKeyUsage rules are performed in conjunction with the uses that require those rules. require those rules. - **Test 1:** The evaluator shall demonstrate that validating a - **Test 1:** The evaluator shall demonstrate that validating a certificate without a valid certification path results in the certificate without a valid certification path results in the function failing, for each of the following reasons, in turn: function failing, for each of the following reasons, in turn: - by establishing a certificate path in which one of the issuing - by establishing a certificate path in which one of the issuing certificates is not a CA certificate, certificates is not a CA certificate, - by omitting the basicConstraints field in one of the issuing - by omitting the basicConstraints field in one of the issuing certificates, certificates, - by setting the basicConstraints field in an issuing certificate - by setting the basicConstraints field in an issuing certificate to have CA=False, to have CA=False, - by omitting the CA signing bit of the key usage field in an - by omitting the CA signing bit of the key usage field in an issuing certificate, and issuing certificate, and - by setting the path length field of a valid CA field to a value - by setting the path length field of a valid CA field to a value strictly less than the certificate path. strictly less than the certificate path. The evaluator shall then establish a valid certificate path The evaluator shall then establish a valid certificate path consisting of valid CA certificates, and demonstrate that the consisting of valid CA certificates, and demonstrate that the function succeeds. The evaluator shall then remove trust in one of function succeeds. The evaluator shall then remove trust in one of the CA certificates, and show that the function fails. the CA certificates, and show that the function fails. - **Test 2:** The evaluator shall demonstrate that validating an - **Test 2:** The evaluator shall demonstrate that validating an expired certificate results in the function failing. expired certificate results in the function failing. - **Test 3:** The evaluator shall test that the [TOE](#abbr_TOE) can - **Test 3:** The evaluator shall test that the [TOE](#abbr_TOE) can properly handle revoked certificates -- conditional on whether properly handle revoked certificates -- conditional on whether [CRL](#abbr_CRL), [OCSP](#abbr_OCSP), [OCSP](#abbr_OCSP) stapling, [CRL](#abbr_CRL), [OCSP](#abbr_OCSP), [OCSP](#abbr_OCSP) stapling, or [OCSP](#abbr_OCSP) multi-stapling is selected; if multiple or [OCSP](#abbr_OCSP) multi-stapling is selected; if multiple methods are selected, then a test is performed for each method. The methods are selected, then a test is performed for each method. The evaluator has to only test one up in the trust chain (future evaluator has to only test one up in the trust chain (future revisions may require to ensure the validation is done up the entire revisions may require to ensure the validation is done up the entire chain). The evaluator shall ensure that a valid certificate is used, chain). The evaluator shall ensure that a valid certificate is used, and that the validation function succeeds. The evaluator shall then and that the validation function succeeds. The evaluator shall then attempt the test with a certificate that will be revoked (for each attempt the test with a certificate that will be revoked (for each method chosen in the selection) and verify that the validation method chosen in the selection) and verify that the validation function fails. function fails. - **Test 4:** \[conditional\] If any [OCSP](#abbr_OCSP) option is - **Test 4:** \[conditional\] If any [OCSP](#abbr_OCSP) option is selected, the evaluator shall present a delegated [OCSP](#abbr_OCSP) selected, the evaluator shall present a delegated [OCSP](#abbr_OCSP) certificate that does not have the [OCSP](#abbr_OCSP) signing certificate that does not have the [OCSP](#abbr_OCSP) signing purpose and verify that validation of the [OCSP](#abbr_OCSP) purpose and verify that validation of the [OCSP](#abbr_OCSP) response fails. If [CRL](#abbr_CRL) is selected, the evaluator shall response fails. If [CRL](#abbr_CRL) is selected, the evaluator shall configure the CA to sign a [CRL](#abbr_CRL) with a certificate that configure the CA to sign a [CRL](#abbr_CRL) with a certificate that does not have the cRLsign key usage bit set and verify that does not have the cRLsign key usage bit set and verify that validation of the [CRL](#abbr_CRL) fails. validation of the [CRL](#abbr_CRL) fails. - **Test 5:** \[conditional\] If the [TOE](#abbr_TOE) supports EC - **Test 5:** \[conditional\] If the [TOE](#abbr_TOE) supports EC certificates as indicated in [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer), certificates as indicated in [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer), then the evaluator shall establish a valid, trusted certificate then the evaluator shall establish a valid, trusted certificate chain consisting of an EC leaf certificate, an EC Intermediate CA chain consisting of an EC leaf certificate, an EC Intermediate CA certificate not designated as a trust anchor, and an EC certificate certificate not designated as a trust anchor, and an EC certificate designated as a trusted anchor, where the elliptic curve parameters designated as a trusted anchor, where the elliptic curve parameters are specified as a named curve. The evaluator shall confirm that the are specified as a named curve. The evaluator shall confirm that the [TOE](#abbr_TOE) validates the certificate chain. [TOE](#abbr_TOE) validates the certificate chain. - **Test 6:** \[conditional\] If the [TOE](#abbr_TOE) supports EC - **Test 6:** \[conditional\] If the [TOE](#abbr_TOE) supports EC certificates as indicated in [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer), certificates as indicated in [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer), then the evaluator shall replace the intermediate certificate in the then the evaluator shall replace the intermediate certificate in the certificate chain for Test 5 with a modified certificate, where the certificate chain for Test 5 with a modified certificate, where the modified intermediate CA has a public key information field where modified intermediate CA has a public key information field where the EC parameters uses an explicit format version of the Elliptic the EC parameters uses an explicit format version of the Elliptic Curve parameters in the public key information field of the Curve parameters in the public key information field of the intermediate CA certificate from Test 5, and the modified intermediate CA certificate from Test 5, and the modified Intermediate CA certificate is signed by the trusted EC root CA, but Intermediate CA certificate is signed by the trusted EC root CA, but having no other changes. The evaluator shall confirm the having no other changes. The evaluator shall confirm the [TOE](#abbr_TOE) treats the certificate as invalid. [TOE](#abbr_TOE) treats the certificate as invalid. ::: ::: ::: ::: ::: ::: ::: {#FIA_X509_EXT.2 .comp} ::: {#FIA_X509_EXT.2 .comp} #### FIA\_X509\_EXT.2 X.509 Certificate Authentication #### FIA\_X509\_EXT.2 X.509 Certificate Authentication ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FIA\_UAU.5.1](#FIA_UAU.5.1), selection in [FIA\_UAU.5.1](#FIA_UAU.5.1), [FTP\_ITC\_EXT.1.1](#FTP_ITC_EXT.1.1).*** [FTP\_ITC\_EXT.1.1](#FTP_ITC_EXT.1.1).*** ***This component must be included in the [ST](#abbr_ST) if any of the ***This component must be included in the [ST](#abbr_ST) if any of the following SFRs are included:***\ following SFRs are included:***\ - ***[FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1)*** - ***[FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1)*** ::: ::: ::: {.element} ::: {.element} ::: {#FIA_X509_EXT.2.1 .reqid} ::: {#FIA_X509_EXT.2.1 .reqid} [FIA\_X509\_EXT.2.1](#FIA_X509_EXT.2.1){.abbr} [FIA\_X509\_EXT.2.1](#FIA_X509_EXT.2.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall use X.509v3 certificates as defined by The [TSF](#abbr_TSF) shall use X.509v3 certificates as defined by [RFC](#abbr_RFC) 5280 to support authentication for \[**selection**: [RFC](#abbr_RFC) 5280 to support authentication for \[**selection**: *IPsec*, *[TLS](#abbr_TLS)*, *[HTTPS](#abbr_HTTPS)*, *[SSH](#abbr_SSH)*, *IPsec*, *[TLS](#abbr_TLS)*, *[HTTPS](#abbr_HTTPS)*, *[SSH](#abbr_SSH)*, *code signing for system software updates*, *\[**assignment**: [other *code signing for system software updates*, *\[**assignment**: [other uses]{.assignable-content}\]*\] uses]{.assignable-content}\]*\] ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if \"*certificate-based authentication of included in the [ST](#abbr_ST) if \"*certificate-based authentication of the remote peer*\" is selected in [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1), or the remote peer*\" is selected in [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1), or if \"*authentication based on X.509 certificates*\" is selected in if \"*authentication based on X.509 certificates*\" is selected in [FIA\_UAU.5.1](#FIA_UAU.5.1).]{.note} [FIA\_UAU.5.1](#FIA_UAU.5.1).]{.note} This [SFR](#abbr_SFR) must also be included if This [SFR](#abbr_SFR) must also be included if [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) is claimed. [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) is claimed. If \"*[HTTPS](#abbr_HTTPS)*\" is selected, then If \"*[HTTPS](#abbr_HTTPS)*\" is selected, then [FCS\_HTTPS\_EXT.1](#FCS_HTTPS_EXT.1) must be claimed. [FCS\_HTTPS\_EXT.1](#FCS_HTTPS_EXT.1) must be claimed. If \"*IPsec*\" is selected, then [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) If \"*IPsec*\" is selected, then [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1) must be claimed. must be claimed. If \"*[TLS](#abbr_TLS)*\" is selected, then the Functional Package for If \"*[TLS](#abbr_TLS)*\" is selected, then the Functional Package for Transport Layer Security must also be claimed. Transport Layer Security must also be claimed. If \"*[SSH](#abbr_SSH)*\" is selected, then the Functional Package for If \"*[SSH](#abbr_SSH)*\" is selected, then the Functional Package for Secure Shell ([SSH](#abbr_SSH)) must also be claimed. Secure Shell ([SSH](#abbr_SSH)) must also be claimed. ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FIA_X509_EXT.2.2 .reqid} ::: {#FIA_X509_EXT.2.2 .reqid} [FIA\_X509\_EXT.2.2](#FIA_X509_EXT.2.2){.abbr} [FIA\_X509\_EXT.2.2](#FIA_X509_EXT.2.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} When the [TSF](#abbr_TSF) cannot establish a connection to determine the When the [TSF](#abbr_TSF) cannot establish a connection to determine the validity of a certificate, the [TSF](#abbr_TSF) shall \[**selection**: | validity of a certificate, the [TSF](#abbr_TSF) shall \[**selection, *allow the administrator to choose whether to accept the certificate in | choose one of**: *allow the administrator to choose whether to accept these cases*, *accept the certificate*, *not accept the certificate*\]. | the certificate in these cases*, *accept the certificate*, *not accept > the certificate*\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ Often a connection must be [Application Note: ]{.note-header}[ Often a connection must be established to check the revocation status of a certificate - either to established to check the revocation status of a certificate - either to download a [CRL](#abbr_CRL) or to perform a lookup using download a [CRL](#abbr_CRL) or to perform a lookup using [OCSP](#abbr_OCSP). The selection is used to describe the behavior in [OCSP](#abbr_OCSP). The selection is used to describe the behavior in the event that such a connection cannot be established (for example, due the event that such a connection cannot be established (for example, due to a network error). If the [TOE](#abbr_TOE) has determined the to a network error). If the [TOE](#abbr_TOE) has determined the certificate valid according to all other rules in certificate valid according to all other rules in [FIA\_X509\_EXT.1](#FIA_X509_EXT.1), the behavior indicated in the [FIA\_X509\_EXT.1](#FIA_X509_EXT.1), the behavior indicated in the selection determines validity. The [TOE](#abbr_TOE) must not accept the selection determines validity. The [TOE](#abbr_TOE) must not accept the certificate if it fails any of the other validation rules in certificate if it fails any of the other validation rules in [FIA\_X509\_EXT.1](#FIA_X509_EXT.1). If the administrator-configured [FIA\_X509\_EXT.1](#FIA_X509_EXT.1). If the administrator-configured option is selected by the [ST](#abbr_ST) Author, the [ST](#abbr_ST) option is selected by the [ST](#abbr_ST) Author, the [ST](#abbr_ST) Author must ensure that this is also defined as a management function Author must ensure that this is also defined as a management function that is provided by the [TOE](#abbr_TOE). ]{.note} that is provided by the [TOE](#abbr_TOE). ]{.note} ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FIA\_X509\_EXT.2](#FIA_X509_EXT.2) [FIA\_X509\_EXT.2](#FIA_X509_EXT.2) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall check the [TSS](#abbr_TSS) to ensure that it The evaluator shall check the [TSS](#abbr_TSS) to ensure that it describes how the [TOE](#abbr_TOE) chooses which certificates to use, describes how the [TOE](#abbr_TOE) chooses which certificates to use, and any necessary instructions in the administrative guidance for and any necessary instructions in the administrative guidance for configuring the operating environment so that the [TOE](#abbr_TOE) can configuring the operating environment so that the [TOE](#abbr_TOE) can use the certificates. use the certificates. The evaluator shall examine the [TSS](#abbr_TSS) to confirm that it The evaluator shall examine the [TSS](#abbr_TSS) to confirm that it describes the behavior of the [TOE](#abbr_TOE) when a connection cannot describes the behavior of the [TOE](#abbr_TOE) when a connection cannot be established during the validity check of a certificate used in be established during the validity check of a certificate used in establishing a trusted channel. If the requirement that the establishing a trusted channel. If the requirement that the administrator is able to specify the default action, then the evaluator administrator is able to specify the default action, then the evaluator shall ensure that the operational guidance contains instructions on how shall ensure that the operational guidance contains instructions on how this configuration action is performed. this configuration action is performed. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform Test 1 for each function listed in The evaluator shall perform Test 1 for each function listed in [FIA\_X509\_EXT.2.1](#FIA_X509_EXT.2.1) that requires the use of [FIA\_X509\_EXT.2.1](#FIA_X509_EXT.2.1) that requires the use of certificates: certificates: - **Test 1:** The evaluator shall demonstrate that using a certificate - **Test 1:** The evaluator shall demonstrate that using a certificate without a valid certification path results in the function failing. without a valid certification path results in the function failing. Using the administrative guidance, the evaluator shall then load a Using the administrative guidance, the evaluator shall then load a certificate or certificates needed to validate the certificate to be certificate or certificates needed to validate the certificate to be used in the function, and demonstrate that the function succeeds. used in the function, and demonstrate that the function succeeds. The evaluator then shall delete one of the certificates, and show The evaluator then shall delete one of the certificates, and show that the function fails. that the function fails. - **Test 2:** The evaluator shall demonstrate that using a valid - **Test 2:** The evaluator shall demonstrate that using a valid certificate that requires certificate validation checking to be certificate that requires certificate validation checking to be performed in at least some part by communicating with a non-TOE performed in at least some part by communicating with a non-TOE [IT](#abbr_IT) entity. The evaluator shall then manipulate the [IT](#abbr_IT) entity. The evaluator shall then manipulate the environment so that the [TOE](#abbr_TOE) is unable to verify the environment so that the [TOE](#abbr_TOE) is unable to verify the validity of the certificate, and observe that the action selected in validity of the certificate, and observe that the action selected in [FIA\_X509\_EXT.2.2](#FIA_X509_EXT.2.2) is performed. If the [FIA\_X509\_EXT.2.2](#FIA_X509_EXT.2.2) is performed. If the selected action is administrator-configurable, then the evaluator selected action is administrator-configurable, then the evaluator shall follow the operational guidance to determine that all shall follow the operational guidance to determine that all supported administrator-configurable options behave in their supported administrator-configurable options behave in their documented manner. documented manner. ::: ::: ::: ::: ::: ::: B.6 Class: Protection of the TSF (FPT) {#fpt-sel-based .indexable data-level="2"} B.6 Class: Protection of the TSF (FPT) {#fpt-sel-based .indexable data-level="2"} -------------------------------------- -------------------------------------- ::: {#FPT_JTA_EXT.2 .comp} ::: {#FPT_JTA_EXT.2 .comp} #### FPT\_JTA\_EXT.2 JTAG/Debug Port Disablement #### FPT\_JTA\_EXT.2 JTAG/Debug Port Disablement ::: {.statustag} ::: {.statustag} ***This component must also be included in the [ST](#abbr_ST) if any of ***This component must also be included in the [ST](#abbr_ST) if any of the following use cases are selected:***\ the following use cases are selected:***\ - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** - ***[Portable Clients (laptops, tablets), - ***[Portable Clients (laptops, tablets), Enhanced](#uc-client-portable-enhanced)*** Enhanced](#uc-client-portable-enhanced)*** - ***[CSfC EUD](#uc-csfc-eud)*** - ***[CSfC EUD](#uc-csfc-eud)*** - ***[Tactical EUD](#uc-tactical-eud)*** - ***[Tactical EUD](#uc-tactical-eud)*** - ***[IoT Devices](#uc-iot-device)*** - ***[IoT Devices](#uc-iot-device)*** ::: ::: ::: {.element} ::: {.element} ::: {#FPT_JTA_EXT.2.1 .reqid} ::: {#FPT_JTA_EXT.2.1 .reqid} [FPT\_JTA\_EXT.2.1](#FPT_JTA_EXT.2.1){.abbr} [FPT\_JTA\_EXT.2.1](#FPT_JTA_EXT.2.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall \[**selection**: *disable access through | The [TSF](#abbr_TSF) shall \[**selection, choose one of**: *disable hardware*, *control access by a signing key*\] to [JTAG](#abbr_JTAG) or | access through hardware*, *control access by a signing key*\] to other debug interfaces. | [JTAG](#abbr_JTAG) or other debug interfaces. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This requirement should be included [Application Note: ]{.note-header}[ This requirement should be included in the [ST](#abbr_ST) for use cases that include the threat in the [ST](#abbr_ST) for use cases that include the threat [T.PHYSICAL](#T.PHYSICAL). ]{.note} [T.PHYSICAL](#T.PHYSICAL). ]{.note} ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: If \"*disable access through hardware*\" is selected:\ If \"*disable access through hardware*\" is selected:\ The evaluator shall examine the [TSS](#abbr_TSS) to determine the The evaluator shall examine the [TSS](#abbr_TSS) to determine the location of the [JTAG](#abbr_JTAG) ports on the [TSF](#abbr_TSF), to location of the [JTAG](#abbr_JTAG) ports on the [TSF](#abbr_TSF), to include the order of the ports (i.e. Data In, Data Out, Clock, etc.). include the order of the ports (i.e. Data In, Data Out, Clock, etc.). If \"*control access by a signing key*\" is selected:\ If \"*control access by a signing key*\" is selected:\ The evaluator shall examine the [TSS](#abbr_TSS) to determine how access The evaluator shall examine the [TSS](#abbr_TSS) to determine how access to the [JTAG](#abbr_JTAG) is controlled by a signing key. The evaluator to the [JTAG](#abbr_JTAG) is controlled by a signing key. The evaluator shall examine the [TSS](#abbr_TSS) to determine when the shall examine the [TSS](#abbr_TSS) to determine when the [JTAG](#abbr_JTAG) can be accessed, i.e. what has the access to the [JTAG](#abbr_JTAG) can be accessed, i.e. what has the access to the signing key. signing key. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The following test requires the developer to provide access to a test The following test requires the developer to provide access to a test platform that provides the evaluator with chip level access. platform that provides the evaluator with chip level access. \[conditional\] If \"*disable access through hardware*\" is selected:\ \[conditional\] If \"*disable access through hardware*\" is selected:\ The evaluator shall connect a packet analyzer to the [JTAG](#abbr_JTAG) The evaluator shall connect a packet analyzer to the [JTAG](#abbr_JTAG) ports. The evaluator shall query the [JTAG](#abbr_JTAG) port for its ports. The evaluator shall query the [JTAG](#abbr_JTAG) port for its device ID and confirm that the device ID cannot be retrieved. device ID and confirm that the device ID cannot be retrieved. ::: ::: ::: ::: ::: ::: ::: {#FPT_PHP.1 .comp} ::: {#FPT_PHP.1 .comp} #### FPT\_PHP.1 Passive detection of physical attack #### FPT\_PHP.1 Passive detection of physical attack ::: {.statustag} ::: {.statustag} ***This component must also be included in the [ST](#abbr_ST) if any of ***This component must also be included in the [ST](#abbr_ST) if any of the following use cases are selected:***\ the following use cases are selected:***\ - ***[Portable Clients (laptops, tablets), - ***[Portable Clients (laptops, tablets), Enhanced](#uc-client-portable-enhanced)*** Enhanced](#uc-client-portable-enhanced)*** - ***[CSfC EUD](#uc-csfc-eud)*** - ***[CSfC EUD](#uc-csfc-eud)*** - ***[IoT Devices](#uc-iot-device)*** - ***[IoT Devices](#uc-iot-device)*** ::: ::: ::: {.element} ::: {.element} ::: {#FPT_PHP.1.1 .reqid} ::: {#FPT_PHP.1.1 .reqid} [FPT\_PHP.1.1](#FPT_PHP.1.1){.abbr} [FPT\_PHP.1.1](#FPT_PHP.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall provide unambiguous detection of physical The [TSF](#abbr_TSF) shall provide unambiguous detection of physical tampering that might compromise the [TSF](#abbr_TSF). tampering that might compromise the [TSF](#abbr_TSF). ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FPT_PHP.1.2 .reqid} ::: {#FPT_PHP.1.2 .reqid} [FPT\_PHP.1.2](#FPT_PHP.1.2){.abbr} [FPT\_PHP.1.2](#FPT_PHP.1.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall provide the capability to determine whether The [TSF](#abbr_TSF) shall provide the capability to determine whether physical tampering with the [TSF](#abbr_TSF)\'s devices or physical tampering with the [TSF](#abbr_TSF)\'s devices or [TSF](#abbr_TSF)\'s elements has occurred. [TSF](#abbr_TSF)\'s elements has occurred. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) should be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) should be included in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) implements the included in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) implements the following use cases:]{.note} following use cases:]{.note} 1. Portable Clients (laptops, tablets), Enhanced 1. Portable Clients (laptops, tablets), Enhanced 2. [CSfC](#abbr_CSfC) [EUD](#abbr_EUD) 2. [CSfC](#abbr_CSfC) [EUD](#abbr_EUD) 3. [IoT](#abbr_IoT) Devices 3. [IoT](#abbr_IoT) Devices ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FPT\_PHP.1](#FPT_PHP.1) [FPT\_PHP.1](#FPT_PHP.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to ensure it describes The evaluator shall examine the [TSS](#abbr_TSS) to ensure it describes the methods used by the [TOE](#abbr_TOE) to detect physical tampering the methods used by the [TOE](#abbr_TOE) to detect physical tampering and how tampering is indicated when detected. and how tampering is indicated when detected. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall ensure that the AGD describes how the The evaluator shall ensure that the AGD describes how the [TOE](#abbr_TOE) indicates to users and Administrators that it has [TOE](#abbr_TOE) indicates to users and Administrators that it has detected tampering. detected tampering. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall verify that attempts to open the [TOE](#abbr_TOE) The evaluator shall verify that attempts to open the [TOE](#abbr_TOE) enclosure result in indications consistent with the operational enclosure result in indications consistent with the operational guidance. Such indications could include damaged tamper seals, logged guidance. Such indications could include damaged tamper seals, logged events, or other physical or electronic manifestations. events, or other physical or electronic manifestations. ::: ::: ::: ::: ::: ::: ::: {#FPT_PHP.2 .comp} ::: {#FPT_PHP.2 .comp} #### FPT\_PHP.2 Notification of Physical Attack #### FPT\_PHP.2 Notification of Physical Attack ::: {.statustag} ::: {.statustag} ***This component must also be included in the [ST](#abbr_ST) if any of ***This component must also be included in the [ST](#abbr_ST) if any of the following use cases are selected:***\ the following use cases are selected:***\ - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** - ***[CSfC EUD](#uc-csfc-eud)*** - ***[CSfC EUD](#uc-csfc-eud)*** ::: ::: ::: {.element} ::: {.element} ::: {#FPT_PHP.2.1 .reqid} ::: {#FPT_PHP.2.1 .reqid} [FPT\_PHP.2.1](#FPT_PHP.2.1){.abbr} [FPT\_PHP.2.1](#FPT_PHP.2.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall provide unambiguous detection of physical The [TSF](#abbr_TSF) shall provide unambiguous detection of physical tampering that might compromise the [TSF](#abbr_TSF). tampering that might compromise the [TSF](#abbr_TSF). ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FPT_PHP.2.2 .reqid} ::: {#FPT_PHP.2.2 .reqid} [FPT\_PHP.2.2](#FPT_PHP.2.2){.abbr} [FPT\_PHP.2.2](#FPT_PHP.2.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall provide the capability to determine whether The [TSF](#abbr_TSF) shall provide the capability to determine whether physical tampering with the [TSF](#abbr_TSF)\'s devices or physical tampering with the [TSF](#abbr_TSF)\'s devices or [TSF](#abbr_TSF)\'s elements has occurred. [TSF](#abbr_TSF)\'s elements has occurred. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FPT_PHP.2.3 .reqid} ::: {#FPT_PHP.2.3 .reqid} [FPT\_PHP.2.3](#FPT_PHP.2.3){.abbr} [FPT\_PHP.2.3](#FPT_PHP.2.3){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} For \[**assignment**: [list of [TSF](#abbr_TSF) devices/elements for For \[**assignment**: [list of [TSF](#abbr_TSF) devices/elements for which active detection is required]{.assignable-content}\], the which active detection is required]{.assignable-content}\], the [TSF](#abbr_TSF) shall monitor the devices and elements and notify [TSF](#abbr_TSF) shall monitor the devices and elements and notify \[**assignment**: [a designated user or role]{.assignable-content}\] \[**assignment**: [a designated user or role]{.assignable-content}\] when physical tampering with the [TSF](#abbr_TSF)\'s devices or when physical tampering with the [TSF](#abbr_TSF)\'s devices or [TSF](#abbr_TSF)\'s elements has occurred. [TSF](#abbr_TSF)\'s elements has occurred. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) should be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) should be included in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) implements the included in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) implements the following use cases:]{.note} following use cases:]{.note} 1. Server-Class Platform, Enhanced 1. Server-Class Platform, Enhanced 2. [CSfC](#abbr_CSfC) [EUD](#abbr_EUD) 2. [CSfC](#abbr_CSfC) [EUD](#abbr_EUD) ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FPT\_PHP.2](#FPT_PHP.2) [FPT\_PHP.2](#FPT_PHP.2) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to ensure it describes The evaluator shall examine the [TSS](#abbr_TSS) to ensure it describes the methods used by the [TOE](#abbr_TOE) to detect physical tampering the methods used by the [TOE](#abbr_TOE) to detect physical tampering and how the [TOE](#abbr_TOE) will respond when physical tampering has and how the [TOE](#abbr_TOE) will respond when physical tampering has been detected for each device/element specified in been detected for each device/element specified in [FPT\_PHP.2.3](#FPT_PHP.2.3). [FPT\_PHP.2.3](#FPT_PHP.2.3). ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall ensure that the AGD describes how the The evaluator shall ensure that the AGD describes how the [TOE](#abbr_TOE) notifies users or Administrators that it has detected [TOE](#abbr_TOE) notifies users or Administrators that it has detected tampering. tampering. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following tests: The evaluator shall perform the following tests: - **Test 1:** The evaluator shall verify that attempts to open the - **Test 1:** The evaluator shall verify that attempts to open the [TOE](#abbr_TOE) enclosure result in indications consistent with the [TOE](#abbr_TOE) enclosure result in indications consistent with the operational guidance. Such indications could include damaged tamper operational guidance. Such indications could include damaged tamper seals, logged events, or other physical or electronic seals, logged events, or other physical or electronic manifestations. manifestations. - **Test 2:** For each device/element listed in - **Test 2:** For each device/element listed in [FPT\_PHP.2.3](#FPT_PHP.2.3), the evaluator shall verify that [FPT\_PHP.2.3](#FPT_PHP.2.3), the evaluator shall verify that attempts to physically tamper with the device/element results in attempts to physically tamper with the device/element results in notification to the designated users or roles consistent with the notification to the designated users or roles consistent with the operational guidance. operational guidance. ::: ::: ::: ::: ::: ::: ::: {#FPT_PHP.3 .comp} ::: {#FPT_PHP.3 .comp} #### FPT\_PHP.3 Resistance to Physical Attack #### FPT\_PHP.3 Resistance to Physical Attack ::: {.statustag} ::: {.statustag} ***This component must also be included in the [ST](#abbr_ST) if any of ***This component must also be included in the [ST](#abbr_ST) if any of the following use cases are selected:***\ the following use cases are selected:***\ - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** - ***[Server-Class Platform, Enhanced](#uc-server-enhanced)*** - ***[Tactical EUD](#uc-tactical-eud)*** - ***[Tactical EUD](#uc-tactical-eud)*** ::: ::: ::: {.element} ::: {.element} ::: {#FPT_PHP.3.1 .reqid} ::: {#FPT_PHP.3.1 .reqid} [FPT\_PHP.3.1](#FPT_PHP.3.1){.abbr} [FPT\_PHP.3.1](#FPT_PHP.3.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall resist \[**assignment**: [physical tampering The [TSF](#abbr_TSF) shall resist \[**assignment**: [physical tampering scenarios]{.assignable-content}\] to the \[**assignment**: [list of scenarios]{.assignable-content}\] to the \[**assignment**: [list of [TSF](#abbr_TSF) devices/elements]{.assignable-content}\] by responding [TSF](#abbr_TSF) devices/elements]{.assignable-content}\] by responding automatically such that the SFRs are always enforced. automatically such that the SFRs are always enforced. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) should be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) should be included in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) implements the included in the [ST](#abbr_ST) if the [TOE](#abbr_TOE) implements the following use cases:]{.note} following use cases:]{.note} 1. Server-Class Platform, Enhanced 1. Server-Class Platform, Enhanced 2. Tactical [EUD](#abbr_EUD) 2. Tactical [EUD](#abbr_EUD) ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FPT\_PHP.3](#FPT_PHP.3) [FPT\_PHP.3](#FPT_PHP.3) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to ensure it describes The evaluator shall examine the [TSS](#abbr_TSS) to ensure it describes the methods used by the [TOE](#abbr_TOE) to detect physical tampering the methods used by the [TOE](#abbr_TOE) to detect physical tampering and how the [TOE](#abbr_TOE) will respond when physical tampering has and how the [TOE](#abbr_TOE) will respond when physical tampering has been detected such that SFRs are always enforced. been detected such that SFRs are always enforced. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to ensure that it describes the The evaluator shall examine the AGD to ensure that it describes the expected response of the [TOE](#abbr_TOE) when physical tampering is expected response of the [TOE](#abbr_TOE) when physical tampering is detected. detected. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following test: The evaluator shall perform the following test: For each physical tampering scenario and device/element listed in For each physical tampering scenario and device/element listed in [FPT\_PHP.3.1](#FPT_PHP.3.1), the evaluator shall verify that tampering [FPT\_PHP.3.1](#FPT_PHP.3.1), the evaluator shall verify that tampering attempts result in a response from the [TSF](#abbr_TSF) consistent with attempts result in a response from the [TSF](#abbr_TSF) consistent with the operational guidance. the operational guidance. ::: ::: ::: ::: ::: ::: ::: {#FPT_RVR_EXT.1 .comp} ::: {#FPT_RVR_EXT.1 .comp} #### FPT\_RVR\_EXT.1 Platform Firmware Recovery #### FPT\_RVR\_EXT.1 Platform Firmware Recovery ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FPT\_ROT\_EXT.2.2](#FPT_ROT_EXT.2.2), selection in [FPT\_ROT\_EXT.2.2](#FPT_ROT_EXT.2.2), [FPT\_TUD\_EXT.2.5](#FPT_TUD_EXT.2.5), [FPT\_TUD\_EXT.2.5](#FPT_TUD_EXT.2.5), [FPT\_TUD\_EXT.3.4](#FPT_TUD_EXT.3.4).*** [FPT\_TUD\_EXT.3.4](#FPT_TUD_EXT.3.4).*** ::: ::: ::: {.element} ::: {.element} ::: {#FPT_RVR_EXT.1.1 .reqid} ::: {#FPT_RVR_EXT.1.1 .reqid} [FPT\_RVR\_EXT.1.1](#FPT_RVR_EXT.1.1){.abbr} [FPT\_RVR\_EXT.1.1](#FPT_RVR_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall implement a mechanism for recovering from The [TSF](#abbr_TSF) shall implement a mechanism for recovering from boot firmware failure consisting of \[**selection**: boot firmware failure consisting of \[**selection**: - *the secure local update mechanism described in - *the secure local update mechanism described in [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4)*, [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4)*, - *installation of a known-good or recovery firmware image*, - *installation of a known-good or recovery firmware image*, - *reversion to the prior firmware image*, - *reversion to the prior firmware image*, - *installation of a recovery image that puts the [TOE](#abbr_TOE) - *installation of a recovery image that puts the [TOE](#abbr_TOE) into a maintenance mode* into a maintenance mode* \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if: ]{.note} included in the [ST](#abbr_ST) if: ]{.note} - \"*Initiate a recovery process as specified in - \"*Initiate a recovery process as specified in [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)*\" is selected in [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)*\" is selected in [FPT\_ROT\_EXT.2.2](#FPT_ROT_EXT.2.2), [FPT\_ROT\_EXT.2.2](#FPT_ROT_EXT.2.2), - \"*Initiate a recovery process as specified in - \"*Initiate a recovery process as specified in [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)*\" is selected in [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)*\" is selected in [FPT\_TUD\_EXT.2.5](#FPT_TUD_EXT.2.5), [FPT\_TUD\_EXT.2.5](#FPT_TUD_EXT.2.5), - \"*Initiate a recovery process as specified in - \"*Initiate a recovery process as specified in [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)*\" is selected in [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)*\" is selected in [FPT\_TUD\_EXT.3.4](#FPT_TUD_EXT.3.4), [FPT\_TUD\_EXT.3.4](#FPT_TUD_EXT.3.4), - The [TOE](#abbr_TOE) implements a recovery mechanism for firmware - The [TOE](#abbr_TOE) implements a recovery mechanism for firmware corruption not necessarily related to integrity or update failure. corruption not necessarily related to integrity or update failure. If the [ST](#abbr_ST) Author selects \"*the secure local update If the [ST](#abbr_ST) Author selects \"*the secure local update mechanism described in [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4)*,\" then mechanism described in [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4)*,\" then [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) must be claimed in the [ST](#abbr_ST). [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) must be claimed in the [ST](#abbr_ST). As indicated above, in addition to integrity or update failure, the As indicated above, in addition to integrity or update failure, the [TOE](#abbr_TOE) may use a recovery mechanism to deal with [TOE](#abbr_TOE) may use a recovery mechanism to deal with non-security-related failures, such as a power outage during update or a non-security-related failures, such as a power outage during update or a power surge during normal operation. power surge during normal operation. The recovery process may be initiated automatically on failure, as the The recovery process may be initiated automatically on failure, as the result of physically present user action, or as the result of result of physically present user action, or as the result of pre-configured policy. The action taken may depend on the nature of the pre-configured policy. The action taken may depend on the nature of the failure as specified in [FPT\_ROT\_EXT.2.2](#FPT_ROT_EXT.2.2) and failure as specified in [FPT\_ROT\_EXT.2.2](#FPT_ROT_EXT.2.2) and [FPT\_TUD\_EXT.2.5](#FPT_TUD_EXT.2.5). [FPT\_TUD\_EXT.2.5](#FPT_TUD_EXT.2.5). ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1) [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) section to confirm that The evaluator shall examine the [TSS](#abbr_TSS) section to confirm that it describes how the platform firmware recovery mechanism works and the it describes how the platform firmware recovery mechanism works and the conditions under which it is invoked. conditions under which it is invoked. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to ensure that is describes how to The evaluator shall examine the AGD to ensure that is describes how to configure the conditions under which the recovery mechanism is initiated configure the conditions under which the recovery mechanism is initiated (if configurable). (if configurable). ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following tests: The evaluator shall perform the following tests: - **Test 1:** To test this requirement, the evaluator shall trigger - **Test 1:** To test this requirement, the evaluator shall trigger the recovery process either by forcing an update error or a boot the recovery process either by forcing an update error or a boot integrity failure and observing that the recovery process has been integrity failure and observing that the recovery process has been initiated. initiated. - **Test 2:** The evaluator will engage with the recovery process as - **Test 2:** The evaluator will engage with the recovery process as necessary, and after recovery will determine the version of the necessary, and after recovery will determine the version of the current firmware image. The test is passed if the resultant image is current firmware image. The test is passed if the resultant image is as expected in accordance with policy and the selections in as expected in accordance with policy and the selections in [FPT\_RVR\_EXT.1.1](#FPT_RVR_EXT.1.1). If the recovery process uses [FPT\_RVR\_EXT.1.1](#FPT_RVR_EXT.1.1). If the recovery process uses the secure local update process as specified in the secure local update process as specified in [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4), then this test is satisfied by [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4), then this test is satisfied by testing of that requirement. testing of that requirement. ::: ::: ::: ::: ::: ::: ::: {#FPT_TUD_EXT.2 .comp} ::: {#FPT_TUD_EXT.2 .comp} #### FPT\_TUD\_EXT.2 Platform Firmware Authenticated Update Mechanism #### FPT\_TUD\_EXT.2 Platform Firmware Authenticated Update Mechanism ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1).*** selection in [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1).*** ::: ::: ::: {.element} ::: {.element} ::: {#FPT_TUD_EXT.2.1 .reqid} ::: {#FPT_TUD_EXT.2.1 .reqid} [FPT\_TUD\_EXT.2.1](#FPT_TUD_EXT.2.1){.abbr} [FPT\_TUD\_EXT.2.1](#FPT_TUD_EXT.2.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall authenticate the source of all platform The [TSF](#abbr_TSF) shall authenticate the source of all platform firmware updates using a digital signature algorithm specified in firmware updates using a digital signature algorithm specified in [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) and using a key store that [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) and using a key store that contains \[**selection**: *the public key*, *hash value of the public contains \[**selection**: *the public key*, *hash value of the public key*\]. key*\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be included in the [ST](#abbr_ST) if \"*an authenticated platform firmware included in the [ST](#abbr_ST) if \"*an authenticated platform firmware update mechanism as described in [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2)*\" is update mechanism as described in [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2)*\" is selected in [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1).]{.note} selected in [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1).]{.note} The [ST](#abbr_ST) must include [FCS\_COP.1/Hash](#FCS_COP.1/Hash) if The [ST](#abbr_ST) must include [FCS\_COP.1/Hash](#FCS_COP.1/Hash) if \"*hash value of the public key*\" is selected. \"*hash value of the public key*\" is selected. ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FPT_TUD_EXT.2.2 .reqid} ::: {#FPT_TUD_EXT.2.2 .reqid} [FPT\_TUD\_EXT.2.2](#FPT_TUD_EXT.2.2){.abbr} [FPT\_TUD\_EXT.2.2](#FPT_TUD_EXT.2.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall allow installation of updates only if the The [TSF](#abbr_TSF) shall allow installation of updates only if the digital signature has been successfully verified as specified in digital signature has been successfully verified as specified in [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) and \[**selection**: *the version [FCS\_COP.1/SigVer](#FCS_COP.1/SigVer) and \[**selection**: *the version number of the platform firmware update is more recent than the version number of the platform firmware update is more recent than the version number of the current installed platform firmware*, *no other number of the current installed platform firmware*, *no other conditions*\]. conditions*\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ The [ST](#abbr_ST) Author should [Application Note: ]{.note-header}[ The [ST](#abbr_ST) Author should select \"*the version number\...*\" if the [TSF](#abbr_TSF) supports select \"*the version number\...*\" if the [TSF](#abbr_TSF) supports rollback prevention. That is, the [TSF](#abbr_TSF) does not allow rollback prevention. That is, the [TSF](#abbr_TSF) does not allow \"update\" to an older version of the platform firmware. In general, \"update\" to an older version of the platform firmware. In general, rollback should be permitted only through a secure local update rollback should be permitted only through a secure local update mechanism at the express direction of an physically present mechanism at the express direction of an physically present Administrator or User. ]{.note} Administrator or User. ]{.note} ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FPT_TUD_EXT.2.3 .reqid} ::: {#FPT_TUD_EXT.2.3 .reqid} [FPT\_TUD\_EXT.2.3](#FPT_TUD_EXT.2.3){.abbr} [FPT\_TUD\_EXT.2.3](#FPT_TUD_EXT.2.3){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall include a platform firmware version The [TSF](#abbr_TSF) shall include a platform firmware version identifier that is accessible by the update mechanism and includes identifier that is accessible by the update mechanism and includes information that enables the update mechanism to determine the relative information that enables the update mechanism to determine the relative order of updates. order of updates. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FPT_TUD_EXT.2.4 .reqid} ::: {#FPT_TUD_EXT.2.4 .reqid} [FPT\_TUD\_EXT.2.4](#FPT_TUD_EXT.2.4){.abbr} [FPT\_TUD\_EXT.2.4](#FPT_TUD_EXT.2.4){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall provide an observable indication of the The [TSF](#abbr_TSF) shall provide an observable indication of the success or failure of the update operation. success or failure of the update operation. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ For success, this indication should [Application Note: ]{.note-header}[ For success, this indication should include the version number of the newly installed firmware. Notification include the version number of the newly installed firmware. Notification of failure could include generation of an audit event by a management of failure could include generation of an audit event by a management subsystem, a beep code, an updated version number on a splash screen, or subsystem, a beep code, an updated version number on a splash screen, or simple failure to continue functioning. ]{.note} simple failure to continue functioning. ]{.note} ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FPT_TUD_EXT.2.5 .reqid} ::: {#FPT_TUD_EXT.2.5 .reqid} [FPT\_TUD\_EXT.2.5](#FPT_TUD_EXT.2.5){.abbr} [FPT\_TUD\_EXT.2.5](#FPT_TUD_EXT.2.5){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TOE](#abbr_TOE) shall take the following actions if a platform The [TOE](#abbr_TOE) shall take the following actions if a platform firmware integrity, authenticity, or rollback-prevention check fails, or firmware integrity, authenticity, or rollback-prevention check fails, or a platform firmware update fails for any other reason: a platform firmware update fails for any other reason: - Do not install the update, - Do not install the update, - Notify an \[**selection**: *Administrator*, *User*\] by - Notify an \[**selection**: *Administrator*, *User*\] by \[**selection**: *generating an audit event*, *\[**assignment**: \[**selection**: *generating an audit event*, *\[**assignment**: [notification method]{.assignable-content}\]*\], [notification method]{.assignable-content}\]*\], and \[**selection**: | and \[**selection, choose one of**: - *Continue execution*, - *Continue execution*, - *Halt*, - *Halt*, - *Stop all execution and shut down*, - *Stop all execution and shut down*, - *Initiate recovery as specified in - *Initiate recovery as specified in [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)* [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)* \] \[**selection**: | \] \[**selection, choose one of**: - *automatically*, - *automatically*, - *in accordance with administrator-configurable policy*, - *in accordance with administrator-configurable policy*, - *by express determination of an \[**selection**: *Administrator*, - *by express determination of an \[**selection**: *Administrator*, *User*\]* *User*\]* \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ If \"*generating an audit event*\" [Application Note: ]{.note-header}[ If \"*generating an audit event*\" is selected, then [FAU\_GEN.1](#FAU_GEN.1) and the other audit is selected, then [FAU\_GEN.1](#FAU_GEN.1) and the other audit requirements must be claimed.]{.note} requirements must be claimed.]{.note} If \"*Initiate recovery as specified in If \"*Initiate recovery as specified in [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)*\" is selected, then [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)*\" is selected, then [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1) must be included in the [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1) must be included in the [ST](#abbr_ST). [ST](#abbr_ST). The platform firmware authenticated update mechanism employs digital The platform firmware authenticated update mechanism employs digital signatures to ensure the authenticity of the firmware update image. The signatures to ensure the authenticity of the firmware update image. The [TSF](#abbr_TSF) includes a signature verification algorithm and a key [TSF](#abbr_TSF) includes a signature verification algorithm and a key store containing the public key needed to verify the signature on the store containing the public key needed to verify the signature on the firmware update image. firmware update image. A hash of the public key may be stored if a copy of the public key is A hash of the public key may be stored if a copy of the public key is provided with firmware update images. In this case, the update mechanism provided with firmware update images. In this case, the update mechanism hashes the public key provided with the update image, and ensure that it hashes the public key provided with the update image, and ensure that it matches a hash which appears in the key store before using the provided matches a hash which appears in the key store before using the provided public key to verify the signature of the update image. If the hash of public key to verify the signature of the update image. If the hash of the public key is selected, the [ST](#abbr_ST) Author may iterate the the public key is selected, the [ST](#abbr_ST) Author may iterate the [FCS\_COP.1/Hash](#FCS_COP.1/Hash) requirement to specify the hashing [FCS\_COP.1/Hash](#FCS_COP.1/Hash) requirement to specify the hashing functions used. functions used. An indication of success or failure can be generation of an audit event An indication of success or failure can be generation of an audit event by a management subsystem, a beep code, an updated version number on a by a management subsystem, a beep code, an updated version number on a splash screen, or simple failure to continue functioning. splash screen, or simple failure to continue functioning. If the update mechanism generates audit events, the [ST](#abbr_ST) If the update mechanism generates audit events, the [ST](#abbr_ST) Author must make the appropriate selections from the audit events table Author must make the appropriate selections from the audit events table ([Table [8]{.counter}](#t-audit-sel-based){.t-audit-sel-based-ref}). ([Table [8]{.counter}](#t-audit-sel-based){.t-audit-sel-based-ref}). ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall ensure that the [TSS](#abbr_TSS) includes a The evaluator shall ensure that the [TSS](#abbr_TSS) includes a comprehensive description of how the authentication of platform firmware comprehensive description of how the authentication of platform firmware updates is implemented by the [TSF](#abbr_TSF). The [TSS](#abbr_TSS) updates is implemented by the [TSF](#abbr_TSF). The [TSS](#abbr_TSS) should cover the initialization process and the activities that are should cover the initialization process and the activities that are performed to ensure that the digital signature of the update image is performed to ensure that the digital signature of the update image is verified before modification of the firmware. verified before modification of the firmware. The evaluator shall examine the [TSF](#abbr_TSF) to ensure that it The evaluator shall examine the [TSF](#abbr_TSF) to ensure that it describes the platform firmware version identifier and explains its describes the platform firmware version identifier and explains its meaning and encoding. meaning and encoding. The evaluator shall also ensure that the [TSS](#abbr_TSS) describes the The evaluator shall also ensure that the [TSS](#abbr_TSS) describes the actions taken by the [TSF](#abbr_TSF) is an update image fails actions taken by the [TSF](#abbr_TSF) is an update image fails authentication. authentication. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to ensure that it describes the The evaluator shall examine the AGD to ensure that it describes the process for updating the platform firmware. process for updating the platform firmware. The evaluator shall examine the AGD to ensure that it documents the The evaluator shall examine the AGD to ensure that it documents the observable indications of update success or failure, and that it observable indications of update success or failure, and that it describes how to access the platform firmware version indicators. describes how to access the platform firmware version indicators. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following tests: The evaluator shall perform the following tests: - **Test 1:** The evaluator determines the current version of the - **Test 1:** The evaluator determines the current version of the platform firmware, and obtains or produces a valid, authentic, and platform firmware, and obtains or produces a valid, authentic, and permissible update image of platform firmware. The evaluator permissible update image of platform firmware. The evaluator initiates an update using this image through the process described initiates an update using this image through the process described in the operational guidance. After the process is complete, the in the operational guidance. After the process is complete, the evaluator checks the current firmware version to ensure that the new evaluator checks the current firmware version to ensure that the new firmware version matches that of the update. firmware version matches that of the update. - **Test 2:** The evaluator performs the same test, this time using a - **Test 2:** The evaluator performs the same test, this time using a valid update image that is signed with an incorrect key. The update valid update image that is signed with an incorrect key. The update must fail. must fail. - **Test 3:** The evaluator performs the same test, this time using an - **Test 3:** The evaluator performs the same test, this time using an update image that is corrupted but is signed with the correct key. update image that is corrupted but is signed with the correct key. The update must fail. The update must fail. - **Test 4:** The evaluator performs the same test, this time using a - **Test 4:** The evaluator performs the same test, this time using a valid update image that is not signed. The update must fail. valid update image that is not signed. The update must fail. - **Test 5:** \[conditional\] If the [TSF](#abbr_TSF) implements - **Test 5:** \[conditional\] If the [TSF](#abbr_TSF) implements rollback protections, the evaluator performs the same test, this rollback protections, the evaluator performs the same test, this time using a valid, signed update image that has an earlier version time using a valid, signed update image that has an earlier version number than the currently installed firmware. The update must fail. number than the currently installed firmware. The update must fail. ::: ::: ::: ::: ::: ::: ::: {#FPT_TUD_EXT.3 .comp} ::: {#FPT_TUD_EXT.3 .comp} #### FPT\_TUD\_EXT.3 Platform Firmware Delayed-Authentication Update Mechanism #### FPT\_TUD\_EXT.3 Platform Firmware Delayed-Authentication Update Mechanism ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1).*** selection in [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1).*** ::: ::: ::: {.element} ::: {.element} ::: {#FPT_TUD_EXT.3.1 .reqid} ::: {#FPT_TUD_EXT.3.1 .reqid} [FPT\_TUD\_EXT.3.1](#FPT_TUD_EXT.3.1){.abbr} [FPT\_TUD\_EXT.3.1](#FPT_TUD_EXT.3.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall allow execution or use of platform firmware The [TSF](#abbr_TSF) shall allow execution or use of platform firmware updates only if new platform firmware is integrity- and updates only if new platform firmware is integrity- and authenticity-checked using the mechanism described in authenticity-checked using the mechanism described in [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) prior to its execution or use, and [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) prior to its execution or use, and \[**selection**: *the version number of the platform firmware update is \[**selection**: *the version number of the platform firmware update is more recent than the version number of the previously installed platform more recent than the version number of the previously installed platform firmware*, *no other conditions*\]. firmware*, *no other conditions*\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This requirement must be included in [Application Note: ]{.note-header}[ This requirement must be included in the [ST](#abbr_ST) if \"*implement a delayed-authentication platform the [ST](#abbr_ST) if \"*implement a delayed-authentication platform firmware update mechanism as described in firmware update mechanism as described in [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3)*\" is selected in [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3)*\" is selected in [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1).]{.note} [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1).]{.note} This update mechanism does not require an integrity or authenticity This update mechanism does not require an integrity or authenticity check prior to installation, but the newly installed platform firmware check prior to installation, but the newly installed platform firmware must have its integrity and authenticity verified prior to being must have its integrity and authenticity verified prior to being executed or used. This update mechanism takes advantage of the existing executed or used. This update mechanism takes advantage of the existing [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) requirement to avoid having to verify [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) requirement to avoid having to verify the integrity and authenticity of an update package at install time. the integrity and authenticity of an update package at install time. The [ST](#abbr_ST) Author should select \"*the version number of the The [ST](#abbr_ST) Author should select \"*the version number of the platform firmware update is more recent than the version number of the platform firmware update is more recent than the version number of the previously installed platform firmware*\" if the [TSF](#abbr_TSF) previously installed platform firmware*\" if the [TSF](#abbr_TSF) supports rollback prevention. supports rollback prevention. ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FPT_TUD_EXT.3.2 .reqid} ::: {#FPT_TUD_EXT.3.2 .reqid} [FPT\_TUD\_EXT.3.2](#FPT_TUD_EXT.3.2){.abbr} [FPT\_TUD\_EXT.3.2](#FPT_TUD_EXT.3.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall include an observable platform firmware The [TSF](#abbr_TSF) shall include an observable platform firmware version identifier that is accessible by the update mechanism and version identifier that is accessible by the update mechanism and includes information that enables the update mechanism to determine the includes information that enables the update mechanism to determine the relative order of updates. relative order of updates. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FPT_TUD_EXT.3.3 .reqid} ::: {#FPT_TUD_EXT.3.3 .reqid} [FPT\_TUD\_EXT.3.3](#FPT_TUD_EXT.3.3){.abbr} [FPT\_TUD\_EXT.3.3](#FPT_TUD_EXT.3.3){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall provide an observable indication of the The [TSF](#abbr_TSF) shall provide an observable indication of the success or failure of the update operation. success or failure of the update operation. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ For success, this should at least [Application Note: ]{.note-header}[ For success, this should at least include an indication of the version number of the newly installed include an indication of the version number of the newly installed firmware. Notification of failure could include generation of an audit firmware. Notification of failure could include generation of an audit event by a management subsystem, a beep code, an updated version number event by a management subsystem, a beep code, an updated version number on a splash screen, or simple failure to continue functioning. ]{.note} on a splash screen, or simple failure to continue functioning. ]{.note} ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FPT_TUD_EXT.3.4 .reqid} ::: {#FPT_TUD_EXT.3.4 .reqid} [FPT\_TUD\_EXT.3.4](#FPT_TUD_EXT.3.4){.abbr} [FPT\_TUD\_EXT.3.4](#FPT_TUD_EXT.3.4){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TOE](#abbr_TOE) shall take the following actions if a platform The [TOE](#abbr_TOE) shall take the following actions if a platform firmware update integrity, authentication, or rollback-prevention check firmware update integrity, authentication, or rollback-prevention check fails, or a platform firmware update fails for any other reason: fails, or a platform firmware update fails for any other reason: - Notify an \[**selection**: *Administrator*, *User*\] by - Notify an \[**selection**: *Administrator*, *User*\] by \[**selection**: *generating an audit event*, *\[**assignment**: \[**selection**: *generating an audit event*, *\[**assignment**: [notification method]{.assignable-content}\]*\] [notification method]{.assignable-content}\]*\] and \[**selection**: | and \[**selection, choose one of**: - *Halt*, - *Halt*, - *Stop all execution and shut down*, - *Stop all execution and shut down*, - *Initiate a recovery process as specified in - *Initiate a recovery process as specified in [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)* [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)* \] \[**selection**: | \] \[**selection, choose one of**: - *automatically*, - *automatically*, - *in accordance with administrator-configurable policy*, - *in accordance with administrator-configurable policy*, - *by express determination of an \[**selection**: *Administrator*, - *by express determination of an \[**selection**: *Administrator*, *User*\]* *User*\]* \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ If \"*generating an audit event*\" [Application Note: ]{.note-header}[ If \"*generating an audit event*\" is selected, then [FAU\_GEN.1](#FAU_GEN.1) and the other audit SFRs must is selected, then [FAU\_GEN.1](#FAU_GEN.1) and the other audit SFRs must be claimed.]{.note} be claimed.]{.note} If \"*Initiate recovery as specified in If \"*Initiate recovery as specified in [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)*\" is selected, then [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)*\" is selected, then [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1) must be included in the [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1) must be included in the [ST](#abbr_ST). [ST](#abbr_ST). The platform firmware unauthenticated update mechanism installs platform The platform firmware unauthenticated update mechanism installs platform firmware updates without first checking their integrity or authenticity. firmware updates without first checking their integrity or authenticity. Instead, this mechanism either invokes a special Instead, this mechanism either invokes a special authentication/integrity check on the firmware *in situ* after install authentication/integrity check on the firmware *in situ* after install or relies on the firmware checks required by or relies on the firmware checks required by [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) to ensure the integrity and [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) to ensure the integrity and authenticity of the update image. In either case, the integrity and authenticity of the update image. In either case, the integrity and authenticity of the update must be verified before the updated firmware authenticity of the update must be verified before the updated firmware is executed or used. is executed or used. Likewise, if the [TSF](#abbr_TSF) implements rollback prevention, this Likewise, if the [TSF](#abbr_TSF) implements rollback prevention, this check must be made before the newly installed firmware is executed. check must be made before the newly installed firmware is executed. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall ensure that the [TSS](#abbr_TSS) includes a The evaluator shall ensure that the [TSS](#abbr_TSS) includes a comprehensive description of how the authentication of platform firmware comprehensive description of how the authentication of platform firmware updates is implemented by the [TSF](#abbr_TSF). The [TSS](#abbr_TSS) updates is implemented by the [TSF](#abbr_TSF). The [TSS](#abbr_TSS) should cover the initialization process and the activities that are should cover the initialization process and the activities that are performed to ensure that the digital signature of the update image is performed to ensure that the digital signature of the update image is verified before it is executed or used. verified before it is executed or used. The evaluator shall examine the [TSF](#abbr_TSF) to ensure that it The evaluator shall examine the [TSF](#abbr_TSF) to ensure that it describes the platform firmware version identifier and explains its describes the platform firmware version identifier and explains its meaning and encoding. meaning and encoding. The evaluator shall also ensure that the [TSS](#abbr_TSS) describes the The evaluator shall also ensure that the [TSS](#abbr_TSS) describes the actions taken by the [TSF](#abbr_TSF) if an update image fails actions taken by the [TSF](#abbr_TSF) if an update image fails authentication, integrity, or rollback-prevention checks. authentication, integrity, or rollback-prevention checks. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to ensure that it describes the The evaluator shall examine the AGD to ensure that it describes the process for updating the platform firmware. process for updating the platform firmware. The evaluator shall examine the AGD to ensure that it documents the The evaluator shall examine the AGD to ensure that it documents the observable indications of update success or failure, and that it observable indications of update success or failure, and that it describes how to access the platform firmware version indicators. describes how to access the platform firmware version indicators. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following tests: The evaluator shall perform the following tests: - **Test 1:** The evaluator determines the current version of the - **Test 1:** The evaluator determines the current version of the platform firmware, and obtains or produces a valid, authentic, and platform firmware, and obtains or produces a valid, authentic, and permissible update image of platform firmware. The evaluator permissible update image of platform firmware. The evaluator initiates an update using this image through the process described initiates an update using this image through the process described in the operational guidance. After the process is complete, the in the operational guidance. After the process is complete, the evaluator checks the current firmware version to ensure that the new evaluator checks the current firmware version to ensure that the new firmware version matches that of the update. firmware version matches that of the update. - **Test 2:** The evaluator performs the same test, this time using a - **Test 2:** The evaluator performs the same test, this time using a inauthentic update image. The update code must fail to execute. inauthentic update image. The update code must fail to execute. - **Test 3:** The evaluator performs the same test, this time using an - **Test 3:** The evaluator performs the same test, this time using an update image that is corrupted but is otherwise authentic. The update image that is corrupted but is otherwise authentic. The update code must fail to execute. update code must fail to execute. - **Test 4:** \[conditional\] If the [TSF](#abbr_TSF) implements - **Test 4:** \[conditional\] If the [TSF](#abbr_TSF) implements rollback protections, the evaluator performs the same test, this rollback protections, the evaluator performs the same test, this time using a valid, signed update image that is has an earlier time using a valid, signed update image that is has an earlier version number than the currently installed firmware. The update version number than the currently installed firmware. The update code must fail to execute. code must fail to execute. ::: ::: ::: ::: ::: ::: ::: {#FPT_TUD_EXT.4 .comp} ::: {#FPT_TUD_EXT.4 .comp} #### FPT\_TUD\_EXT.4 Secure Local Platform Firmware Update Mechanism #### FPT\_TUD\_EXT.4 Secure Local Platform Firmware Update Mechanism ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FPT\_RVR\_EXT.1.1](#FPT_RVR_EXT.1.1), selection in [FPT\_RVR\_EXT.1.1](#FPT_RVR_EXT.1.1), [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1).*** [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1).*** ::: ::: ::: {.element} ::: {.element} ::: {#FPT_TUD_EXT.4.1 .reqid} ::: {#FPT_TUD_EXT.4.1 .reqid} [FPT\_TUD\_EXT.4.1](#FPT_TUD_EXT.4.1){.abbr} [FPT\_TUD\_EXT.4.1](#FPT_TUD_EXT.4.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall provide a secure local update mechanism that The [TSF](#abbr_TSF) shall provide a secure local update mechanism that requires an assertion of physical access to the [TOE](#abbr_TOE) before requires an assertion of physical access to the [TOE](#abbr_TOE) before installation of an update. installation of an update. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FPT_TUD_EXT.4.2 .reqid} ::: {#FPT_TUD_EXT.4.2 .reqid} [FPT\_TUD\_EXT.4.2](#FPT_TUD_EXT.4.2){.abbr} [FPT\_TUD\_EXT.4.2](#FPT_TUD_EXT.4.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} A user shall assert physical presence to the [TSF](#abbr_TSF) through: A user shall assert physical presence to the [TSF](#abbr_TSF) through: \[**selection**: \[**selection**: - *login to the [TOE](#abbr_TOE) from a physically connected console - *login to the [TOE](#abbr_TOE) from a physically connected console or terminal*, or terminal*, - *physical connection of a jumper or cable*, - *physical connection of a jumper or cable*, - *connection to a debug port*, - *connection to a debug port*, - *\[**assignment**: [description of other mechanism for asserting - *\[**assignment**: [description of other mechanism for asserting physical presence]{.assignable-content}\]* physical presence]{.assignable-content}\]* \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ The requirement included in the [Application Note: ]{.note-header}[ The requirement included in the [ST](#abbr_ST) if \"*the secure local update mechanism described in [ST](#abbr_ST) if \"*the secure local update mechanism described in [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4)*\" is selected in [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4)*\" is selected in [FPT\_RVR\_EXT.1.1](#FPT_RVR_EXT.1.1) or \"*implement a secure local [FPT\_RVR\_EXT.1.1](#FPT_RVR_EXT.1.1) or \"*implement a secure local platform firmware update mechanism described in platform firmware update mechanism described in [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4)*\" is selected in [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4)*\" is selected in [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1).]{.note} [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1).]{.note} This requirement pertains to platform firmware update mechanisms that do This requirement pertains to platform firmware update mechanisms that do not use the authentication-based update mechanism described in not use the authentication-based update mechanism described in [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) or the delayed-authentication [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) or the delayed-authentication described in [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3). The secure local update described in [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3). The secure local update mechanism ensures the authenticity and integrity of the firmware update mechanism ensures the authenticity and integrity of the firmware update image by requiring a user to be physically present at the image by requiring a user to be physically present at the [TOE](#abbr_TOE). An assertion of physical presence can take the form, [TOE](#abbr_TOE). An assertion of physical presence can take the form, for example, of requiring entry of a password at a boot screen, for example, of requiring entry of a password at a boot screen, unlocking of a physical lock (e.g., a motherboard jumper), or inserting unlocking of a physical lock (e.g., a motherboard jumper), or inserting a [USB](#abbr_USB) cable before permitting platform firmware to be a [USB](#abbr_USB) cable before permitting platform firmware to be updated. updated. There is no requirement that the local update mechanism support rollback There is no requirement that the local update mechanism support rollback prevention. prevention. The local update mechanism must be a designed mechanism. If update can The local update mechanism must be a designed mechanism. If update can be accomplished only through the physical removal and replacement of a be accomplished only through the physical removal and replacement of a part, then that is not a secure local update mechanism, and \"make no part, then that is not a secure local update mechanism, and \"make no provision for platform firmware update\" should be selected in provision for platform firmware update\" should be selected in [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1). [FPT\_TUD\_EXT.1.1](#FPT_TUD_EXT.1.1). ::: ::: ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FPT_TUD_EXT.4.3 .reqid} ::: {#FPT_TUD_EXT.4.3 .reqid} [FPT\_TUD\_EXT.4.3](#FPT_TUD_EXT.4.3){.abbr} [FPT\_TUD\_EXT.4.3](#FPT_TUD_EXT.4.3){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall include a platform firmware version The [TSF](#abbr_TSF) shall include a platform firmware version identifier that is accessible by the update mechanism or to the user who identifier that is accessible by the update mechanism or to the user who asserts physical presence. asserts physical presence. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FPT_TUD_EXT.4.4 .reqid} ::: {#FPT_TUD_EXT.4.4 .reqid} [FPT\_TUD\_EXT.4.4](#FPT_TUD_EXT.4.4){.abbr} [FPT\_TUD\_EXT.4.4](#FPT_TUD_EXT.4.4){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall provide an observable indication of the The [TSF](#abbr_TSF) shall provide an observable indication of the success or failure of the update operation. success or failure of the update operation. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ For success, this indication should [Application Note: ]{.note-header}[ For success, this indication should include the version number of the newly installed firmware. Notification include the version number of the newly installed firmware. Notification of failure could be through a beep code, an indication on a splash of failure could be through a beep code, an indication on a splash screen, or simple failure to continue functioning. ]{.note} screen, or simple failure to continue functioning. ]{.note} ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall check the [TSS](#abbr_TSS) section to confirm that The evaluator shall check the [TSS](#abbr_TSS) section to confirm that it clearly and thoroughly describes how the secure local update it clearly and thoroughly describes how the secure local update functionality is implemented. functionality is implemented. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall examine the AGD to ensure that it describes The evaluator shall examine the AGD to ensure that it describes instructions for using the local update mechanism, and how to validate instructions for using the local update mechanism, and how to validate that the update was successful. that the update was successful. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall perform the following tests: The evaluator shall perform the following tests: - **Test 1:** The evaluator tests the secure local update by following - **Test 1:** The evaluator tests the secure local update by following the instructions provided in the operational guidance to update the the instructions provided in the operational guidance to update the platform firmware image. The update must succeed. platform firmware image. The update must succeed. - **Test 2:** The evaluator next tries to update the platform firmware - **Test 2:** The evaluator next tries to update the platform firmware image without first asserting physical presence. The update must image without first asserting physical presence. The update must fail or be not possible. fail or be not possible. ::: ::: ::: ::: ::: ::: B.7 Class: Trusted Path/Channels (FTP) {#ftp-sel-based .indexable data-level="2"} B.7 Class: Trusted Path/Channels (FTP) {#ftp-sel-based .indexable data-level="2"} -------------------------------------- -------------------------------------- ::: {#FTP_ITC_EXT.1 .comp} ::: {#FTP_ITC_EXT.1 .comp} #### FTP\_ITC\_EXT.1 Trusted Channel Communication #### FTP\_ITC\_EXT.1 Trusted Channel Communication ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FAU\_STG\_EXT.1.1](#FAU_STG_EXT.1.1), selection in [FAU\_STG\_EXT.1.1](#FAU_STG_EXT.1.1), [FDP\_ITC\_EXT.1.1](#FDP_ITC_EXT.1.1), [FMT\_SMF.1.1](#FMT_SMF.1.1).*** [FDP\_ITC\_EXT.1.1](#FDP_ITC_EXT.1.1), [FMT\_SMF.1.1](#FMT_SMF.1.1).*** ::: ::: ::: {.element} ::: {.element} ::: {#FTP_ITC_EXT.1.1 .reqid} ::: {#FTP_ITC_EXT.1.1 .reqid} [FTP\_ITC\_EXT.1.1](#FTP_ITC_EXT.1.1){.abbr} [FTP\_ITC\_EXT.1.1](#FTP_ITC_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall use \[**selection**: The [TSF](#abbr_TSF) shall use \[**selection**: - *[TLS](#abbr_TLS) as conforming to the [*Functional Package for - *[TLS](#abbr_TLS) as conforming to the [*Functional Package for Transport Layer Transport Layer Security*](https://www.niap-ccevs.org/MMO/PP/-439-/)*, Security*](https://www.niap-ccevs.org/MMO/PP/-439-/)*, - *[TLS](#abbr_TLS)/[HTTPS](#abbr_HTTPS) as conforming to - *[TLS](#abbr_TLS)/[HTTPS](#abbr_HTTPS) as conforming to [FCS\_HTTPS\_EXT.1](#FCS_HTTPS_EXT.1)*, [FCS\_HTTPS\_EXT.1](#FCS_HTTPS_EXT.1)*, - *IPsec as conforming to [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1)*, - *IPsec as conforming to [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1)*, - *[SSH](#abbr_SSH) as conforming to the [*Functional Package for - *[SSH](#abbr_SSH) as conforming to the [*Functional Package for Secure Shell*](https://www.niap-ccevs.org/MMO/PP/-389-/)* Secure Shell*](https://www.niap-ccevs.org/MMO/PP/-389-/)* \] protocols with \[**selection**: | \] protocols with \[**selection, choose one of**: - *X.509 certificate-based authentication of the remote peer*, - *X.509 certificate-based authentication of the remote peer*, - *non-certificate-based authentication of the remote peer*, - *non-certificate-based authentication of the remote peer*, - *no authentication of the remote peer* - *no authentication of the remote peer* \] to provide a communication channel between itself and \] to provide a communication channel between itself and \[**selection**: \[**selection**: - *audit servers (as required by [FAU\_STG\_EXT.1](#FAU_STG_EXT.1))*, - *audit servers (as required by [FAU\_STG\_EXT.1](#FAU_STG_EXT.1))*, - *remote administrators (as required by [FTP\_TRP.1.1](#FTP_TRP.1.1) - *remote administrators (as required by [FTP\_TRP.1.1](#FTP_TRP.1.1) if selected in FMT\_MOF\_EXT.1)*, if selected in FMT\_MOF\_EXT.1)*, - *\[**assignment**: [other capabilities]{.assignable-content}\]*, - *\[**assignment**: [other capabilities]{.assignable-content}\]*, - *no other capabilities* - *no other capabilities* \] that is logically distinct from other communication channels, \] that is logically distinct from other communication channels, provides assured identification of its end points, protects channel data provides assured identification of its end points, protects channel data from disclosure, and detects modification of the channel data. from disclosure, and detects modification of the channel data. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in the [ST](#abbr_ST) if a trusted channel is used to offload audit data or the [ST](#abbr_ST) if a trusted channel is used to offload audit data or if the platform is administered remotely. That is, if \"*a trusted if the platform is administered remotely. That is, if \"*a trusted channel as specified in [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1)*\" is selected channel as specified in [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1)*\" is selected in [FAU\_STG\_EXT.1.1](#FAU_STG_EXT.1.1), if \"*physically protected in [FAU\_STG\_EXT.1.1](#FAU_STG_EXT.1.1), if \"*physically protected channels as specified in [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1)*\" is channels as specified in [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1)*\" is selected in [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1)., or if \"*remotely*\" is selected in [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1)., or if \"*remotely*\" is selected in Management Function 1 in selected in Management Function 1 in [FMT\_SMF.1.1](#FMT_SMF.1.1).]{.note} [FMT\_SMF.1.1](#FMT_SMF.1.1).]{.note} If the [ST](#abbr_ST) Author selects either \"*[TLS](#abbr_TLS)*\" or If the [ST](#abbr_ST) Author selects either \"*[TLS](#abbr_TLS)*\" or \"*[HTTPS](#abbr_HTTPS)*,\" the [TSF](#abbr_TSF) must be validated \"*[HTTPS](#abbr_HTTPS)*,\" the [TSF](#abbr_TSF) must be validated against the Functional Package for [TLS](#abbr_TLS). This [PP](#abbr_PP) against the Functional Package for [TLS](#abbr_TLS). This [PP](#abbr_PP) does not mandate that a product implement [TLS](#abbr_TLS) with mutual does not mandate that a product implement [TLS](#abbr_TLS) with mutual authentication, but if the product includes the capability to perform authentication, but if the product includes the capability to perform [TLS](#abbr_TLS) with mutual authentication, then mutual authentication [TLS](#abbr_TLS) with mutual authentication, then mutual authentication must be included within the [TOE](#abbr_TOE) boundary. The must be included within the [TOE](#abbr_TOE) boundary. The [TLS](#abbr_TLS) Package requires that the X509 requirements be included [TLS](#abbr_TLS) Package requires that the X509 requirements be included by the [PP](#abbr_PP), so selection of [TLS](#abbr_TLS) or by the [PP](#abbr_PP), so selection of [TLS](#abbr_TLS) or [HTTPS](#abbr_HTTPS) causes FIA\_X509\_EXT.\* to be selected. [HTTPS](#abbr_HTTPS) causes FIA\_X509\_EXT.\* to be selected. If the [ST](#abbr_ST) Author selects \"*[SSH](#abbr_SSH)*,\" the If the [ST](#abbr_ST) Author selects \"*[SSH](#abbr_SSH)*,\" the [TSF](#abbr_TSF) must be validated against the Functional Package for [TSF](#abbr_TSF) must be validated against the Functional Package for Secure Shell. Secure Shell. If the [ST](#abbr_ST) Author selects \"*certificate-based authentication If the [ST](#abbr_ST) Author selects \"*certificate-based authentication of the remote peer*,\" then [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) and of the remote peer*,\" then [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) and [FIA\_X509\_EXT.2](#FIA_X509_EXT.2) must be included in the [FIA\_X509\_EXT.2](#FIA_X509_EXT.2) must be included in the [ST](#abbr_ST). \"*No authentication of the remote peer*\" should be [ST](#abbr_ST). \"*No authentication of the remote peer*\" should be selected only if the [TOE](#abbr_TOE) is acting as a server in a selected only if the [TOE](#abbr_TOE) is acting as a server in a non-mutual authentication configuration. non-mutual authentication configuration. . . ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1) [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator will review the [TSS](#abbr_TSS) to determine that it The evaluator will review the [TSS](#abbr_TSS) to determine that it lists all trusted channels the [TOE](#abbr_TOE) uses for remote lists all trusted channels the [TOE](#abbr_TOE) uses for remote communications, including both the external [IT](#abbr_IT) entities and communications, including both the external [IT](#abbr_IT) entities and remote users that use the channel as well as the protocol that is used remote users that use the channel as well as the protocol that is used for each. for each. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall confirm that the AGD contains instructions for The evaluator shall confirm that the AGD contains instructions for establishing connections to external [IT](#abbr_IT) entities and remote establishing connections to external [IT](#abbr_IT) entities and remote users. users. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator will configure the [TOE](#abbr_TOE) to communicate with The evaluator will configure the [TOE](#abbr_TOE) to communicate with each external [IT](#abbr_IT) entity and type of remote user identified each external [IT](#abbr_IT) entity and type of remote user identified in the [TSS](#abbr_TSS). The evaluator will monitor network traffic in the [TSS](#abbr_TSS). The evaluator will monitor network traffic while the [VS](#abbr_VS) performs communication with each of these while the [VS](#abbr_VS) performs communication with each of these destinations. The evaluator will ensure that for each session a trusted destinations. The evaluator will ensure that for each session a trusted channel was established in conformance with the protocols identified in channel was established in conformance with the protocols identified in the selection. the selection. ::: ::: ::: ::: ::: ::: ::: {#FTP_ITE_EXT.1 .comp} ::: {#FTP_ITE_EXT.1 .comp} #### FTP\_ITE\_EXT.1 Encrypted Data Communications #### FTP\_ITE\_EXT.1 Encrypted Data Communications ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FDP\_ITC\_EXT.1.1](#FDP_ITC_EXT.1.1).*** selection in [FDP\_ITC\_EXT.1.1](#FDP_ITC_EXT.1.1).*** ::: ::: ::: {.element} ::: {.element} ::: {#FTP_ITE_EXT.1.1 .reqid} ::: {#FTP_ITE_EXT.1.1 .reqid} [FTP\_ITE\_EXT.1.1](#FTP_ITE_EXT.1.1){.abbr} [FTP\_ITE\_EXT.1.1](#FTP_ITE_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall encrypt data for transfer between the The [TSF](#abbr_TSF) shall encrypt data for transfer between the [TOE](#abbr_TOE) and \[**assignment**: [list of entities external to the [TOE](#abbr_TOE) and \[**assignment**: [list of entities external to the [TOE](#abbr_TOE)]{.assignable-content}\] using a cryptographic algorithm [TOE](#abbr_TOE)]{.assignable-content}\] using a cryptographic algorithm and key size as specified in [FCS\_COP.1/SKC](#FCS_COP.1/SKC), and using and key size as specified in [FCS\_COP.1/SKC](#FCS_COP.1/SKC), and using \[**selection**: \[**selection**: - *Pre-shared keys*, - *Pre-shared keys*, - *Keys established according to [FCS\_CKM.2](#FCS_CKM.2)*, - *Keys established according to [FCS\_CKM.2](#FCS_CKM.2)*, - *Keys exchanged using a physically protected communication mechanism - *Keys exchanged using a physically protected communication mechanism conformant with [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1)* conformant with [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1)* \]. \]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be claimed if \"*encrypted data buffers as specified in claimed if \"*encrypted data buffers as specified in [FTP\_ITE\_EXT.1](#FTP_ITE_EXT.1)*\" is selected in [FTP\_ITE\_EXT.1](#FTP_ITE_EXT.1)*\" is selected in [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1).]{.note} [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1).]{.note} This requirement applies to encrypted data communications between the This requirement applies to encrypted data communications between the [TOE](#abbr_TOE) and external entities that do not use a physically [TOE](#abbr_TOE) and external entities that do not use a physically protected mechanism conforming to [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1), or protected mechanism conforming to [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1), or a cryptographically protected data channel as conforming to a cryptographically protected data channel as conforming to [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1). For example, if data is transferred [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1). For example, if data is transferred through encrypted buffers (or blobs), then this requirement applies. through encrypted buffers (or blobs), then this requirement applies. This requirement would apply, for example, for communications This requirement would apply, for example, for communications implemented through a shared data buffer. implemented through a shared data buffer. ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FTP\_ITE\_EXT.1](#FTP_ITE_EXT.1) [FTP\_ITE\_EXT.1](#FTP_ITE_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall review the [TSS](#abbr_TSS) to determine that it The evaluator shall review the [TSS](#abbr_TSS) to determine that it lists all encryption mechanisms the [TOE](#abbr_TOE) uses for protected lists all encryption mechanisms the [TOE](#abbr_TOE) uses for protected external communications, along with the types of communications external communications, along with the types of communications protected using each mechanism. protected using each mechanism. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall configure the [TOE](#abbr_TOE) to communicate with The evaluator shall configure the [TOE](#abbr_TOE) to communicate with each external entity identified in the [TSS](#abbr_TSS). The evaluator each external entity identified in the [TSS](#abbr_TSS). The evaluator shall initiate a transaction that will result in data being transferred shall initiate a transaction that will result in data being transferred to the [TOE](#abbr_TOE) through the mechanism and other data returned to to the [TOE](#abbr_TOE) through the mechanism and other data returned to the initiating entity through the mechanism. The evaluator must verify the initiating entity through the mechanism. The evaluator must verify that the data returned to the entity was encrypted using the documented that the data returned to the entity was encrypted using the documented mechanism when received. mechanism when received. ::: ::: ::: ::: ::: ::: ::: {#FTP_ITP_EXT.1 .comp} ::: {#FTP_ITP_EXT.1 .comp} #### FTP\_ITP\_EXT.1 Physically Protected Channel #### FTP\_ITP\_EXT.1 Physically Protected Channel ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FDP\_ITC\_EXT.1.1](#FDP_ITC_EXT.1.1), selection in [FDP\_ITC\_EXT.1.1](#FDP_ITC_EXT.1.1), [FTP\_ITE\_EXT.1.1](#FTP_ITE_EXT.1.1).*** [FTP\_ITE\_EXT.1.1](#FTP_ITE_EXT.1.1).*** ::: ::: ::: {.element} ::: {.element} ::: {#FTP_ITP_EXT.1.1 .reqid} ::: {#FTP_ITP_EXT.1.1 .reqid} [FTP\_ITP\_EXT.1.1](#FTP_ITP_EXT.1.1){.abbr} [FTP\_ITP\_EXT.1.1](#FTP_ITP_EXT.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall provide a physically protected communication The [TSF](#abbr_TSF) shall provide a physically protected communication channel between itself and \[**assignment**: [list of other channel between itself and \[**assignment**: [list of other [IT](#abbr_IT) entities within the same [IT](#abbr_IT) entities within the same platform]{.assignable-content}\]. platform]{.assignable-content}\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) must be claimed if \"*physically protected channels as specified in claimed if \"*physically protected channels as specified in [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1)*\" is selected in either [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1)*\" is selected in either [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1), or if \"*Keys exchanged using a [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1), or if \"*Keys exchanged using a physically protected communication mechanism conformant with physically protected communication mechanism conformant with [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1)*\" is selected in [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1)*\" is selected in [FTP\_ITE\_EXT.1.1](#FTP_ITE_EXT.1.1). ]{.note} [FTP\_ITE\_EXT.1.1](#FTP_ITE_EXT.1.1). ]{.note} ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1) [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall review the [TSS](#abbr_TSS) to determine that it The evaluator shall review the [TSS](#abbr_TSS) to determine that it lists all mechanisms the [TOE](#abbr_TOE) uses for physically protected lists all mechanisms the [TOE](#abbr_TOE) uses for physically protected external communications, along with the types of communications external communications, along with the types of communications protected using each mechanism. protected using each mechanism. ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: There are no AGD evaluation activities for this component. There are no AGD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: There are no test activities for this component. There are no test activities for this component. ::: ::: ::: ::: ::: ::: ::: {#FTP_TRP.1 .comp} ::: {#FTP_TRP.1 .comp} #### FTP\_TRP.1 Trusted Path #### FTP\_TRP.1 Trusted Path ::: {.statustag} ::: {.statustag} ***The inclusion of this selection-based component depends upon ***The inclusion of this selection-based component depends upon selection in [FMT\_SMF.1.1](#FMT_SMF.1.1).*** selection in [FMT\_SMF.1.1](#FMT_SMF.1.1).*** ::: ::: ::: {.element} ::: {.element} ::: {#FTP_TRP.1.1 .reqid} ::: {#FTP_TRP.1.1 .reqid} [FTP\_TRP.1.1](#FTP_TRP.1.1){.abbr} [FTP\_TRP.1.1](#FTP_TRP.1.1){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall [use a trusted channel as specified in The [TSF](#abbr_TSF) shall [use a trusted channel as specified in [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1) to]{.refinement} provide a [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1) to]{.refinement} provide a [trusted]{.refinement} communication path between itself and [trusted]{.refinement} communication path between itself and \[*remote*\] [Administrators]{.refinement} that is logically distinct \[*remote*\] [Administrators]{.refinement} that is logically distinct from other communication paths and provides assured identification of from other communication paths and provides assured identification of its end points and protection of the communicated data from its end points and protection of the communicated data from \[*modification, disclosure*\]. \[*modification, disclosure*\]. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FTP_TRP.1.2 .reqid} ::: {#FTP_TRP.1.2 .reqid} [FTP\_TRP.1.2](#FTP_TRP.1.2){.abbr} [FTP\_TRP.1.2](#FTP_TRP.1.2){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall permit \[*remote Administrators*\] to The [TSF](#abbr_TSF) shall permit \[*remote Administrators*\] to initiate communication via the trusted path. initiate communication via the trusted path. ::: ::: ::: ::: ::: {.element} ::: {.element} ::: {#FTP_TRP.1.3 .reqid} ::: {#FTP_TRP.1.3 .reqid} [FTP\_TRP.1.3](#FTP_TRP.1.3){.abbr} [FTP\_TRP.1.3](#FTP_TRP.1.3){.abbr} ::: ::: ::: {.reqdesc} ::: {.reqdesc} The [TSF](#abbr_TSF) shall require the use of the trusted path for The [TSF](#abbr_TSF) shall require the use of the trusted path for \[*\[all remote administration actions\]*\]. \[*\[all remote administration actions\]*\]. ::: {.appnote} ::: {.appnote} [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in [Application Note: ]{.note-header}[ This [SFR](#abbr_SFR) is included in the [ST](#abbr_ST) if \"*remotely*\" is selected in Management Function the [ST](#abbr_ST) if \"*remotely*\" is selected in Management Function 1 of [FMT\_SMF.1.1](#FMT_SMF.1.1).]{.note} 1 of [FMT\_SMF.1.1](#FMT_SMF.1.1).]{.note} Protocols used to implement the remote administration trusted channel Protocols used to implement the remote administration trusted channel must be selected in [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1). must be selected in [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1). This requirement ensures that authorized remote Administrators initiate This requirement ensures that authorized remote Administrators initiate all communication with the [TOE](#abbr_TOE) via a trusted path, and that all communication with the [TOE](#abbr_TOE) via a trusted path, and that all communications with the [TOE](#abbr_TOE) by remote Administrators is all communications with the [TOE](#abbr_TOE) by remote Administrators is performed over this path. The data passed in this trusted communication performed over this path. The data passed in this trusted communication channel are encrypted as defined the protocol chosen in the first channel are encrypted as defined the protocol chosen in the first selection in [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1). selection in [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1). ::: ::: ::: ::: ::: ::: ::: {.activity_pane .hide} ::: {.activity_pane .hide} ::: {.activity_pane_header} ::: {.activity_pane_header} [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) [[ Evaluation Activities ]{.activity_pane_label}[]{.toggler}](#) ::: ::: ::: {.activity_pane_body} ::: {.activity_pane_body} ::: {.component-activity-header} ::: {.component-activity-header} [FTP\_TRP.1](#FTP_TRP.1) [FTP\_TRP.1](#FTP_TRP.1) ::: ::: ::: {.eacategory} ::: {.eacategory} [TSS](#abbr_TSS) [TSS](#abbr_TSS) ::: ::: The evaluator shall examine the [TSS](#abbr_TSS) to determine that the The evaluator shall examine the [TSS](#abbr_TSS) to determine that the methods of remote [TOE](#abbr_TOE) administration are indicated, along methods of remote [TOE](#abbr_TOE) administration are indicated, along with how those communications are protected. The evaluator shall also with how those communications are protected. The evaluator shall also confirm that all protocols listed in the [TSS](#abbr_TSS) in support of confirm that all protocols listed in the [TSS](#abbr_TSS) in support of [TOE](#abbr_TOE) administration are consistent with those specified in [TOE](#abbr_TOE) administration are consistent with those specified in the requirement, and are included in the requirements in the the requirement, and are included in the requirements in the [ST](#abbr_ST). [ST](#abbr_ST). ::: {.eacategory} ::: {.eacategory} Guidance Guidance ::: ::: The evaluator shall confirm that the AGD contains instructions for The evaluator shall confirm that the AGD contains instructions for establishing the remote administrative sessions for each supported establishing the remote administrative sessions for each supported method. method. ::: {.eacategory} ::: {.eacategory} KMD KMD ::: ::: There are no KMD evaluation activities for this component. There are no KMD evaluation activities for this component. ::: {.eacategory} ::: {.eacategory} Tests Tests ::: ::: The evaluator shall also perform the following tests: The evaluator shall also perform the following tests: - **Test 1:** The evaluator shall ensure that communications using - **Test 1:** The evaluator shall ensure that communications using each specified (in the AGD) remote administration method is tested each specified (in the AGD) remote administration method is tested during the course of the evaluation, setting up the connections as during the course of the evaluation, setting up the connections as described in the AGD and ensuring that communication is successful. described in the AGD and ensuring that communication is successful. - **Test 2:** For each method of remote administration supported, the - **Test 2:** For each method of remote administration supported, the evaluator shall follow the AGD to ensure that there is no available evaluator shall follow the AGD to ensure that there is no available interface that can be used by a remote user to establish remote interface that can be used by a remote user to establish remote administrative sessions without invoking the trusted path. administrative sessions without invoking the trusted path. - **Test 3:** The evaluator shall ensure, for each method of remote - **Test 3:** The evaluator shall ensure, for each method of remote administration, the channel data is not sent in plaintext. administration, the channel data is not sent in plaintext. - **Test 4:** The evaluator shall ensure, for each method of remote - **Test 4:** The evaluator shall ensure, for each method of remote administration, modification of the channel data is detected by the administration, modification of the channel data is detected by the [TOE](#abbr_TOE). [TOE](#abbr_TOE). Additional evaluation activities are associated with the specific Additional evaluation activities are associated with the specific protocols. protocols. ::: ::: ::: ::: ::: ::: Appendix C - Extended Component Definitions {#ext-comp-defs .indexable data-level="A" Appendix C - Extended Component Definitions {#ext-comp-defs .indexable data-level="A" =========================================== =========================================== This appendix contains the definitions for all extended requirements This appendix contains the definitions for all extended requirements specified in the [PP](#abbr_PP). specified in the [PP](#abbr_PP). C.1 Extended Components Table {#ext-comp-defs-bg .indexable data-level="2"} C.1 Extended Components Table {#ext-comp-defs-bg .indexable data-level="2"} ----------------------------- ----------------------------- All extended components specified in the [PP](#abbr_PP) are listed in All extended components specified in the [PP](#abbr_PP) are listed in this table: this table: ----------------------------------------------------------------------------------- ----------------------------------------------------------------------------------- Functional Class Functional Components Functional Class Functional Components ------------------------------------------------- --------------------------------- ------------------------------------------------- --------------------------------- Class: Security Audit (FAU) FAU\_STG\_EXT Off-Loading of Audi Class: Security Audit (FAU) FAU\_STG\_EXT Off-Loading of Audi Class: Cryptographic Support (FCS) FCS\_CKM\_EXT Cryptographic Key M Class: Cryptographic Support (FCS) FCS\_CKM\_EXT Cryptographic Key M FCS\_ENT\_EXT Entropy for Virtual FCS\_ENT\_EXT Entropy for Virtual FCS\_HTTPS\_EXT [HTTPS](#abbr_HTT FCS\_HTTPS\_EXT [HTTPS](#abbr_HTT FCS\_IPSEC\_EXT IPsec Protocol\ FCS\_IPSEC\_EXT IPsec Protocol\ FCS\_RBG\_EXT Cryptographic Opera FCS\_RBG\_EXT Cryptographic Opera FCS\_SLT\_EXT Cryptographic Salt FCS\_SLT\_EXT Cryptographic Salt FCS\_STG\_EXT Cryptographic Key S FCS\_STG\_EXT Cryptographic Key S Class: User Data Protection (FDP) FDP\_ITC\_EXT Key Import\ Class: User Data Protection (FDP) FDP\_ITC\_EXT Key Import\ FDP\_TEE\_EXT Trusted Execution E FDP\_TEE\_EXT Trusted Execution E Class: Identification and Authentication (FIA) FIA\_AFL\_EXT Authentication Fail Class: Identification and Authentication (FIA) FIA\_AFL\_EXT Authentication Fail FIA\_PMG\_EXT Password Management FIA\_PMG\_EXT Password Management FIA\_TRT\_EXT Authentication Thro FIA\_TRT\_EXT Authentication Thro FIA\_UIA\_EXT Administrator Ident FIA\_UIA\_EXT Administrator Ident FIA\_X509\_EXT X.509 Certificate FIA\_X509\_EXT X.509 Certificate Class: Security Management (FMT) FMT\_CFG\_EXT Secure by Default\ Class: Security Management (FMT) FMT\_CFG\_EXT Secure by Default\ Class: Protection of the [TSF](#abbr_TSF) (FPT) FPT\_JTA\_EXT Debug Port Access\ Class: Protection of the [TSF](#abbr_TSF) (FPT) FPT\_JTA\_EXT Debug Port Access\ FPT\_PPF\_EXT Protection of Platf FPT\_PPF\_EXT Protection of Platf FPT\_ROT\_EXT Platform Integrity\ FPT\_ROT\_EXT Platform Integrity\ FPT\_RVR\_EXT Platform Firmware R FPT\_RVR\_EXT Platform Firmware R FPT\_TUD\_EXT Platform Firmware U FPT\_TUD\_EXT Platform Firmware U Class: Trusted Path/Channels (FTP) FTP\_ITC\_EXT Trusted Channel Com Class: Trusted Path/Channels (FTP) FTP\_ITC\_EXT Trusted Channel Com FTP\_ITE\_EXT Encrypted Data Comm FTP\_ITE\_EXT Encrypted Data Comm FTP\_ITP\_EXT Physically Protecte FTP\_ITP\_EXT Physically Protecte ----------------------------------------------------------------------------------- ----------------------------------------------------------------------------------- : **[Table [15]{.counter}]{.ctr data-myid="" : **[Table [15]{.counter}]{.ctr data-myid="" data-counter-type="ct-Table"}: Extended Component Definitions** data-counter-type="ct-Table"}: Extended Component Definitions** C.2 Extended Component Definitions {#ext-comp-defs-bg .indexable data-level="2"} C.2 Extended Component Definitions {#ext-comp-defs-bg .indexable data-level="2"} ---------------------------------- ---------------------------------- ### C.2.1 Class: Security Audit (FAU) {#ext-comp-FAU .indexable data-level="3"} ### C.2.1 Class: Security Audit (FAU) {#ext-comp-FAU .indexable data-level="3"} This [PP](#abbr_PP) defines the following extended components as part of This [PP](#abbr_PP) defines the following extended components as part of the FAU class originally defined by [CC](#abbr_CC) Part 2: the FAU class originally defined by [CC](#abbr_CC) Part 2: ### C.2.1.1 FAU\_STG\_EXT Off-Loading of Audit Data {#ext-comp-FAU_STG_EXT .indexable ### C.2.1.1 FAU\_STG\_EXT Off-Loading of Audit Data {#ext-comp-FAU_STG_EXT .indexable ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for the [TSF](#abbr_TSF) to securely This family defines requirements for the [TSF](#abbr_TSF) to securely transmit or move audit data from the [TOE](#abbr_TOE). transmit or move audit data from the [TOE](#abbr_TOE).
#### Component Leveling #### Component Leveling FAU\_STG\_EXT1 FAU\_STG\_EXT1 [FAU\_STG\_EXT.1](#FAU_STG_EXT.1), Off-Loading of Audit Data, specifies [FAU\_STG\_EXT.1](#FAU_STG_EXT.1), Off-Loading of Audit Data, specifies how audit data may be transmitted or removed from the [TOE](#abbr_TOE), how audit data may be transmitted or removed from the [TOE](#abbr_TOE), which is not covered by any FCS\_STG component. which is not covered by any FCS\_STG component. #### Management: FAU\_STG\_EXT.1 #### Management: FAU\_STG\_EXT.1 The following actions could be considered for the management functions The following actions could be considered for the management functions in FMT: in FMT: a. Ability to configure and manage the audit system and audit data, a. Ability to configure and manage the audit system and audit data, including the ability to configure name/address of audit/logging including the ability to configure name/address of audit/logging server to which to send audit/logging records. server to which to send audit/logging records. #### Audit: FAU\_STG\_EXT.1 #### Audit: FAU\_STG\_EXT.1 The following actions should be auditable if FAU\_GEN Security audit The following actions should be auditable if FAU\_GEN Security audit data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): a. On failure of logging function, capture record of failure and record a. On failure of logging function, capture record of failure and record upon restart of logging function. upon restart of logging function. #### FAU\_STG\_EXT.1 Off-Loading of Audit Data #### FAU\_STG\_EXT.1 Off-Loading of Audit Data ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ [FAU\_GEN.1](#FAU_GEN.1) Audit Data Generation [FAU\_GEN.1](#FAU_GEN.1) Audit Data Generation #### FAU\_STG\_EXT.1.1 {#ext-comp-FAU_STG_EXT.1.1} #### FAU\_STG\_EXT.1.1 {#ext-comp-FAU_STG_EXT.1.1} The [TSF](#abbr_TSF) shall be able to transfer generated audit data to The [TSF](#abbr_TSF) shall be able to transfer generated audit data to an external [IT](#abbr_IT) entity using \[**assignment**: [mechanism for an external [IT](#abbr_IT) entity using \[**assignment**: [mechanism for moving audit data]{.assignable-content}\]. moving audit data]{.assignable-content}\]. ::: ::: ::: ::: ### C.2.2 Class: Cryptographic Support (FCS) {#ext-comp-FCS .indexable data-level="3" ### C.2.2 Class: Cryptographic Support (FCS) {#ext-comp-FCS .indexable data-level="3" This [PP](#abbr_PP) defines the following extended components as part of This [PP](#abbr_PP) defines the following extended components as part of the FCS class originally defined by [CC](#abbr_CC) Part 2: the FCS class originally defined by [CC](#abbr_CC) Part 2: ### C.2.2.1 FCS\_CKM\_EXT Cryptographic Key Management {#ext-comp-FCS_CKM_EXT .indexa ### C.2.2.1 FCS\_CKM\_EXT Cryptographic Key Management {#ext-comp-FCS_CKM_EXT .indexa ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for management of cryptographic keys. This family defines requirements for management of cryptographic keys. [FCS\_CKM\_EXT.4](#FCS_CKM_EXT.4) is necessary because [FCS\_CKM\_EXT.4](#FCS_CKM_EXT.4) is necessary because [FCS\_CKM.4](#FCS_CKM.4) does not include a requirement for the timing [FCS\_CKM.4](#FCS_CKM.4) does not include a requirement for the timing of key destruction. [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5) is necessary to of key destruction. [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5) is necessary to express requirements for key derivation, which are missing from Part 2. express requirements for key derivation, which are missing from Part 2.
#### Component Leveling #### Component Leveling FCS\_CKM\_EXT45 FCS\_CKM\_EXT45 [FCS\_CKM\_EXT.4](#FCS_CKM_EXT.4), Cryptographic Key and Key Material [FCS\_CKM\_EXT.4](#FCS_CKM_EXT.4), Cryptographic Key and Key Material Destruction Timing, specifies the timing for key destruction, which is Destruction Timing, specifies the timing for key destruction, which is not addressed by [FCS\_CKM.4](#FCS_CKM.4). not addressed by [FCS\_CKM.4](#FCS_CKM.4). [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5), Cryptographic Key Derivation, [FCS\_CKM\_EXT.5](#FCS_CKM_EXT.5), Cryptographic Key Derivation, requires the [TSF](#abbr_TSF) to perform key derivation using a defined requires the [TSF](#abbr_TSF) to perform key derivation using a defined method, which is not addressed by any other FCS\_CKM component. method, which is not addressed by any other FCS\_CKM component. #### Management: FCS\_CKM\_EXT.4 #### Management: FCS\_CKM\_EXT.4 #### Audit: FCS\_CKM\_EXT.4 #### Audit: FCS\_CKM\_EXT.4 #### FCS\_CKM\_EXT.4 Cryptographic Key and Key Material Destruction Timing #### FCS\_CKM\_EXT.4 Cryptographic Key and Key Material Destruction Timing ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ [FCS\_CKM.4](#FCS_CKM.4) Cryptographic Key Destruction [FCS\_CKM.4](#FCS_CKM.4) Cryptographic Key Destruction #### FCS\_CKM\_EXT.4.1 {#ext-comp-FCS_CKM_EXT.4.1} #### FCS\_CKM\_EXT.4.1 {#ext-comp-FCS_CKM_EXT.4.1} The [TSF](#abbr_TSF) shall destroy all keys and keying material when no The [TSF](#abbr_TSF) shall destroy all keys and keying material when no longer needed. longer needed. ::: ::: #### Management: FCS\_CKM\_EXT.5 #### Management: FCS\_CKM\_EXT.5 #### Audit: FCS\_CKM\_EXT.5 #### Audit: FCS\_CKM\_EXT.5 #### FCS\_CKM\_EXT.5 Cryptographic Key Derivation #### FCS\_CKM\_EXT.5 Cryptographic Key Derivation ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ \[FCS\_CKM.1 Cryptographic Key Generation or\ \[FCS\_CKM.1 Cryptographic Key Generation or\ [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1) Key/Credential Import\] [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1) Key/Credential Import\] #### FCS\_CKM\_EXT.5.1 {#ext-comp-FCS_CKM_EXT.5.1} #### FCS\_CKM\_EXT.5.1 {#ext-comp-FCS_CKM_EXT.5.1} The [TSF](#abbr_TSF) shall derive cryptographic keys of type The [TSF](#abbr_TSF) shall derive cryptographic keys of type \[**assignment**: [Key type]{.assignable-content}\] from input \[**assignment**: [Key type]{.assignable-content}\] from input parameters \[**assignment**: [Input parameters]{.assignable-content}\] parameters \[**assignment**: [Input parameters]{.assignable-content}\] in accordance with a specified key derivation algorithm in accordance with a specified key derivation algorithm \[**assignment**: [Key derivation algorithm]{.assignable-content}\] and \[**assignment**: [Key derivation algorithm]{.assignable-content}\] and specified cryptographic key sizes \[**assignment**: [Cryptographic key specified cryptographic key sizes \[**assignment**: [Cryptographic key sizes]{.assignable-content}\] that meet the following: \[**assignment**: sizes]{.assignable-content}\] that meet the following: \[**assignment**: [List of standards]{.assignable-content}\]. [List of standards]{.assignable-content}\]. ::: ::: ::: ::: ### C.2.2.2 FCS\_ENT\_EXT Entropy for Virtual Machines {#ext-comp-FCS_ENT_EXT .indexa ### C.2.2.2 FCS\_ENT\_EXT Entropy for Virtual Machines {#ext-comp-FCS_ENT_EXT .indexa ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for availability of entropy data This family defines requirements for availability of entropy data generated or collected by the [TSF](#abbr_TSF). generated or collected by the [TSF](#abbr_TSF).
#### Component Leveling #### Component Leveling FCS\_ENT\_EXT1 FCS\_ENT\_EXT1 [FCS\_ENT\_EXT.1](#FCS_ENT_EXT.1), Entropy for Tenant Software, requires [FCS\_ENT\_EXT.1](#FCS_ENT_EXT.1), Entropy for Tenant Software, requires the [TSF](#abbr_TSF) to provide entropy data to tenant software in a the [TSF](#abbr_TSF) to provide entropy data to tenant software in a specified manner. specified manner. #### Management: FCS\_ENT\_EXT.1 #### Management: FCS\_ENT\_EXT.1 #### Audit: FCS\_ENT\_EXT.1 #### Audit: FCS\_ENT\_EXT.1 #### FCS\_ENT\_EXT.1 Entropy for Tenant Software #### FCS\_ENT\_EXT.1 Entropy for Tenant Software ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) Cryptographic Operation (Random Bit [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) Cryptographic Operation (Random Bit Generation) Generation) #### FCS\_ENT\_EXT.1.1 {#ext-comp-FCS_ENT_EXT.1.1} #### FCS\_ENT\_EXT.1.1 {#ext-comp-FCS_ENT_EXT.1.1} The [TSF](#abbr_TSF) shall provide one or more mechanisms to make The [TSF](#abbr_TSF) shall provide one or more mechanisms to make entropy that meets [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) available to tenant entropy that meets [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) available to tenant software. software. ::: ::: ::: ::: ### C.2.2.3 FCS\_HTTPS\_EXT HTTPS Protocol {#ext-comp-FCS_HTTPS_EXT .indexable data-l ### C.2.2.3 FCS\_HTTPS\_EXT HTTPS Protocol {#ext-comp-FCS_HTTPS_EXT .indexable data-l ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for protecting HTTP communications This family defines requirements for protecting HTTP communications between the [TOE](#abbr_TOE) and an external [IT](#abbr_IT) entity. between the [TOE](#abbr_TOE) and an external [IT](#abbr_IT) entity.
#### Component Leveling #### Component Leveling FCS\_HTTPS\_EXT1 FCS\_HTTPS\_EXT1 [FCS\_HTTPS\_EXT.1](#FCS_HTTPS_EXT.1), [HTTPS](#abbr_HTTPS) Protocol, [FCS\_HTTPS\_EXT.1](#FCS_HTTPS_EXT.1), [HTTPS](#abbr_HTTPS) Protocol, defines requirements for the implementation of the [HTTPS](#abbr_HTTPS) defines requirements for the implementation of the [HTTPS](#abbr_HTTPS) protocol. protocol. #### Management: FCS\_HTTPS\_EXT.1 #### Management: FCS\_HTTPS\_EXT.1 #### Audit: FCS\_HTTPS\_EXT.1 #### Audit: FCS\_HTTPS\_EXT.1 The following actions should be auditable if FAU\_GEN Security audit The following actions should be auditable if FAU\_GEN Security audit data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): a. Failure to establish an [HTTPS](#abbr_HTTPS) session. a. Failure to establish an [HTTPS](#abbr_HTTPS) session. b. Establishment/termination of an [HTTPS](#abbr_HTTPS) session. b. Establishment/termination of an [HTTPS](#abbr_HTTPS) session. #### FCS\_HTTPS\_EXT.1 HTTPS Protocol #### FCS\_HTTPS\_EXT.1 HTTPS Protocol ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ \[FCS\_TLSC\_EXT.1 [TLS](#abbr_TLS) Client Protocol, or\ \[FCS\_TLSC\_EXT.1 [TLS](#abbr_TLS) Client Protocol, or\ FCS\_TLSC\_EXT.2 [TLS](#abbr_TLS) Client Protocol with Mutual FCS\_TLSC\_EXT.2 [TLS](#abbr_TLS) Client Protocol with Mutual Authentication, or\ Authentication, or\ FCS\_TLSS\_EXT.1 [TLS](#abbr_TLS) Server Protocol, or\ FCS\_TLSS\_EXT.1 [TLS](#abbr_TLS) Server Protocol, or\ FCS\_TLSS\_EXT.2 [TLS](#abbr_TLS) Server Protocol with Mutual FCS\_TLSS\_EXT.2 [TLS](#abbr_TLS) Server Protocol with Mutual Authentication\] Authentication\] #### FCS\_HTTPS\_EXT.1.1 {#ext-comp-FCS_HTTPS_EXT.1.1} #### FCS\_HTTPS\_EXT.1.1 {#ext-comp-FCS_HTTPS_EXT.1.1} The [TSF](#abbr_TSF) shall implement the [HTTPS](#abbr_HTTPS) protocol The [TSF](#abbr_TSF) shall implement the [HTTPS](#abbr_HTTPS) protocol that complies with [RFC](#abbr_RFC) 2818. that complies with [RFC](#abbr_RFC) 2818. #### FCS\_HTTPS\_EXT.1.2 {#ext-comp-FCS_HTTPS_EXT.1.2} #### FCS\_HTTPS\_EXT.1.2 {#ext-comp-FCS_HTTPS_EXT.1.2} The [TSF](#abbr_TSF) shall implement [HTTPS](#abbr_HTTPS) using The [TSF](#abbr_TSF) shall implement [HTTPS](#abbr_HTTPS) using [TLS](#abbr_TLS). [TLS](#abbr_TLS). ::: ::: ::: ::: ### C.2.2.4 FCS\_IPSEC\_EXT IPsec Protocol {#ext-comp-FCS_IPSEC_EXT .indexable data-l ### C.2.2.4 FCS\_IPSEC\_EXT IPsec Protocol {#ext-comp-FCS_IPSEC_EXT .indexable data-l ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for protecting communications using This family defines requirements for protecting communications using IPsec. IPsec.
#### Component Leveling #### Component Leveling FCS\_IPSEC\_EXT1 FCS\_IPSEC\_EXT1 [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1), IPsec Protocol, requires that [FCS\_IPSEC\_EXT.1](#FCS_IPSEC_EXT.1), IPsec Protocol, requires that IPsec be implemented as specified manner. IPsec be implemented as specified manner. #### Management: FCS\_IPSEC\_EXT.1 #### Management: FCS\_IPSEC\_EXT.1 The following actions could be considered for the management functions The following actions could be considered for the management functions in FMT: in FMT: a. Managing the cryptographic functionality. a. Managing the cryptographic functionality. #### Audit: FCS\_IPSEC\_EXT.1 #### Audit: FCS\_IPSEC\_EXT.1 The following actions should be auditable if FAU\_GEN Security audit The following actions should be auditable if FAU\_GEN Security audit data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): a. Failure to establish an IPsec [SA](#abbr_SA). a. Failure to establish an IPsec [SA](#abbr_SA). b. Establishment/Termination of an IPsec [SA](#abbr_SA). b. Establishment/Termination of an IPsec [SA](#abbr_SA). #### FCS\_IPSEC\_EXT.1 IPsec Protocol #### FCS\_IPSEC\_EXT.1 IPsec Protocol ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ FCS\_CKM.1 Cryptographic Key Generation\ FCS\_CKM.1 Cryptographic Key Generation\ [FCS\_CKM.2](#FCS_CKM.2) Cryptographic Key Establishment\ [FCS\_CKM.2](#FCS_CKM.2) Cryptographic Key Establishment\ FCS\_COP.1 Cryptographic Operation\ FCS\_COP.1 Cryptographic Operation\ [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) Cryptographic Operation (Random Bit [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) Cryptographic Operation (Random Bit Generation)\ Generation)\ [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) X.509 Certificate Validation [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) X.509 Certificate Validation #### FCS\_IPSEC\_EXT.1.1 {#ext-comp-FCS_IPSEC_EXT.1.1} #### FCS\_IPSEC\_EXT.1.1 {#ext-comp-FCS_IPSEC_EXT.1.1} The [TSF](#abbr_TSF) shall implement the IPsec architecture as specified The [TSF](#abbr_TSF) shall implement the IPsec architecture as specified in [RFC](#abbr_RFC) 4301. in [RFC](#abbr_RFC) 4301. #### FCS\_IPSEC\_EXT.1.2 {#ext-comp-FCS_IPSEC_EXT.1.2} #### FCS\_IPSEC\_EXT.1.2 {#ext-comp-FCS_IPSEC_EXT.1.2} The [TSF](#abbr_TSF) shall implement \[**assignment**: [IPsec The [TSF](#abbr_TSF) shall implement \[**assignment**: [IPsec modes]{.assignable-content}\]. modes]{.assignable-content}\]. #### FCS\_IPSEC\_EXT.1.3 {#ext-comp-FCS_IPSEC_EXT.1.3} #### FCS\_IPSEC\_EXT.1.3 {#ext-comp-FCS_IPSEC_EXT.1.3} The [TSF](#abbr_TSF) shall have a nominal, final entry in the The [TSF](#abbr_TSF) shall have a nominal, final entry in the [SPD](#abbr_SPD) that matches anything that is otherwise unmatched, and [SPD](#abbr_SPD) that matches anything that is otherwise unmatched, and discards it. discards it. #### FCS\_IPSEC\_EXT.1.4 {#ext-comp-FCS_IPSEC_EXT.1.4} #### FCS\_IPSEC\_EXT.1.4 {#ext-comp-FCS_IPSEC_EXT.1.4} The [TSF](#abbr_TSF) shall implement the IPsec protocol ESP as defined The [TSF](#abbr_TSF) shall implement the IPsec protocol ESP as defined by [RFC](#abbr_RFC) 4303 using the cryptographic algorithms by [RFC](#abbr_RFC) 4303 using the cryptographic algorithms \[**assignment**: [cryptographic algorithms]{.assignable-content}\] \[**assignment**: [cryptographic algorithms]{.assignable-content}\] together with a Secure Hash Algorithm ([SHA](#abbr_SHA))-based together with a Secure Hash Algorithm ([SHA](#abbr_SHA))-based [HMAC](#abbr_HMAC). [HMAC](#abbr_HMAC). #### FCS\_IPSEC\_EXT.1.5 {#ext-comp-FCS_IPSEC_EXT.1.5} #### FCS\_IPSEC\_EXT.1.5 {#ext-comp-FCS_IPSEC_EXT.1.5} The [TSF](#abbr_TSF) shall implement the protocol: \[**assignment**: The [TSF](#abbr_TSF) shall implement the protocol: \[**assignment**: [key exchange protocol]{.assignable-content}\]. [key exchange protocol]{.assignable-content}\]. #### FCS\_IPSEC\_EXT.1.6 {#ext-comp-FCS_IPSEC_EXT.1.6} #### FCS\_IPSEC\_EXT.1.6 {#ext-comp-FCS_IPSEC_EXT.1.6} The [TSF](#abbr_TSF) shall ensure the encrypted payload in the The [TSF](#abbr_TSF) shall ensure the encrypted payload in the \[**assignment**: [key exchange protocol]{.assignable-content}\] \[**assignment**: [key exchange protocol]{.assignable-content}\] protocol uses the cryptographic algorithms \[**assignment**: protocol uses the cryptographic algorithms \[**assignment**: [cryptographic algorithms]{.assignable-content}\]. [cryptographic algorithms]{.assignable-content}\]. #### FCS\_IPSEC\_EXT.1.7 {#ext-comp-FCS_IPSEC_EXT.1.7} #### FCS\_IPSEC\_EXT.1.7 {#ext-comp-FCS_IPSEC_EXT.1.7} The [TSF](#abbr_TSF) shall ensure that \[**assignment**: [key exchange The [TSF](#abbr_TSF) shall ensure that \[**assignment**: [key exchange protocol lifetime configuration rules]{.assignable-content}\]. protocol lifetime configuration rules]{.assignable-content}\]. #### FCS\_IPSEC\_EXT.1.8 {#ext-comp-FCS_IPSEC_EXT.1.8} #### FCS\_IPSEC\_EXT.1.8 {#ext-comp-FCS_IPSEC_EXT.1.8} The [TSF](#abbr_TSF) shall ensure that all IKE protocols implement The [TSF](#abbr_TSF) shall ensure that all IKE protocols implement [DH](#abbr_DH) groups \[**assignment**: [[DH](#abbr_DH) [DH](#abbr_DH) groups \[**assignment**: [[DH](#abbr_DH) Groups]{.assignable-content}\]. Groups]{.assignable-content}\]. #### FCS\_IPSEC\_EXT.1.9 {#ext-comp-FCS_IPSEC_EXT.1.9} #### FCS\_IPSEC\_EXT.1.9 {#ext-comp-FCS_IPSEC_EXT.1.9} The [TSF](#abbr_TSF) shall generate the secret value x used in the IKE The [TSF](#abbr_TSF) shall generate the secret value x used in the IKE Diffie-Hellman key exchange ("x" in gx mod p) using the random bit Diffie-Hellman key exchange ("x" in gx mod p) using the random bit generator specified in [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1), and having a generator specified in [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1), and having a length of at least \[**assignment**: [(one or more) number(s) of bits length of at least \[**assignment**: [(one or more) number(s) of bits that is at least twice the "bits of security" value associated with the that is at least twice the "bits of security" value associated with the negotiated Diffie-Hellman group as listed in Table 2 of negotiated Diffie-Hellman group as listed in Table 2 of [NIST](#abbr_NIST) SP 800-57, Recommendation for Key Management -- Part [NIST](#abbr_NIST) SP 800-57, Recommendation for Key Management -- Part 1: General]{.assignable-content}\] bits. 1: General]{.assignable-content}\] bits. #### FCS\_IPSEC\_EXT.1.10 {#ext-comp-FCS_IPSEC_EXT.1.10} #### FCS\_IPSEC\_EXT.1.10 {#ext-comp-FCS_IPSEC_EXT.1.10} The [TSF](#abbr_TSF) shall generate nonces used in IKE exchanges in a The [TSF](#abbr_TSF) shall generate nonces used in IKE exchanges in a manner such that the probability that a specific nonce value will be manner such that the probability that a specific nonce value will be repeated during the life a specific IPsec [SA](#abbr_SA) is less than 1 repeated during the life a specific IPsec [SA](#abbr_SA) is less than 1 in 2\^\[**assignment**: [(one or more) "bits of security" value(s) in 2\^\[**assignment**: [(one or more) "bits of security" value(s) associated with the negotiated Diffie-Hellman group as listed in Table 2 associated with the negotiated Diffie-Hellman group as listed in Table 2 of [NIST](#abbr_NIST) SP 800-57, Recommendation for Key Management -- of [NIST](#abbr_NIST) SP 800-57, Recommendation for Key Management -- Part 1: General]{.assignable-content}\]. Part 1: General]{.assignable-content}\]. #### FCS\_IPSEC\_EXT.1.11 {#ext-comp-FCS_IPSEC_EXT.1.11} #### FCS\_IPSEC\_EXT.1.11 {#ext-comp-FCS_IPSEC_EXT.1.11} The [TSF](#abbr_TSF) shall ensure that all IKE protocols perform peer The [TSF](#abbr_TSF) shall ensure that all IKE protocols perform peer authentication using a \[**assignment**: [IKE peer authentication authentication using a \[**assignment**: [IKE peer authentication algorithm]{.assignable-content}\] that use X.509v3 certificates that algorithm]{.assignable-content}\] that use X.509v3 certificates that conform to [RFC](#abbr_RFC) 4945 and \[**assignment**: [other IKE peer conform to [RFC](#abbr_RFC) 4945 and \[**assignment**: [other IKE peer authentication mechanism]{.assignable-content}\]. authentication mechanism]{.assignable-content}\]. #### FCS\_IPSEC\_EXT.1.12 {#ext-comp-FCS_IPSEC_EXT.1.12} #### FCS\_IPSEC\_EXT.1.12 {#ext-comp-FCS_IPSEC_EXT.1.12} The [TSF](#abbr_TSF) shall not establish an [SA](#abbr_SA) if the The [TSF](#abbr_TSF) shall not establish an [SA](#abbr_SA) if the \[**assignment**: [specific certificate reference \[**assignment**: [specific certificate reference identifier]{.assignable-content}\] and \[**assignment**: [other identifier]{.assignable-content}\] and \[**assignment**: [other certificate reference identifier type]{.assignable-content}\] contained certificate reference identifier type]{.assignable-content}\] contained in a certificate does not match the expected value(s) for the entity in a certificate does not match the expected value(s) for the entity attempting to establish a connection. attempting to establish a connection. #### FCS\_IPSEC\_EXT.1.13 {#ext-comp-FCS_IPSEC_EXT.1.13} #### FCS\_IPSEC\_EXT.1.13 {#ext-comp-FCS_IPSEC_EXT.1.13} The [TSF](#abbr_TSF) shall not establish an [SA](#abbr_SA) if the The [TSF](#abbr_TSF) shall not establish an [SA](#abbr_SA) if the presented identifier does not match the configured reference identifier presented identifier does not match the configured reference identifier of the peer. of the peer. #### FCS\_IPSEC\_EXT.1.14 {#ext-comp-FCS_IPSEC_EXT.1.14} #### FCS\_IPSEC\_EXT.1.14 {#ext-comp-FCS_IPSEC_EXT.1.14} The \[**assignment**: [configuring entity]{.assignable-content}\] shall The \[**assignment**: [configuring entity]{.assignable-content}\] shall be able to ensure by default that the strength of the symmetric be able to ensure by default that the strength of the symmetric algorithm (in terms of the number of bits in the key) negotiated to algorithm (in terms of the number of bits in the key) negotiated to protect the \[**assignment**: [connection type]{.assignable-content}\] protect the \[**assignment**: [connection type]{.assignable-content}\] connection is greater than or equal to the strength of the symmetric connection is greater than or equal to the strength of the symmetric algorithm (in terms of the number of bits in the key) negotiated to algorithm (in terms of the number of bits in the key) negotiated to protect the \[**assignment**: [connection protect the \[**assignment**: [connection type]{.assignable-content}\]connection. type]{.assignable-content}\]connection. ::: ::: ::: ::: ### C.2.2.5 FCS\_RBG\_EXT Cryptographic Operation (Random Bit Generation) {#ext-comp- ### C.2.2.5 FCS\_RBG\_EXT Cryptographic Operation (Random Bit Generation) {#ext-comp- ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for random bit/number generation. This family defines requirements for random bit/number generation.
#### Component Leveling #### Component Leveling FCS\_RBG\_EXT1 FCS\_RBG\_EXT1 [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1), Random Bit Generation, requires [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1), Random Bit Generation, requires random bit generation to be performed in accordance with selected random bit generation to be performed in accordance with selected standards and seeded by an entropy source. standards and seeded by an entropy source. #### Management: FCS\_RBG\_EXT.1 #### Management: FCS\_RBG\_EXT.1 #### Audit: FCS\_RBG\_EXT.1 #### Audit: FCS\_RBG\_EXT.1 The following actions should be auditable if FAU\_GEN Security audit The following actions should be auditable if FAU\_GEN Security audit data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): a. Failure of the randomization process. a. Failure of the randomization process. #### FCS\_RBG\_EXT.1 Random Bit Generation #### FCS\_RBG\_EXT.1 Random Bit Generation ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ FCS\_COP.1 Cryptographic Operation FCS\_COP.1 Cryptographic Operation #### FCS\_RBG\_EXT.1.1 {#ext-comp-FCS_RBG_EXT.1.1} #### FCS\_RBG\_EXT.1.1 {#ext-comp-FCS_RBG_EXT.1.1} The [TSF](#abbr_TSF) shall perform all deterministic random bit The [TSF](#abbr_TSF) shall perform all deterministic random bit generation services in accordance with [ISO](#abbr_ISO)/[IEC](#abbr_IEC) generation services in accordance with [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 18031:2011 using \[**assignment**: [[DRBG](#abbr_DRBG) 18031:2011 using \[**assignment**: [[DRBG](#abbr_DRBG) type]{.assignable-content}\]. type]{.assignable-content}\]. #### FCS\_RBG\_EXT.1.2 {#ext-comp-FCS_RBG_EXT.1.2} #### FCS\_RBG\_EXT.1.2 {#ext-comp-FCS_RBG_EXT.1.2} The deterministic [RBG](#abbr_RBG) shall be seeded by at least one The deterministic [RBG](#abbr_RBG) shall be seeded by at least one entropy source in accordance with [NIST](#abbr_NIST) SP 800-90B that entropy source in accordance with [NIST](#abbr_NIST) SP 800-90B that accumulates entropy from \[**assignment**: [seed accumulates entropy from \[**assignment**: [seed source]{.assignable-content}\] with a minimum of \[**assignment**: [bits source]{.assignable-content}\] with a minimum of \[**assignment**: [bits of entropy]{.assignable-content}\] bits of entropy at least equal to the of entropy]{.assignable-content}\] bits of entropy at least equal to the greatest security strength, according to greatest security strength, according to [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 18031:2011, of the keys and CSPs that [ISO](#abbr_ISO)/[IEC](#abbr_IEC) 18031:2011, of the keys and CSPs that it will generate. it will generate. #### FCS\_RBG\_EXT.1.3 {#ext-comp-FCS_RBG_EXT.1.3} #### FCS\_RBG\_EXT.1.3 {#ext-comp-FCS_RBG_EXT.1.3} The [TSF](#abbr_TSF) shall be capable of providing output of the The [TSF](#abbr_TSF) shall be capable of providing output of the [RBG](#abbr_RBG) to tenant software on the [TOE](#abbr_TOE) that request [RBG](#abbr_RBG) to tenant software on the [TOE](#abbr_TOE) that request random bits. random bits. ::: ::: ::: ::: ### C.2.2.6 FCS\_SLT\_EXT Cryptographic Salt Generation {#ext-comp-FCS_SLT_EXT .index ### C.2.2.6 FCS\_SLT\_EXT Cryptographic Salt Generation {#ext-comp-FCS_SLT_EXT .index ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for cryptographic salt generation. This family defines requirements for cryptographic salt generation.
#### Component Leveling #### Component Leveling FCS\_SLT\_EXT1 FCS\_SLT\_EXT1 [FCS\_SLT\_EXT.1](#FCS_SLT_EXT.1), Cryptographic Salt Generation, [FCS\_SLT\_EXT.1](#FCS_SLT_EXT.1), Cryptographic Salt Generation, requires the [TSF](#abbr_TSF) to generate salt values in a specified requires the [TSF](#abbr_TSF) to generate salt values in a specified manner. manner. #### Management: FCS\_SLT\_EXT.1 #### Management: FCS\_SLT\_EXT.1 #### Audit: FCS\_SLT\_EXT.1 #### Audit: FCS\_SLT\_EXT.1 #### FCS\_SLT\_EXT.1 Cryptographic Salt Generation #### FCS\_SLT\_EXT.1 Cryptographic Salt Generation ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) Cryptographic Operation (Random Bit [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) Cryptographic Operation (Random Bit Generation) Generation) #### FCS\_SLT\_EXT.1.1 {#ext-comp-FCS_SLT_EXT.1.1} #### FCS\_SLT\_EXT.1.1 {#ext-comp-FCS_SLT_EXT.1.1} The [TSF](#abbr_TSF) shall use salts and nonces generated by an The [TSF](#abbr_TSF) shall use salts and nonces generated by an [RBG](#abbr_RBG) as specified in [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1). [RBG](#abbr_RBG) as specified in [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1). ::: ::: ::: ::: ### C.2.2.7 FCS\_STG\_EXT Cryptographic Key Storage {#ext-comp-FCS_STG_EXT .indexable ### C.2.2.7 FCS\_STG\_EXT Cryptographic Key Storage {#ext-comp-FCS_STG_EXT .indexable ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for ensuring the protection of keys and This family defines requirements for ensuring the protection of keys and secrets. secrets.
#### Component Leveling #### Component Leveling FCS\_STG\_EXT123 FCS\_STG\_EXT123 [FCS\_STG\_EXT.1](#FCS_STG_EXT.1), Protected Storage, requires the [FCS\_STG\_EXT.1](#FCS_STG_EXT.1), Protected Storage, requires the [TSF](#abbr_TSF) to enforce protected storage for keys and secrets so [TSF](#abbr_TSF) to enforce protected storage for keys and secrets so that they cannot be accessed or destroyed without authorization. that they cannot be accessed or destroyed without authorization. [FCS\_STG\_EXT.2](#FCS_STG_EXT.2), Key Storage Encryption, requires the [FCS\_STG\_EXT.2](#FCS_STG_EXT.2), Key Storage Encryption, requires the [TSF](#abbr_TSF) to ensure the confidentiality of stored data using a [TSF](#abbr_TSF) to ensure the confidentiality of stored data using a specified method. specified method. [FCS\_STG\_EXT.3](#FCS_STG_EXT.3), Key Integrity Protection, requires [FCS\_STG\_EXT.3](#FCS_STG_EXT.3), Key Integrity Protection, requires the [TSF](#abbr_TSF) to ensure the integrity of stored data using a the [TSF](#abbr_TSF) to ensure the integrity of stored data using a specified method. specified method. #### Management: FCS\_STG\_EXT.1 #### Management: FCS\_STG\_EXT.1 The following actions could be considered for the management functions The following actions could be considered for the management functions in FMT: in FMT: - Ability to manage import and export keys/secrets to and from - Ability to manage import and export keys/secrets to and from protected storage. protected storage. #### Audit: FCS\_STG\_EXT.1 #### Audit: FCS\_STG\_EXT.1 #### FCS\_STG\_EXT.1 Protected Storage #### FCS\_STG\_EXT.1 Protected Storage ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ [FCS\_CKM.4](#FCS_CKM.4) Cryptographic Key Destruction [FCS\_CKM.4](#FCS_CKM.4) Cryptographic Key Destruction #### FCS\_STG\_EXT.1.1 {#ext-comp-FCS_STG_EXT.1.1} #### FCS\_STG\_EXT.1.1 {#ext-comp-FCS_STG_EXT.1.1} The [TSF](#abbr_TSF) shall provide \[**assignment**: [protected storage The [TSF](#abbr_TSF) shall provide \[**assignment**: [protected storage type]{.assignable-content}\] protected storage for asymmetric private type]{.assignable-content}\] protected storage for asymmetric private keys and \[**assignment**: [secrets to be keys and \[**assignment**: [secrets to be stored]{.assignable-content}\]. stored]{.assignable-content}\]. #### FCS\_STG\_EXT.1.2 {#ext-comp-FCS_STG_EXT.1.2} #### FCS\_STG\_EXT.1.2 {#ext-comp-FCS_STG_EXT.1.2} The [TSF](#abbr_TSF) shall support the capability of \[**assignment**: The [TSF](#abbr_TSF) shall support the capability of \[**assignment**: [capability for acquiring keys]{.assignable-content}\] upon request of [capability for acquiring keys]{.assignable-content}\] upon request of \[**assignment**: [entity requesting storage]{.assignable-content}\]. \[**assignment**: [entity requesting storage]{.assignable-content}\]. #### FCS\_STG\_EXT.1.3 {#ext-comp-FCS_STG_EXT.1.3} #### FCS\_STG\_EXT.1.3 {#ext-comp-FCS_STG_EXT.1.3} The [TSF](#abbr_TSF) shall be capable of destroying keys/secrets in the The [TSF](#abbr_TSF) shall be capable of destroying keys/secrets in the protected storage upon request of \[**assignment**: [authorized protected storage upon request of \[**assignment**: [authorized subject]{.assignable-content}\]. subject]{.assignable-content}\]. ::: ::: #### Management: FCS\_STG\_EXT.2 #### Management: FCS\_STG\_EXT.2 #### Audit: FCS\_STG\_EXT.2 #### Audit: FCS\_STG\_EXT.2 #### FCS\_STG\_EXT.2 Key Storage Encryption #### FCS\_STG\_EXT.2 Key Storage Encryption ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ FCS\_COP.1 Cryptographic Operation\ FCS\_COP.1 Cryptographic Operation\ [FCS\_STG\_EXT.1](#FCS_STG_EXT.1) Protected Storage [FCS\_STG\_EXT.1](#FCS_STG_EXT.1) Protected Storage #### FCS\_STG\_EXT.2.1 {#ext-comp-FCS_STG_EXT.2.1} #### FCS\_STG\_EXT.2.1 {#ext-comp-FCS_STG_EXT.2.1} The [TSF](#abbr_TSF) shall encrypt \[**assignment**: [types of key The [TSF](#abbr_TSF) shall encrypt \[**assignment**: [types of key material]{.assignable-content}\] using \[**assignment**: [cryptographic material]{.assignable-content}\] using \[**assignment**: [cryptographic algorithm]{.assignable-content}\]. algorithm]{.assignable-content}\]. ::: ::: #### Management: FCS\_STG\_EXT.3 #### Management: FCS\_STG\_EXT.3 #### Audit: FCS\_STG\_EXT.3 #### Audit: FCS\_STG\_EXT.3 #### FCS\_STG\_EXT.3 Key Integrity Protection #### FCS\_STG\_EXT.3 Key Integrity Protection ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ FCS\_COP.1 Cryptographic Operation FCS\_COP.1 Cryptographic Operation #### FCS\_STG\_EXT.3.1 {#ext-comp-FCS_STG_EXT.3.1} #### FCS\_STG\_EXT.3.1 {#ext-comp-FCS_STG_EXT.3.1} The [TSF](#abbr_TSF) shall protect the integrity of any encrypted The [TSF](#abbr_TSF) shall protect the integrity of any encrypted \[**assignment**: [types of key material]{.assignable-content}\] by \[**assignment**: [types of key material]{.assignable-content}\] by using \[**assignment**: [integrity protection using \[**assignment**: [integrity protection mechanism]{.assignable-content}\]. mechanism]{.assignable-content}\]. #### FCS\_STG\_EXT.3.2 {#ext-comp-FCS_STG_EXT.3.2} #### FCS\_STG\_EXT.3.2 {#ext-comp-FCS_STG_EXT.3.2} The [TSF](#abbr_TSF) shall verify the integrity of the \[**selection**: The [TSF](#abbr_TSF) shall verify the integrity of the \[**selection**: *digital signature*, *[MAC](#abbr_MAC)*\] of the stored key prior to use *digital signature*, *[MAC](#abbr_MAC)*\] of the stored key prior to use of the key. of the key. ::: ::: ::: ::: ### C.2.3 Class: User Data Protection (FDP) {#ext-comp-FDP .indexable data-level="3"} ### C.2.3 Class: User Data Protection (FDP) {#ext-comp-FDP .indexable data-level="3"} This [PP](#abbr_PP) defines the following extended components as part of This [PP](#abbr_PP) defines the following extended components as part of the FDP class originally defined by [CC](#abbr_CC) Part 2: the FDP class originally defined by [CC](#abbr_CC) Part 2: ### C.2.3.1 FDP\_ITC\_EXT Key Import {#ext-comp-FDP_ITC_EXT .indexable data-level="4" ### C.2.3.1 FDP\_ITC\_EXT Key Import {#ext-comp-FDP_ITC_EXT .indexable data-level="4" ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for importing cryptographic keys and This family defines requirements for importing cryptographic keys and credentials into the [TOE](#abbr_TOE). credentials into the [TOE](#abbr_TOE).
#### Component Leveling #### Component Leveling FDP\_ITC\_EXT1 FDP\_ITC\_EXT1 [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1), Key/Credential Import, requires the [FDP\_ITC\_EXT.1](#FDP_ITC_EXT.1), Key/Credential Import, requires the [TSF](#abbr_TSF) to implement one or more means for importing keys and [TSF](#abbr_TSF) to implement one or more means for importing keys and credentials into the [TOE](#abbr_TOE), which are not addressed by the credentials into the [TOE](#abbr_TOE), which are not addressed by the FDP\_ITC component. FDP\_ITC component. #### Management: FDP\_ITC\_EXT.1 #### Management: FDP\_ITC\_EXT.1 #### Audit: FDP\_ITC\_EXT.1 #### Audit: FDP\_ITC\_EXT.1 #### FDP\_ITC\_EXT.1 Key/Credential Import #### FDP\_ITC\_EXT.1 Key/Credential Import ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ FCS\_COP.1 Cryptographic Operation\ FCS\_COP.1 Cryptographic Operation\ [FCS\_STG\_EXT.1](#FCS_STG_EXT.1) Key Storage Encryption\ [FCS\_STG\_EXT.1](#FCS_STG_EXT.1) Key Storage Encryption\ [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1) Trusted Channel Communications\ [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1) Trusted Channel Communications\ [FTP\_ITE\_EXT.1](#FTP_ITE_EXT.1) Encrypted Data Communications\ [FTP\_ITE\_EXT.1](#FTP_ITE_EXT.1) Encrypted Data Communications\ [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1) Physically Protected Channel [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1) Physically Protected Channel #### FDP\_ITC\_EXT.1.1 {#ext-comp-FDP_ITC_EXT.1.1} #### FDP\_ITC\_EXT.1.1 {#ext-comp-FDP_ITC_EXT.1.1} The [TSF](#abbr_TSF) shall support importing keys/key material using The [TSF](#abbr_TSF) shall support importing keys/key material using \[**assignment**: [import mechanism]{.assignable-content}\]. \[**assignment**: [import mechanism]{.assignable-content}\]. #### FDP\_ITC\_EXT.1.2 {#ext-comp-FDP_ITC_EXT.1.2} #### FDP\_ITC\_EXT.1.2 {#ext-comp-FDP_ITC_EXT.1.2} The [TSF](#abbr_TSF) shall verify the integrity of imported keys/key The [TSF](#abbr_TSF) shall verify the integrity of imported keys/key material using \[**assignment**: [integrity verification material using \[**assignment**: [integrity verification method]{.assignable-content}\]. method]{.assignable-content}\]. ::: ::: ::: ::: ### C.2.3.2 FDP\_TEE\_EXT Trusted Execution Environment {#ext-comp-FDP_TEE_EXT .index ### C.2.3.2 FDP\_TEE\_EXT Trusted Execution Environment {#ext-comp-FDP_TEE_EXT .index ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for Trusted Execution Environments This family defines requirements for Trusted Execution Environments implemented by the [TOE](#abbr_TOE) for the use of tenant software. implemented by the [TOE](#abbr_TOE) for the use of tenant software.
#### Component Leveling #### Component Leveling FDP\_TEE\_EXT1 FDP\_TEE\_EXT1 [FDP\_TEE\_EXT.1](#FDP_TEE_EXT.1), Trusted Execution Environment for [FDP\_TEE\_EXT.1](#FDP_TEE_EXT.1), Trusted Execution Environment for Tenant Software, requires the [TSF](#abbr_TSF) to implement a trusted Tenant Software, requires the [TSF](#abbr_TSF) to implement a trusted execution environment for the use of tenant software. execution environment for the use of tenant software. #### Management: FDP\_TEE\_EXT.1 #### Management: FDP\_TEE\_EXT.1 #### Audit: FDP\_TEE\_EXT.1 #### Audit: FDP\_TEE\_EXT.1 #### FDP\_TEE\_EXT.1 Trusted Execution Environment for Tenant Software #### FDP\_TEE\_EXT.1 Trusted Execution Environment for Tenant Software ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to: No dependencies. Dependencies to: No dependencies. #### FDP\_TEE\_EXT.1.1 {#ext-comp-FDP_TEE_EXT.1.1} #### FDP\_TEE\_EXT.1.1 {#ext-comp-FDP_TEE_EXT.1.1} The [TSF](#abbr_TSF) shall implement a trusted execution environment The [TSF](#abbr_TSF) shall implement a trusted execution environment that conforms to the following standard: \[**assignment**: [Trusted that conforms to the following standard: \[**assignment**: [Trusted Execution Environment standard]{.assignable-content}\] and make this Execution Environment standard]{.assignable-content}\] and make this [TEE](#abbr_TEE) available to tenant software. [TEE](#abbr_TEE) available to tenant software. ::: ::: ::: ::: ### C.2.4 Class: Identification and Authentication (FIA) {#ext-comp-FIA .indexable da ### C.2.4 Class: Identification and Authentication (FIA) {#ext-comp-FIA .indexable da This [PP](#abbr_PP) defines the following extended components as part of This [PP](#abbr_PP) defines the following extended components as part of the FIA class originally defined by [CC](#abbr_CC) Part 2: the FIA class originally defined by [CC](#abbr_CC) Part 2: ### C.2.4.1 FIA\_AFL\_EXT Authentication Failure Handling {#ext-comp-FIA_AFL_EXT .ind ### C.2.4.1 FIA\_AFL\_EXT Authentication Failure Handling {#ext-comp-FIA_AFL_EXT .ind ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for the [TOE](#abbr_TOE)'s behavior This family defines requirements for the [TOE](#abbr_TOE)'s behavior when repeated failed attempts to gain authorization to access when repeated failed attempts to gain authorization to access [TSF](#abbr_TSF) data occur. [TSF](#abbr_TSF) data occur.
#### Component Leveling #### Component Leveling FIA\_AFL\_EXT1 FIA\_AFL\_EXT1 [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1), Authentication Failure Handling, [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1), Authentication Failure Handling, requires the [TSF](#abbr_TSF) to monitor authorization attempts, requires the [TSF](#abbr_TSF) to monitor authorization attempts, including counting and limiting the number of attempts at failed or including counting and limiting the number of attempts at failed or passed authorizations. This extended component permits considerably more passed authorizations. This extended component permits considerably more flexibility for dealing with multiple authentication mechanisms than flexibility for dealing with multiple authentication mechanisms than FIA\_AFL. FIA\_AFL. #### Management: FIA\_AFL\_EXT.1 #### Management: FIA\_AFL\_EXT.1 The following actions could be considered for the management functions The following actions could be considered for the management functions in FMT: in FMT: - Set authorization failure parameters - Set authorization failure parameters #### Audit: FIA\_AFL\_EXT.1 #### Audit: FIA\_AFL\_EXT.1 If [FAU\_GEN.1](#FAU_GEN.1) is included in the [ST](#abbr_ST), then the If [FAU\_GEN.1](#FAU_GEN.1) is included in the [ST](#abbr_ST), then the following audit events should be considered: following audit events should be considered: - Administrator authentication failures. - Administrator authentication failures. #### FIA\_AFL\_EXT.1 Authentication Failure Handling #### FIA\_AFL\_EXT.1 Authentication Failure Handling ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ [FCS\_CKM\_EXT.4](#FCS_CKM_EXT.4) Key Destruction\ [FCS\_CKM\_EXT.4](#FCS_CKM_EXT.4) Key Destruction\ FIA\_SMF.1 Specification of Management Functions FIA\_SMF.1 Specification of Management Functions #### FIA\_AFL\_EXT.1.1 {#ext-comp-FIA_AFL_EXT.1.1} #### FIA\_AFL\_EXT.1.1 {#ext-comp-FIA_AFL_EXT.1.1} The [TSF](#abbr_TSF) shall consider password and \[**assignment**: The [TSF](#abbr_TSF) shall consider password and \[**assignment**: [other authentication mechanisms]{.assignable-content}\] as critical [other authentication mechanisms]{.assignable-content}\] as critical authentication mechanisms.\\\\ authentication mechanisms.\\\\ #### FIA\_AFL\_EXT.1.2 {#ext-comp-FIA_AFL_EXT.1.2} #### FIA\_AFL\_EXT.1.2 {#ext-comp-FIA_AFL_EXT.1.2} The [TSF](#abbr_TSF) shall detect when a configurable positive integer The [TSF](#abbr_TSF) shall detect when a configurable positive integer within \[**assignment**: [range of acceptable values for each within \[**assignment**: [range of acceptable values for each authentication mechanism]{.assignable-content}\] of \[**selection**: | authentication mechanism]{.assignable-content}\] of \[**selection, *unique*, *non-unique*\] unsuccessful authentication attempts occur | choose one of**: *unique*, *non-unique*\] unsuccessful authentication related to last successful authentication for each authentication | attempts occur related to last successful authentication for each mechanism. | authentication mechanism. #### FIA\_AFL\_EXT.1.3 {#ext-comp-FIA_AFL_EXT.1.3} #### FIA\_AFL\_EXT.1.3 {#ext-comp-FIA_AFL_EXT.1.3} The [TSF](#abbr_TSF) shall maintain the number of unsuccessful The [TSF](#abbr_TSF) shall maintain the number of unsuccessful authentication attempts that have occurred upon power off. authentication attempts that have occurred upon power off. #### FIA\_AFL\_EXT.1.4 {#ext-comp-FIA_AFL_EXT.1.4} #### FIA\_AFL\_EXT.1.4 {#ext-comp-FIA_AFL_EXT.1.4} When the defined number of unsuccessful authentication attempts has When the defined number of unsuccessful authentication attempts has exceeded the maximum allowed for a given authentication mechanism, all exceeded the maximum allowed for a given authentication mechanism, all future authentication attempts shall be limited to other available future authentication attempts shall be limited to other available authentication mechanisms, unless the given mechanism is designated as a authentication mechanisms, unless the given mechanism is designated as a critical authentication mechanism. critical authentication mechanism. #### FIA\_AFL\_EXT.1.5 {#ext-comp-FIA_AFL_EXT.1.5} #### FIA\_AFL\_EXT.1.5 {#ext-comp-FIA_AFL_EXT.1.5} When the defined number of unsuccessful authentication attempts for the When the defined number of unsuccessful authentication attempts for the last available authentication mechanism or a critical authentication last available authentication mechanism or a critical authentication mechanism has been surpassed, the [TSF](#abbr_TSF) shall mechanism has been surpassed, the [TSF](#abbr_TSF) shall \[**selection**: \[**selection**: - *perform a wipe of all protected data*, - *perform a wipe of all protected data*, - *exclude the current User/Administrator from further authentication - *exclude the current User/Administrator from further authentication attempts*, attempts*, - *exclude the current User/Administrator from further authentication - *exclude the current User/Administrator from further authentication attempts for a period of \[**assignment**: [greater than zero attempts for a period of \[**assignment**: [greater than zero seconds]{.assignable-content}\] time* seconds]{.assignable-content}\] time* \]. \]. #### FIA\_AFL\_EXT.1.6 {#ext-comp-FIA_AFL_EXT.1.6} #### FIA\_AFL\_EXT.1.6 {#ext-comp-FIA_AFL_EXT.1.6} The [TSF](#abbr_TSF) shall increment the number of unsuccessful The [TSF](#abbr_TSF) shall increment the number of unsuccessful authentication attempts prior to notifying the user that the authentication attempts prior to notifying the user that the authentication was unsuccessful. authentication was unsuccessful. ::: ::: ::: ::: ### C.2.4.2 FIA\_PMG\_EXT Password Management {#ext-comp-FIA_PMG_EXT .indexable data- ### C.2.4.2 FIA\_PMG\_EXT Password Management {#ext-comp-FIA_PMG_EXT .indexable data- ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for the composition of administrator This family defines requirements for the composition of administrator passwords. passwords.
#### Component Leveling #### Component Leveling FIA\_PMG\_EXT1 FIA\_PMG\_EXT1 [FIA\_PMG\_EXT.1](#FIA_PMG_EXT.1), Password Management, requires the [FIA\_PMG\_EXT.1](#FIA_PMG_EXT.1), Password Management, requires the [TSF](#abbr_TSF) to support passwords with varying composition and [TSF](#abbr_TSF) to support passwords with varying composition and length requirements. length requirements. #### Management: FIA\_PMG\_EXT.1 #### Management: FIA\_PMG\_EXT.1 The following actions could be considered for the management functions The following actions could be considered for the management functions in FMT: in FMT: - Ability to configure password composition and length requirements - Ability to configure password composition and length requirements for authorization of Administrators. for authorization of Administrators. - Ability to manage authentication methods and change default - Ability to manage authentication methods and change default authorization factors authorization factors #### Audit: FIA\_PMG\_EXT.1 #### Audit: FIA\_PMG\_EXT.1 #### FIA\_PMG\_EXT.1 Password Management #### FIA\_PMG\_EXT.1 Password Management ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to: No other components. Dependencies to: No other components. #### FIA\_PMG\_EXT.1.1 {#ext-comp-FIA_PMG_EXT.1.1} #### FIA\_PMG\_EXT.1.1 {#ext-comp-FIA_PMG_EXT.1.1} The [TSF](#abbr_TSF) shall support the following for the Password The [TSF](#abbr_TSF) shall support the following for the Password Authentication Factor: Authentication Factor: 1. Passwords shall be able to be composed of any combination of 1. Passwords shall be able to be composed of any combination of \[**assignment**: [characters sets]{.assignable-content}\], numbers, \[**assignment**: [characters sets]{.assignable-content}\], numbers, and special characters: \[**assignment**: [special and special characters: \[**assignment**: [special characters]{.assignable-content}\]. characters]{.assignable-content}\]. 2. Password length up to \[**assignment**: [an integer greater than or 2. Password length up to \[**assignment**: [an integer greater than or equal to 14]{.assignable-content}\] characters shall be supported. equal to 14]{.assignable-content}\] characters shall be supported. ::: ::: ::: ::: ### C.2.4.3 FIA\_TRT\_EXT Authentication Throttling {#ext-comp-FIA_TRT_EXT .indexable ### C.2.4.3 FIA\_TRT\_EXT Authentication Throttling {#ext-comp-FIA_TRT_EXT .indexable ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for the limiting administrator This family defines requirements for the limiting administrator authentication attempts. authentication attempts.
#### Component Leveling #### Component Leveling FIA\_TRT\_EXT1 FIA\_TRT\_EXT1 [FIA\_TRT\_EXT.1](#FIA_TRT_EXT.1), Authentication Throttling, requires [FIA\_TRT\_EXT.1](#FIA_TRT_EXT.1), Authentication Throttling, requires that the [TSF](#abbr_TSF) enforce a limit on authentication attempts. that the [TSF](#abbr_TSF) enforce a limit on authentication attempts. #### Management: FIA\_TRT\_EXT.1 #### Management: FIA\_TRT\_EXT.1 The following actions could be considered for the management functions The following actions could be considered for the management functions in FMT: in FMT: - Ability to configure an authentication throttling policy for the - Ability to configure an authentication throttling policy for the [TOE](#abbr_TOE). [TOE](#abbr_TOE). #### Audit: FIA\_TRT\_EXT.1 #### Audit: FIA\_TRT\_EXT.1 The following should be considered for auditable events if The following should be considered for auditable events if [FAU\_GEN.1](#FAU_GEN.1) is included in the [ST](#abbr_ST): [FAU\_GEN.1](#FAU_GEN.1) is included in the [ST](#abbr_ST): - Authentication throttling is triggered. - Authentication throttling is triggered. #### FIA\_TRT\_EXT.1 Authentication Throttling #### FIA\_TRT\_EXT.1 Authentication Throttling ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ [FIA\_UAU.5](#FIA_UAU.5) Multiple Authentication Mechanisms [FIA\_UAU.5](#FIA_UAU.5) Multiple Authentication Mechanisms #### FIA\_TRT\_EXT.1.1 {#ext-comp-FIA_TRT_EXT.1.1} #### FIA\_TRT\_EXT.1.1 {#ext-comp-FIA_TRT_EXT.1.1} The [TSF](#abbr_TSF) shall limit automated user authentication attempts The [TSF](#abbr_TSF) shall limit automated user authentication attempts by \[**selection**: *preventing authentication via an external port*, by \[**selection**: *preventing authentication via an external port*, *enforcing a delay between incorrect authentication attempts*\] for all *enforcing a delay between incorrect authentication attempts*\] for all authentication mechanisms selected in [FIA\_UAU.5.1](#FIA_UAU.5.1). authentication mechanisms selected in [FIA\_UAU.5.1](#FIA_UAU.5.1). #### FIA\_TRT\_EXT.1.2 {#ext-comp-FIA_TRT_EXT.1.2} #### FIA\_TRT\_EXT.1.2 {#ext-comp-FIA_TRT_EXT.1.2} The minimum delay between incorrect authentication attempts shall be The minimum delay between incorrect authentication attempts shall be such that no more than 10 attempts can be attempted per 500 such that no more than 10 attempts can be attempted per 500 milliseconds. milliseconds. ::: ::: ::: ::: ### C.2.4.4 FIA\_UIA\_EXT Administrator Identification and Authentication {#ext-comp- ### C.2.4.4 FIA\_UIA\_EXT Administrator Identification and Authentication {#ext-comp- ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for ensuring that access to the This family defines requirements for ensuring that access to the [TSF](#abbr_TSF) is not granted to unauthenticated subjects. [TSF](#abbr_TSF) is not granted to unauthenticated subjects.
#### Component Leveling #### Component Leveling FIA\_UIA\_EXT1 FIA\_UIA\_EXT1 [FIA\_UIA\_EXT.1](#FIA_UIA_EXT.1), Administrator Identification and [FIA\_UIA\_EXT.1](#FIA_UIA_EXT.1), Administrator Identification and Authentication, requires the [TSF](#abbr_TSF) to ensure that all Authentication, requires the [TSF](#abbr_TSF) to ensure that all subjects attempting to perform [TSF](#abbr_TSF)-mediated actions are subjects attempting to perform [TSF](#abbr_TSF)-mediated actions are identified and authenticated prior to authorizing these actions to be identified and authenticated prior to authorizing these actions to be performed. performed. #### Management: FIA\_UIA\_EXT.1 #### Management: FIA\_UIA\_EXT.1 #### Audit: FIA\_UIA\_EXT.1 #### Audit: FIA\_UIA\_EXT.1 The following actions should be auditable if FAU\_GEN Security audit The following actions should be auditable if FAU\_GEN Security audit data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): a. All use of the identification and authentication mechanism. a. All use of the identification and authentication mechanism. #### FIA\_UIA\_EXT.1 Administrator Identification and Authentication #### FIA\_UIA\_EXT.1 Administrator Identification and Authentication ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ [FIA\_UAU.5](#FIA_UAU.5) Multiple Authentication Mechanisms [FIA\_UAU.5](#FIA_UAU.5) Multiple Authentication Mechanisms #### FIA\_UIA\_EXT.1.1 {#ext-comp-FIA_UIA_EXT.1.1} #### FIA\_UIA\_EXT.1.1 {#ext-comp-FIA_UIA_EXT.1.1} The [TSF](#abbr_TSF) shall require Administrators to be successfully The [TSF](#abbr_TSF) shall require Administrators to be successfully identified and authenticated using one of the methods in identified and authenticated using one of the methods in [FIA\_UAU.5](#FIA_UAU.5) before allowing any [TSF](#abbr_TSF)-mediated [FIA\_UAU.5](#FIA_UAU.5) before allowing any [TSF](#abbr_TSF)-mediated management function to be performed by that Administrator. management function to be performed by that Administrator. ::: ::: ::: ::: ### C.2.4.5 FIA\_X509\_EXT X.509 Certificate Handling {#ext-comp-FIA_X509_EXT .indexa ### C.2.4.5 FIA\_X509\_EXT X.509 Certificate Handling {#ext-comp-FIA_X509_EXT .indexa ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for the validation and use of X.509 This family defines requirements for the validation and use of X.509 certificates. certificates.
#### Component Leveling #### Component Leveling FIA\_X509\_EXT12 FIA\_X509\_EXT12 [FIA\_X509\_EXT.1](#FIA_X509_EXT.1), X.509 Certificate Validation, [FIA\_X509\_EXT.1](#FIA_X509_EXT.1), X.509 Certificate Validation, defines how the [TSF](#abbr_TSF) must validate X.509 certificates that defines how the [TSF](#abbr_TSF) must validate X.509 certificates that are presented to it. are presented to it. [FIA\_X509\_EXT.2](#FIA_X509_EXT.2), X.509 Certificate Authentication, [FIA\_X509\_EXT.2](#FIA_X509_EXT.2), X.509 Certificate Authentication, requires the [TSF](#abbr_TSF) to identify the functions for which it requires the [TSF](#abbr_TSF) to identify the functions for which it uses X.509 certificates for authentication uses X.509 certificates for authentication #### Management: FIA\_X509\_EXT.1 #### Management: FIA\_X509\_EXT.1 The following actions could be considered for the management functions The following actions could be considered for the management functions in FMT: in FMT: a. Configuration of certificate revocation checking method. a. Configuration of certificate revocation checking method. #### Audit: FIA\_X509\_EXT.1 #### Audit: FIA\_X509\_EXT.1 The following actions should be auditable if FAU\_GEN Security audit The following actions should be auditable if FAU\_GEN Security audit data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): a. Failure to validate a certificate. a. Failure to validate a certificate. #### FIA\_X509\_EXT.1 X.509 Certificate Validation #### FIA\_X509\_EXT.1 X.509 Certificate Validation ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ FCS\_COP.1 Cryptographic Operation\ FCS\_COP.1 Cryptographic Operation\ [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) Cryptographic Operation (Random Bit [FCS\_RBG\_EXT.1](#FCS_RBG_EXT.1) Cryptographic Operation (Random Bit Generation)\ Generation)\ [FPT\_STM.1](#FPT_STM.1) Reliable Time Stamps [FPT\_STM.1](#FPT_STM.1) Reliable Time Stamps #### FIA\_X509\_EXT.1.1 {#ext-comp-FIA_X509_EXT.1.1} #### FIA\_X509\_EXT.1.1 {#ext-comp-FIA_X509_EXT.1.1} The [TSF](#abbr_TSF) shall validate certificates in accordance with the The [TSF](#abbr_TSF) shall validate certificates in accordance with the following rules: following rules: - [RFC](#abbr_RFC) 5280 certificate validation and certificate path - [RFC](#abbr_RFC) 5280 certificate validation and certificate path validation. validation. - The certificate path must terminate with a trusted certificate. - The certificate path must terminate with a trusted certificate. - The [TOE](#abbr_TOE) shall validate a certificate path by ensuring - The [TOE](#abbr_TOE) shall validate a certificate path by ensuring the presence of the basicConstraints extension, that the CA flag is the presence of the basicConstraints extension, that the CA flag is set to TRUE for all CA certificates, and that any path constraints set to TRUE for all CA certificates, and that any path constraints are met. are met. - The [TSF](#abbr_TSF) shall validate that any CA certificate includes - The [TSF](#abbr_TSF) shall validate that any CA certificate includes caSigning purpose in the key usage field. caSigning purpose in the key usage field. - The [TSF](#abbr_TSF) shall validate revocation status of the - The [TSF](#abbr_TSF) shall validate revocation status of the certificate using \[**selection**: *[OCSP](#abbr_OCSP) as specified certificate using \[**selection**: *[OCSP](#abbr_OCSP) as specified in [RFC](#abbr_RFC) 6960*, *a [CRL](#abbr_CRL) as specified in in [RFC](#abbr_RFC) 6960*, *a [CRL](#abbr_CRL) as specified in [RFC](#abbr_RFC) 8603*, *an [OCSP](#abbr_OCSP) [TLS](#abbr_TLS) [RFC](#abbr_RFC) 8603*, *an [OCSP](#abbr_OCSP) [TLS](#abbr_TLS) Status Request Extension ([OCSP](#abbr_OCSP) stapling) as specified Status Request Extension ([OCSP](#abbr_OCSP) stapling) as specified in [RFC](#abbr_RFC) 6066*, *[OCSP](#abbr_OCSP) [TLS](#abbr_TLS) in [RFC](#abbr_RFC) 6066*, *[OCSP](#abbr_OCSP) [TLS](#abbr_TLS) Multi-Certificate Status Request Extension (i.e., [OCSP](#abbr_OCSP) Multi-Certificate Status Request Extension (i.e., [OCSP](#abbr_OCSP) Multi-Stapling) as specified in [RFC](#abbr_RFC) 6961*\]. Multi-Stapling) as specified in [RFC](#abbr_RFC) 6961*\]. - The [TSF](#abbr_TSF) shall validate the extendedKeyUsage field - The [TSF](#abbr_TSF) shall validate the extendedKeyUsage field according to the following rules: according to the following rules: - Certificates used for trusted updates and executable code - Certificates used for trusted updates and executable code integrity verification shall have the Code Signing Purpose integrity verification shall have the Code Signing Purpose (id-kp 3 with [OID](#abbr_OID) 1.3.6.1.5.5.7.3.3) in the (id-kp 3 with [OID](#abbr_OID) 1.3.6.1.5.5.7.3.3) in the extendedKeyUsage field. extendedKeyUsage field. - Server certificates presented for [TLS](#abbr_TLS) shall have - Server certificates presented for [TLS](#abbr_TLS) shall have the Server Authentication purpose (id-kp 1 with [OID](#abbr_OID) the Server Authentication purpose (id-kp 1 with [OID](#abbr_OID) 1.3.6.1.5.5.7.3.1) in the extendedKeyUsage field. 1.3.6.1.5.5.7.3.1) in the extendedKeyUsage field. - Client certificates presented for [TLS](#abbr_TLS) shall have - Client certificates presented for [TLS](#abbr_TLS) shall have the Client Authentication purpose (id-kp 2 with [OID](#abbr_OID) the Client Authentication purpose (id-kp 2 with [OID](#abbr_OID) 1.3.6.1.5.5.7.3.2) in the EKU field. 1.3.6.1.5.5.7.3.2) in the EKU field. - [OCSP](#abbr_OCSP) certificates presented for [OCSP](#abbr_OCSP) - [OCSP](#abbr_OCSP) certificates presented for [OCSP](#abbr_OCSP) responses shall have the [OCSP](#abbr_OCSP) Signing Purpose responses shall have the [OCSP](#abbr_OCSP) Signing Purpose (id-kp 9 with [OID](#abbr_OID) 1.3.6.1.5.5.7.3.9) in the EKU (id-kp 9 with [OID](#abbr_OID) 1.3.6.1.5.5.7.3.9) in the EKU field. field. #### FIA\_X509\_EXT.1.2 {#ext-comp-FIA_X509_EXT.1.2} #### FIA\_X509\_EXT.1.2 {#ext-comp-FIA_X509_EXT.1.2} The [TSF](#abbr_TSF) shall only treat a certificate as a CA certificate The [TSF](#abbr_TSF) shall only treat a certificate as a CA certificate if the basicConstraints extension is present and the CA flag is set to if the basicConstraints extension is present and the CA flag is set to TRUE. TRUE. ::: ::: #### Management: FIA\_X509\_EXT.2 #### Management: FIA\_X509\_EXT.2 The following actions could be considered for the management functions The following actions could be considered for the management functions in FMT: in FMT: a. Configuration of [TSF](#abbr_TSF) behavior when certificate a. Configuration of [TSF](#abbr_TSF) behavior when certificate revocation status cannot be determined. revocation status cannot be determined. #### Audit: FIA\_X509\_EXT.2 #### Audit: FIA\_X509\_EXT.2 #### FIA\_X509\_EXT.2 X.509 Certificate Authentication #### FIA\_X509\_EXT.2 X.509 Certificate Authentication ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) X.509 Certificate Validation [FIA\_X509\_EXT.1](#FIA_X509_EXT.1) X.509 Certificate Validation #### FIA\_X509\_EXT.2.1 {#ext-comp-FIA_X509_EXT.2.1} #### FIA\_X509\_EXT.2.1 {#ext-comp-FIA_X509_EXT.2.1} The [TSF](#abbr_TSF) shall use X.509v3 certificates as defined by The [TSF](#abbr_TSF) shall use X.509v3 certificates as defined by [RFC](#abbr_RFC) 5280 to support authentication for \[**assignment**: [RFC](#abbr_RFC) 5280 to support authentication for \[**assignment**: [secure transport protocols]{.assignable-content}\], and [secure transport protocols]{.assignable-content}\], and \[**assignment**: [other uses]{.assignable-content}\]. \[**assignment**: [other uses]{.assignable-content}\]. #### FIA\_X509\_EXT.2.2 {#ext-comp-FIA_X509_EXT.2.2} #### FIA\_X509\_EXT.2.2 {#ext-comp-FIA_X509_EXT.2.2} When the [TSF](#abbr_TSF) cannot establish a connection to determine the When the [TSF](#abbr_TSF) cannot establish a connection to determine the validity of a certificate, the [TSF](#abbr_TSF) shall \[**assignment**: validity of a certificate, the [TSF](#abbr_TSF) shall \[**assignment**: [action to take]{.assignable-content}\]. [action to take]{.assignable-content}\]. ::: ::: ::: ::: ### C.2.5 Class: Security Management (FMT) {#ext-comp-FMT .indexable data-level="3"} ### C.2.5 Class: Security Management (FMT) {#ext-comp-FMT .indexable data-level="3"} This [PP](#abbr_PP) defines the following extended components as part of This [PP](#abbr_PP) defines the following extended components as part of the FMT class originally defined by [CC](#abbr_CC) Part 2: the FMT class originally defined by [CC](#abbr_CC) Part 2: ### C.2.5.1 FMT\_CFG\_EXT Secure by Default {#ext-comp-FMT_CFG_EXT .indexable data-le ### C.2.5.1 FMT\_CFG\_EXT Secure by Default {#ext-comp-FMT_CFG_EXT .indexable data-le ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for secure by default configuration of This family defines requirements for secure by default configuration of the [TOE](#abbr_TOE). the [TOE](#abbr_TOE).
#### Component Leveling #### Component Leveling FMT\_CFG\_EXT1 FMT\_CFG\_EXT1 [FMT\_CFG\_EXT.1](#FMT_CFG_EXT.1), Secure by Default Configuration, [FMT\_CFG\_EXT.1](#FMT_CFG_EXT.1), Secure by Default Configuration, requires that default Administrator credentials be changed immediately requires that default Administrator credentials be changed immediately after first use. after first use. #### Management: FMT\_CFG\_EXT.1 #### Management: FMT\_CFG\_EXT.1 #### Audit: FMT\_CFG\_EXT.1 #### Audit: FMT\_CFG\_EXT.1 #### FMT\_CFG\_EXT.1 Secure by Default Configuration #### FMT\_CFG\_EXT.1 Secure by Default Configuration ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ FIA\_UAU.1 Timing of Authentication\ FIA\_UAU.1 Timing of Authentication\ [FMT\_SMR.1](#FMT_SMR.1) Security Roles [FMT\_SMR.1](#FMT_SMR.1) Security Roles #### FMT\_CFG\_EXT.1.1 {#ext-comp-FMT_CFG_EXT.1.1} #### FMT\_CFG\_EXT.1.1 {#ext-comp-FMT_CFG_EXT.1.1} The [TSF](#abbr_TSF) shall enforce that Administrator credentials be The [TSF](#abbr_TSF) shall enforce that Administrator credentials be changed immediately after first use when configured with default changed immediately after first use when configured with default Administrator credentials or with no Administrator credentials. Administrator credentials or with no Administrator credentials. ::: ::: ::: ::: ### C.2.6 Class: Protection of the TSF (FPT) {#ext-comp-FPT .indexable data-level="3" ### C.2.6 Class: Protection of the TSF (FPT) {#ext-comp-FPT .indexable data-level="3" This [PP](#abbr_PP) defines the following extended components as part of This [PP](#abbr_PP) defines the following extended components as part of the FPT class originally defined by [CC](#abbr_CC) Part 2: the FPT class originally defined by [CC](#abbr_CC) Part 2: ### C.2.6.1 FPT\_JTA\_EXT Debug Port Access {#ext-comp-FPT_JTA_EXT .indexable data-le ### C.2.6.1 FPT\_JTA\_EXT Debug Port Access {#ext-comp-FPT_JTA_EXT .indexable data-le ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for access to debug ports during normal This family defines requirements for access to debug ports during normal operation. operation.
#### Component Leveling #### Component Leveling FPT\_JTA\_EXT12 FPT\_JTA\_EXT12 [FPT\_JTA\_EXT.1](#FPT_JTA_EXT.1), [JTAG](#abbr_JTAG)/Debug Port Access, [FPT\_JTA\_EXT.1](#FPT_JTA_EXT.1), [JTAG](#abbr_JTAG)/Debug Port Access, requires that debug ports be accessible only to authorized requires that debug ports be accessible only to authorized Administrators. Administrators. [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2), [JTAG](#abbr_JTAG)/Debug Port [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2), [JTAG](#abbr_JTAG)/Debug Port Disablement, requires that debug ports be disabled. Disablement, requires that debug ports be disabled. #### Management: FPT\_JTA\_EXT.1 #### Management: FPT\_JTA\_EXT.1 #### Audit: FPT\_JTA\_EXT.1 #### Audit: FPT\_JTA\_EXT.1 #### FPT\_JTA\_EXT.1 JTAG/Debug Port Access #### FPT\_JTA\_EXT.1 JTAG/Debug Port Access ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to: No dependencies. Dependencies to: No dependencies. #### FPT\_JTA\_EXT.1.1 {#ext-comp-FPT_JTA_EXT.1.1} #### FPT\_JTA\_EXT.1.1 {#ext-comp-FPT_JTA_EXT.1.1} The [TSF](#abbr_TSF) shall allow access to [JTAG](#abbr_JTAG) or other The [TSF](#abbr_TSF) shall allow access to [JTAG](#abbr_JTAG) or other debug ports only to an authorized Administrator through platform debug ports only to an authorized Administrator through platform firmware or through assertion of physical presence. firmware or through assertion of physical presence. ::: ::: #### Management: FPT\_JTA\_EXT.2 #### Management: FPT\_JTA\_EXT.2 #### Audit: FPT\_JTA\_EXT.2 #### Audit: FPT\_JTA\_EXT.2 #### FPT\_JTA\_EXT.2 JTAG/Debug Port Disablement #### FPT\_JTA\_EXT.2 JTAG/Debug Port Disablement ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to: No dependencies. Dependencies to: No dependencies. #### FPT\_JTA\_EXT.2.1 {#ext-comp-FPT_JTA_EXT.2.1} #### FPT\_JTA\_EXT.2.1 {#ext-comp-FPT_JTA_EXT.2.1} The [TSF](#abbr_TSF) shall \[**selection**: *disable access through | The [TSF](#abbr_TSF) shall \[**selection, choose one of**: *disable hardware*, *control access by a signing key*\] to [JTAG](#abbr_JTAG) or | access through hardware*, *control access by a signing key*\] to other debug interfaces. | [JTAG](#abbr_JTAG) or other debug interfaces. ::: ::: ::: ::: ### C.2.6.2 FPT\_ROT\_EXT Platform Integrity {#ext-comp-FPT_ROT_EXT .indexable data-l ### C.2.6.2 FPT\_ROT\_EXT Platform Integrity {#ext-comp-FPT_ROT_EXT .indexable data-l ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for platform firmware and hardware This family defines requirements for platform firmware and hardware integrity. integrity.
#### Component Leveling #### Component Leveling FPT\_ROT\_EXT123 FPT\_ROT\_EXT123 [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1), Platform Integrity Root, requires [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1), Platform Integrity Root, requires that the platform integrity be anchored in a root of trust. that the platform integrity be anchored in a root of trust. [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2), Platform Integrity Extension, [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2), Platform Integrity Extension, specifies how platform integrity is extended from the integrity root to specifies how platform integrity is extended from the integrity root to other platform firmware. other platform firmware. [FPT\_ROT\_EXT.3](#FPT_ROT_EXT.3), Hardware component integrity, [FPT\_ROT\_EXT.3](#FPT_ROT_EXT.3), Hardware component integrity, requires that the [TOE](#abbr_TOE) support hardware supply chain requires that the [TOE](#abbr_TOE) support hardware supply chain integrity. integrity. #### Management: FPT\_ROT\_EXT.1 #### Management: FPT\_ROT\_EXT.1 #### Audit: FPT\_ROT\_EXT.1 #### Audit: FPT\_ROT\_EXT.1 #### FPT\_ROT\_EXT.1 Platform Integrity Root #### FPT\_ROT\_EXT.1 Platform Integrity Root ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to: No dependencies. Dependencies to: No dependencies. #### FPT\_ROT\_EXT.1.1 {#ext-comp-FPT_ROT_EXT.1.1} #### FPT\_ROT\_EXT.1.1 {#ext-comp-FPT_ROT_EXT.1.1} The integrity of platform firmware shall be rooted in \[**assignment**: The integrity of platform firmware shall be rooted in \[**assignment**: [platform firmware root of trust]{.assignable-content}\]. [platform firmware root of trust]{.assignable-content}\]. ::: ::: #### Management: FPT\_ROT\_EXT.2 #### Management: FPT\_ROT\_EXT.2 The following actions could be considered for the management functions The following actions could be considered for the management functions in FMT: in FMT: - Configuration of action to take on integrity failure. - Configuration of action to take on integrity failure. #### Audit: FPT\_ROT\_EXT.2 #### Audit: FPT\_ROT\_EXT.2 The following actions should be auditable if FAU\_GEN Security audit The following actions should be auditable if FAU\_GEN Security audit data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): - Failure of integrity verification. - Failure of integrity verification. #### FPT\_ROT\_EXT.2 Platform Integrity Extension #### FPT\_ROT\_EXT.2 Platform Integrity Extension ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1) Platform Integrity Root [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1) Platform Integrity Root #### FPT\_ROT\_EXT.2.1 {#ext-comp-FPT_ROT_EXT.2.1} #### FPT\_ROT\_EXT.2.1 {#ext-comp-FPT_ROT_EXT.2.1} The integrity of all mutable platform firmware outside of the platform The integrity of all mutable platform firmware outside of the platform integrity root specified in [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1) shall be integrity root specified in [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1) shall be verified prior to execution or use through: \[**assignment**: [method verified prior to execution or use through: \[**assignment**: [method for extending the platform integrity root]{.assignable-content}\]. for extending the platform integrity root]{.assignable-content}\]. #### FPT\_ROT\_EXT.2.2 {#ext-comp-FPT_ROT_EXT.2.2} #### FPT\_ROT\_EXT.2.2 {#ext-comp-FPT_ROT_EXT.2.2} The [TOE](#abbr_TOE) shall take the following actions if an integrity The [TOE](#abbr_TOE) shall take the following actions if an integrity check specified in [FPT\_ROT\_EXT.2.1](#FPT_ROT_EXT.2.1) fails: check specified in [FPT\_ROT\_EXT.2.1](#FPT_ROT_EXT.2.1) fails: 1. Halt, 1. Halt, 2. Notify an \[**selection**: *Administrator*, *User*\] by 2. Notify an \[**selection**: *Administrator*, *User*\] by \[**assignment**: [notification method]{.assignable-content}\], and \[**assignment**: [notification method]{.assignable-content}\], and 3. \[**selection**: | 3. \[**selection, choose one of**: - *Stop all execution and shut down*, - *Stop all execution and shut down*, - *Initiate a recovery process* - *Initiate a recovery process* \] \] \[**selection**: | \[**selection, choose one of**: - *automatically*, - *automatically*, - *in accordance with Administrator-configurable policy*, - *in accordance with Administrator-configurable policy*, - *by express determination of an \[**selection**: *Administrator*, - *by express determination of an \[**selection**: *Administrator*, *User*\]* *User*\]* \]. \]. ::: ::: #### Management: FPT\_ROT\_EXT.3 #### Management: FPT\_ROT\_EXT.3 The following actions could be considered for the management functions The following actions could be considered for the management functions in FMT: in FMT: - Configuration of action to take on integrity failure. - Configuration of action to take on integrity failure. #### Audit: FPT\_ROT\_EXT.3 #### Audit: FPT\_ROT\_EXT.3 The following actions should be auditable if FAU\_GEN Security audit The following actions should be auditable if FAU\_GEN Security audit data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): - Detection of attempted intrusion. - Detection of attempted intrusion. #### FPT\_ROT\_EXT.3 Hardware component integrity #### FPT\_ROT\_EXT.3 Hardware component integrity ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1) Platform Integrity Root [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1) Platform Integrity Root #### FPT\_ROT\_EXT.3.1 {#ext-comp-FPT_ROT_EXT.3.1} #### FPT\_ROT\_EXT.3.1 {#ext-comp-FPT_ROT_EXT.3.1} Outside of the integrity root specified in Outside of the integrity root specified in [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1), the integrity of \[**assignment**: [FPT\_ROT\_EXT.1](#FPT_ROT_EXT.1), the integrity of \[**assignment**: [critical platform hardware components]{.assignable-content}\] shall be [critical platform hardware components]{.assignable-content}\] shall be verified prior to execution or use through: \[**assignment**: [method verified prior to execution or use through: \[**assignment**: [method for ensuring integrity of platform hardware for ensuring integrity of platform hardware components]{.assignable-content}\]. components]{.assignable-content}\]. #### FPT\_ROT\_EXT.3.2 {#ext-comp-FPT_ROT_EXT.3.2} #### FPT\_ROT\_EXT.3.2 {#ext-comp-FPT_ROT_EXT.3.2} The [TOE](#abbr_TOE) shall take the following actions if an integrity The [TOE](#abbr_TOE) shall take the following actions if an integrity check specified in [FPT\_ROT\_EXT.3.1](#FPT_ROT_EXT.3.1) fails: check specified in [FPT\_ROT\_EXT.3.1](#FPT_ROT_EXT.3.1) fails: 1. Halt, 1. Halt, 2. Notify an \[**selection**: *Administrator*, *User*\] by 2. Notify an \[**selection**: *Administrator*, *User*\] by \[**assignment**: [notification method]{.assignable-content}\], and \[**assignment**: [notification method]{.assignable-content}\], and 3. \[**selection**: | 3. \[**selection, choose one of**: - *Stop all execution and shut down*, - *Stop all execution and shut down*, - *Continue execution without the integrity-compromised - *Continue execution without the integrity-compromised component*, component*, - *Continue execution* - *Continue execution* \] \] \[**selection**: | \[**selection, choose one of**: - *in accordance with administrator-configurable policy*, - *in accordance with administrator-configurable policy*, - *by express determination of an \[**selection**: *Administrator*, - *by express determination of an \[**selection**: *Administrator*, *User*\]* *User*\]* \]. \]. ::: ::: ::: ::: ### C.2.6.3 FPT\_PPF\_EXT Protection of Platform Firmware {#ext-comp-FPT_PPF_EXT .ind ### C.2.6.3 FPT\_PPF\_EXT Protection of Platform Firmware {#ext-comp-FPT_PPF_EXT .ind ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for protecting platform firmware from This family defines requirements for protecting platform firmware from unauthorized update. unauthorized update.
#### Component Leveling #### Component Leveling FPT\_PPF\_EXT1 FPT\_PPF\_EXT1 [FPT\_PPF\_EXT.1](#FPT_PPF_EXT.1), Protection of Platform Firmware and [FPT\_PPF\_EXT.1](#FPT_PPF_EXT.1), Protection of Platform Firmware and Critical Data, requires that the [TSF](#abbr_TSF) prevent platform Critical Data, requires that the [TSF](#abbr_TSF) prevent platform firmware from being modified outside of the update mechanisms defined in firmware from being modified outside of the update mechanisms defined in FPT\_TUD\_EXT. FPT\_TUD\_EXT. #### Management: FPT\_PPF\_EXT.1 #### Management: FPT\_PPF\_EXT.1 #### Audit: FPT\_PPF\_EXT.1 #### Audit: FPT\_PPF\_EXT.1 #### FPT\_PPF\_EXT.1 Protection of Platform Firmware and Critical Data #### FPT\_PPF\_EXT.1 Protection of Platform Firmware and Critical Data ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to: No dependencies. Dependencies to: No dependencies. #### FPT\_PPF\_EXT.1.1 {#ext-comp-FPT_PPF_EXT.1.1} #### FPT\_PPF\_EXT.1.1 {#ext-comp-FPT_PPF_EXT.1.1} The [TSF](#abbr_TSF) shall allow modification of platform firmware only The [TSF](#abbr_TSF) shall allow modification of platform firmware only through the update mechanisms described in through the update mechanisms described in [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1). [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1). ::: ::: ::: ::: ### C.2.6.4 FPT\_RVR\_EXT Platform Firmware Recovery {#ext-comp-FPT_RVR_EXT .indexabl ### C.2.6.4 FPT\_RVR\_EXT Platform Firmware Recovery {#ext-comp-FPT_RVR_EXT .indexabl ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for recovering from a firmware This family defines requirements for recovering from a firmware integrity failure. integrity failure.
#### Component Leveling #### Component Leveling FPT\_RVR\_EXT1 FPT\_RVR\_EXT1 [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1), Platform Firmware Recovery, defines [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1), Platform Firmware Recovery, defines mechanisms for recovering from a platform firmware integrity failure. mechanisms for recovering from a platform firmware integrity failure. #### Management: FPT\_RVR\_EXT.1 #### Management: FPT\_RVR\_EXT.1 The following actions could be considered for the management functions The following actions could be considered for the management functions in FMT: in FMT: - Configuration of action to take on integrity failure. - Configuration of action to take on integrity failure. #### Audit: FPT\_RVR\_EXT.1 #### Audit: FPT\_RVR\_EXT.1 #### FPT\_RVR\_EXT.1 Platform Firmware Recovery #### FPT\_RVR\_EXT.1 Platform Firmware Recovery ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) Secure Local Update Mechanism [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) Secure Local Update Mechanism #### FPT\_RVR\_EXT.1.1 {#ext-comp-FPT_RVR_EXT.1.1} #### FPT\_RVR\_EXT.1.1 {#ext-comp-FPT_RVR_EXT.1.1} The [TSF](#abbr_TSF) shall implement a mechanism for recovering from The [TSF](#abbr_TSF) shall implement a mechanism for recovering from boot firmware failure consisting of \[**assignment**: [recovery boot firmware failure consisting of \[**assignment**: [recovery mechanism]{.assignable-content}\]. mechanism]{.assignable-content}\]. ::: ::: ::: ::: ### C.2.6.5 FPT\_TUD\_EXT Platform Firmware Update {#ext-comp-FPT_TUD_EXT .indexable ### C.2.6.5 FPT\_TUD\_EXT Platform Firmware Update {#ext-comp-FPT_TUD_EXT .indexable ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for updating platform firmware. This family defines requirements for updating platform firmware.
#### Component Leveling #### Component Leveling FPT\_TUD\_EXT1234 FPT\_TUD\_EXT1234 [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1), [TOE](#abbr_TOE) Firmware Update, [FPT\_TUD\_EXT.1](#FPT_TUD_EXT.1), [TOE](#abbr_TOE) Firmware Update, requires that the [TSF](#abbr_TSF) support update of platform firmware. requires that the [TSF](#abbr_TSF) support update of platform firmware. [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2), Platform Firmware Authenticated [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2), Platform Firmware Authenticated Update Mechanism, specifies the requirements for authenticated update of Update Mechanism, specifies the requirements for authenticated update of platform firmware. platform firmware. [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3), Platform Firmware [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3), Platform Firmware Delayed-Authentication Update Mechanism, specifies the requirements for Delayed-Authentication Update Mechanism, specifies the requirements for delayed-authentication update of platform firmware. delayed-authentication update of platform firmware. [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4), Secure Local Platform Firmware Update [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4), Secure Local Platform Firmware Update Mechanism, specifies the requirements for secure local update of Mechanism, specifies the requirements for secure local update of platform firmware. platform firmware. #### Management: FPT\_TUD\_EXT.1 #### Management: FPT\_TUD\_EXT.1 The following actions could be considered for the management functions The following actions could be considered for the management functions in FMT: in FMT: - Initiation of the update process. - Initiation of the update process. #### Audit: FPT\_TUD\_EXT.1 #### Audit: FPT\_TUD\_EXT.1 #### FPT\_TUD\_EXT.1 TOE Firmware Update #### FPT\_TUD\_EXT.1 TOE Firmware Update ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) Platform Firmware Authenticated Update [FPT\_TUD\_EXT.2](#FPT_TUD_EXT.2) Platform Firmware Authenticated Update Mechanism\ Mechanism\ [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) Platform Firmware [FPT\_TUD\_EXT.3](#FPT_TUD_EXT.3) Platform Firmware Delayed-Authentication Update Mechanism\ Delayed-Authentication Update Mechanism\ [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) Secure Local Platform Firmware Update [FPT\_TUD\_EXT.4](#FPT_TUD_EXT.4) Secure Local Platform Firmware Update Mechanism Mechanism #### FPT\_TUD\_EXT.1.1 {#ext-comp-FPT_TUD_EXT.1.1} #### FPT\_TUD\_EXT.1.1 {#ext-comp-FPT_TUD_EXT.1.1} The [TSF](#abbr_TSF) shall implement \[**assignment**: [update The [TSF](#abbr_TSF) shall implement \[**assignment**: [update mechanism]{.assignable-content}\]. mechanism]{.assignable-content}\]. ::: ::: #### Management: FPT\_TUD\_EXT.2 #### Management: FPT\_TUD\_EXT.2 The following actions could be considered for the management functions The following actions could be considered for the management functions in FMT: in FMT: - Configuration of action to take on an update failure. - Configuration of action to take on an update failure. #### Audit: FPT\_TUD\_EXT.2 #### Audit: FPT\_TUD\_EXT.2 The following actions should be auditable if FAU\_GEN Security audit The following actions should be auditable if FAU\_GEN Security audit data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): - Failure of update authentication/integrity check/rollback - Failure of update authentication/integrity check/rollback - Failure of update operation - Failure of update operation - Success of update operation - Success of update operation #### FPT\_TUD\_EXT.2 Platform Firmware Authenticated Update Mechanism #### FPT\_TUD\_EXT.2 Platform Firmware Authenticated Update Mechanism ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ FCS\_COP.1 Cryptographic Operations FCS\_COP.1 Cryptographic Operations #### FPT\_TUD\_EXT.2.1 {#ext-comp-FPT_TUD_EXT.2.1} #### FPT\_TUD\_EXT.2.1 {#ext-comp-FPT_TUD_EXT.2.1} The [TSF](#abbr_TSF) shall authenticate the source of all platform The [TSF](#abbr_TSF) shall authenticate the source of all platform firmware updates using a digital signature algorithm specified in firmware updates using a digital signature algorithm specified in FCS\_COP.1 and using a key store that contains \[**selection**: *the FCS\_COP.1 and using a key store that contains \[**selection**: *the public key*, *hash value of the public key*\]. public key*, *hash value of the public key*\]. #### FPT\_TUD\_EXT.2.2 {#ext-comp-FPT_TUD_EXT.2.2} #### FPT\_TUD\_EXT.2.2 {#ext-comp-FPT_TUD_EXT.2.2} The [TSF](#abbr_TSF) shall allow installation of updates only if the The [TSF](#abbr_TSF) shall allow installation of updates only if the digital signature has been successfully verified as specified in digital signature has been successfully verified as specified in FCS\_COP.1 and \[**assignment**: [additional constraints on FCS\_COP.1 and \[**assignment**: [additional constraints on updates]{.assignable-content}\]. updates]{.assignable-content}\]. #### FPT\_TUD\_EXT.2.3 {#ext-comp-FPT_TUD_EXT.2.3} #### FPT\_TUD\_EXT.2.3 {#ext-comp-FPT_TUD_EXT.2.3} The [TSF](#abbr_TSF) shall include a platform firmware version The [TSF](#abbr_TSF) shall include a platform firmware version identifier that is accessible by the update mechanism and includes identifier that is accessible by the update mechanism and includes information that enables the update mechanism to determine the relative information that enables the update mechanism to determine the relative order of updates. order of updates. #### FPT\_TUD\_EXT.2.4 {#ext-comp-FPT_TUD_EXT.2.4} #### FPT\_TUD\_EXT.2.4 {#ext-comp-FPT_TUD_EXT.2.4} The [TSF](#abbr_TSF) shall provide an observable indication of the The [TSF](#abbr_TSF) shall provide an observable indication of the success or failure of the update operation. success or failure of the update operation. #### FPT\_TUD\_EXT.2.5 {#ext-comp-FPT_TUD_EXT.2.5} #### FPT\_TUD\_EXT.2.5 {#ext-comp-FPT_TUD_EXT.2.5} The [TOE](#abbr_TOE) shall take the following actions if a platform The [TOE](#abbr_TOE) shall take the following actions if a platform firmware integrity, authenticity, or rollback-prevention check fails, or firmware integrity, authenticity, or rollback-prevention check fails, or a platform firmware update fails for any other reason: a platform firmware update fails for any other reason: - Do not install the update, - Do not install the update, - Notify an \[**selection**: *Administrator*, *User*\] by - Notify an \[**selection**: *Administrator*, *User*\] by \[**assignment**: [notification method]{.assignable-content}\], \[**assignment**: [notification method]{.assignable-content}\], and \[**selection**: | and \[**selection, choose one of**: - *Continue execution*, - *Continue execution*, - *Halt*, - *Halt*, - *Stop all execution and shut down*, - *Stop all execution and shut down*, - *Initiate recovery as specified in - *Initiate recovery as specified in [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)* [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)* \] \[**selection**: | \] \[**selection, choose one of**: - *automatically*, - *automatically*, - *in accordance with Administrator-configurable policy*, - *in accordance with Administrator-configurable policy*, - *by express determination of an \[**selection**: *Administrator*, - *by express determination of an \[**selection**: *Administrator*, *User*\]* *User*\]* \]. \]. ::: ::: #### Management: FPT\_TUD\_EXT.3 #### Management: FPT\_TUD\_EXT.3 The following actions could be considered for the management functions The following actions could be considered for the management functions in FMT: in FMT: - Configuration of action to take on an update failure. - Configuration of action to take on an update failure. #### Audit: FPT\_TUD\_EXT.3 #### Audit: FPT\_TUD\_EXT.3 The following actions should be auditable if FAU\_GEN Security audit The following actions should be auditable if FAU\_GEN Security audit data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): - Failure of update authentication/integrity check/rollback - Failure of update authentication/integrity check/rollback - Failure of update operation - Failure of update operation - Success of update operation - Success of update operation #### FPT\_TUD\_EXT.3 Platform Firmware Delayed-Authentication Update Mechanism #### FPT\_TUD\_EXT.3 Platform Firmware Delayed-Authentication Update Mechanism ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to: No dependencies. Dependencies to: No dependencies. #### FPT\_TUD\_EXT.3.1 {#ext-comp-FPT_TUD_EXT.3.1} #### FPT\_TUD\_EXT.3.1 {#ext-comp-FPT_TUD_EXT.3.1} The [TSF](#abbr_TSF) shall allow execution or use of platform firmware The [TSF](#abbr_TSF) shall allow execution or use of platform firmware updates only if new platform firmware is integrity- and updates only if new platform firmware is integrity- and authenticity-checked using the mechanism described in authenticity-checked using the mechanism described in [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) prior to its execution or use, and [FPT\_ROT\_EXT.2](#FPT_ROT_EXT.2) prior to its execution or use, and \[**assignment**: [additional constraints on \[**assignment**: [additional constraints on update]{.assignable-content}\]. update]{.assignable-content}\]. #### FPT\_TUD\_EXT.3.2 {#ext-comp-FPT_TUD_EXT.3.2} #### FPT\_TUD\_EXT.3.2 {#ext-comp-FPT_TUD_EXT.3.2} The [TSF](#abbr_TSF) shall include an observable platform firmware The [TSF](#abbr_TSF) shall include an observable platform firmware version identifier that is accessible by the update mechanism and version identifier that is accessible by the update mechanism and includes information that enables the update mechanism to determine the includes information that enables the update mechanism to determine the relative order of updates. relative order of updates. #### FPT\_TUD\_EXT.3.3 {#ext-comp-FPT_TUD_EXT.3.3} #### FPT\_TUD\_EXT.3.3 {#ext-comp-FPT_TUD_EXT.3.3} The [TSF](#abbr_TSF) shall provide an observable indication of the The [TSF](#abbr_TSF) shall provide an observable indication of the success or failure of the update operation. success or failure of the update operation. #### FPT\_TUD\_EXT.3.4 {#ext-comp-FPT_TUD_EXT.3.4} #### FPT\_TUD\_EXT.3.4 {#ext-comp-FPT_TUD_EXT.3.4} The [TOE](#abbr_TOE) shall take the following actions if a platform The [TOE](#abbr_TOE) shall take the following actions if a platform firmware update integrity, authentication, or rollback-prevention check firmware update integrity, authentication, or rollback-prevention check fails, or a platform firmware update fails for any other reason: fails, or a platform firmware update fails for any other reason: - Notify an \[**selection**: *Administrator*, *User*\] by - Notify an \[**selection**: *Administrator*, *User*\] by \[**assignment**: [notification method]{.assignable-content}\] \[**assignment**: [notification method]{.assignable-content}\] and \[**selection**: | and \[**selection, choose one of**: - *Halt*, - *Halt*, - *Stop all execution and shut down*, - *Stop all execution and shut down*, - *Initiate a recovery process as specified in - *Initiate a recovery process as specified in [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)* [FPT\_RVR\_EXT.1](#FPT_RVR_EXT.1)* \] \[**selection**: | \] \[**selection, choose one of**: - *automatically*, - *automatically*, - *in accordance with administrator-configurable policy*, - *in accordance with administrator-configurable policy*, - *by express determination of an \[**selection**: *Administrator*, - *by express determination of an \[**selection**: *Administrator*, *User*\]* *User*\]* \]. \]. ::: ::: #### Management: FPT\_TUD\_EXT.4 #### Management: FPT\_TUD\_EXT.4 #### Audit: FPT\_TUD\_EXT.4 #### Audit: FPT\_TUD\_EXT.4 #### FPT\_TUD\_EXT.4 Secure Local Platform Firmware Update Mechanism #### FPT\_TUD\_EXT.4 Secure Local Platform Firmware Update Mechanism ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to: No dependencies. Dependencies to: No dependencies. #### FPT\_TUD\_EXT.4.1 {#ext-comp-FPT_TUD_EXT.4.1} #### FPT\_TUD\_EXT.4.1 {#ext-comp-FPT_TUD_EXT.4.1} The [TSF](#abbr_TSF) shall provide a secure local update mechanism that The [TSF](#abbr_TSF) shall provide a secure local update mechanism that requires an assertion of physical access to the [TOE](#abbr_TOE) before requires an assertion of physical access to the [TOE](#abbr_TOE) before installation of an update. installation of an update. #### FPT\_TUD\_EXT.4.2 {#ext-comp-FPT_TUD_EXT.4.2} #### FPT\_TUD\_EXT.4.2 {#ext-comp-FPT_TUD_EXT.4.2} A user shall assert physical presence to the [TSF](#abbr_TSF) through: A user shall assert physical presence to the [TSF](#abbr_TSF) through: \[**assignment**: [method for asserting physical \[**assignment**: [method for asserting physical presence]{.assignable-content}\]. presence]{.assignable-content}\]. #### FPT\_TUD\_EXT.4.3 {#ext-comp-FPT_TUD_EXT.4.3} #### FPT\_TUD\_EXT.4.3 {#ext-comp-FPT_TUD_EXT.4.3} The [TSF](#abbr_TSF) shall include a platform firmware version The [TSF](#abbr_TSF) shall include a platform firmware version identifier that is accessible by the update mechanism or to the user who identifier that is accessible by the update mechanism or to the user who asserts physical presence. asserts physical presence. #### FPT\_TUD\_EXT.4.4 {#ext-comp-FPT_TUD_EXT.4.4} #### FPT\_TUD\_EXT.4.4 {#ext-comp-FPT_TUD_EXT.4.4} The [TSF](#abbr_TSF) shall provide an observable indication of the The [TSF](#abbr_TSF) shall provide an observable indication of the success or failure of the update operation. success or failure of the update operation. ::: ::: ::: ::: ### C.2.7 Class: Trusted Path/Channels (FTP) {#ext-comp-FTP .indexable data-level="3" ### C.2.7 Class: Trusted Path/Channels (FTP) {#ext-comp-FTP .indexable data-level="3" This [PP](#abbr_PP) defines the following extended components as part of This [PP](#abbr_PP) defines the following extended components as part of the FTP class originally defined by [CC](#abbr_CC) Part 2: the FTP class originally defined by [CC](#abbr_CC) Part 2: ### C.2.7.1 FTP\_ITC\_EXT Trusted Channel Communications {#ext-comp-FTP_ITC_EXT .inde ### C.2.7.1 FTP\_ITC\_EXT Trusted Channel Communications {#ext-comp-FTP_ITC_EXT .inde ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for protection of data in transit This family defines requirements for protection of data in transit between the [TOE](#abbr_TOE) and its operational environment. between the [TOE](#abbr_TOE) and its operational environment.
#### Component Leveling #### Component Leveling FTP\_ITC\_EXT1 FTP\_ITC\_EXT1 [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1), Trusted Channel Communication, [FTP\_ITC\_EXT.1](#FTP_ITC_EXT.1), Trusted Channel Communication, requires the [TSF](#abbr_TSF) to implement one or more cryptographic requires the [TSF](#abbr_TSF) to implement one or more cryptographic protocols to secure connectivity between the [TSF](#abbr_TSF) and protocols to secure connectivity between the [TSF](#abbr_TSF) and various external entities. various external entities. #### Management: FTP\_ITC\_EXT.1 #### Management: FTP\_ITC\_EXT.1 The following actions could be considered for the management functions The following actions could be considered for the management functions in FMT: in FMT: a. Ability to configure the cryptographic functionality. a. Ability to configure the cryptographic functionality. #### Audit: FTP\_ITC\_EXT.1 #### Audit: FTP\_ITC\_EXT.1 The following actions should be auditable if FAU\_GEN Security audit The following actions should be auditable if FAU\_GEN Security audit data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): data generation is included in the [PP](#abbr_PP)/[ST](#abbr_ST): a. Initiation of the trusted channel. a. Initiation of the trusted channel. b. Termination of the trusted channel. b. Termination of the trusted channel. c. Failures of the trusted path functions. c. Failures of the trusted path functions. #### FTP\_ITC\_EXT.1 Trusted Channel Communication #### FTP\_ITC\_EXT.1 Trusted Channel Communication ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to: No dependencies. Dependencies to: No dependencies. #### FTP\_ITC\_EXT.1.1 {#ext-comp-FTP_ITC_EXT.1.1} #### FTP\_ITC\_EXT.1.1 {#ext-comp-FTP_ITC_EXT.1.1} The [TSF](#abbr_TSF) shall use \[**assignment**: [trusted channel The [TSF](#abbr_TSF) shall use \[**assignment**: [trusted channel protocols]{.assignable-content}\] protocols with \[**assignment**: protocols]{.assignable-content}\] protocols with \[**assignment**: [authentication mechanism]{.assignable-content}\] to provide a [authentication mechanism]{.assignable-content}\] to provide a communication channel between itself and \[**assignment**: [external communication channel between itself and \[**assignment**: [external [IT](#abbr_IT) entities]{.assignable-content}\] that is logically [IT](#abbr_IT) entities]{.assignable-content}\] that is logically distinct from other communication channels, provides assured distinct from other communication channels, provides assured identification of its end points, protects channel data from disclosure, identification of its end points, protects channel data from disclosure, and detects modification of the channel data. and detects modification of the channel data. ::: ::: ::: ::: ### C.2.7.2 FTP\_ITE\_EXT Encrypted Data Communications {#ext-comp-FTP_ITE_EXT .index ### C.2.7.2 FTP\_ITE\_EXT Encrypted Data Communications {#ext-comp-FTP_ITE_EXT .index ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for encryption of [TSF](#abbr_TSF) data This family defines requirements for encryption of [TSF](#abbr_TSF) data that is transmitted to an external entity over an insecure channel. that is transmitted to an external entity over an insecure channel.
#### Component Leveling #### Component Leveling FTP\_ITE\_EXT1 FTP\_ITE\_EXT1 [FTP\_ITE\_EXT.1](#FTP_ITE_EXT.1), Encrypted Data Communications, [FTP\_ITE\_EXT.1](#FTP_ITE_EXT.1), Encrypted Data Communications, requires the [TSF](#abbr_TSF) to encrypt data in the specified manner requires the [TSF](#abbr_TSF) to encrypt data in the specified manner using key data that is provided to an external entity in the specified using key data that is provided to an external entity in the specified manner. manner. #### Management: FTP\_ITE\_EXT.1 #### Management: FTP\_ITE\_EXT.1 #### Audit: FTP\_ITE\_EXT.1 #### Audit: FTP\_ITE\_EXT.1 #### FTP\_ITE\_EXT.1 Encrypted Data Communications #### FTP\_ITE\_EXT.1 Encrypted Data Communications ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to:\ Dependencies to:\ FCS\_COP.1 Cryptographic Operation FCS\_COP.1 Cryptographic Operation #### FTP\_ITE\_EXT.1.1 {#ext-comp-FTP_ITE_EXT.1.1} #### FTP\_ITE\_EXT.1.1 {#ext-comp-FTP_ITE_EXT.1.1} The [TSF](#abbr_TSF) shall encrypt data for transfer between the The [TSF](#abbr_TSF) shall encrypt data for transfer between the [TOE](#abbr_TOE) and \[**assignment**: [list of entities external to the [TOE](#abbr_TOE) and \[**assignment**: [list of entities external to the [TOE](#abbr_TOE)]{.assignable-content}\] using a cryptographic algorithm [TOE](#abbr_TOE)]{.assignable-content}\] using a cryptographic algorithm and key size as specified in FCS\_COP.1, and using \[**assignment**: and key size as specified in FCS\_COP.1, and using \[**assignment**: [key establishment mechanism]{.assignable-content}\]. [key establishment mechanism]{.assignable-content}\]. ::: ::: ::: ::: ### C.2.7.3 FTP\_ITP\_EXT Physically Protected Channel {#ext-comp-FTP_ITP_EXT .indexa ### C.2.7.3 FTP\_ITP\_EXT Physically Protected Channel {#ext-comp-FTP_ITP_EXT .indexa ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} #### Family Behavior #### Family Behavior
This family defines requirements for use of physically protected This family defines requirements for use of physically protected communications mechanisms. communications mechanisms.
#### Component Leveling #### Component Leveling FTP\_ITP\_EXT1 FTP\_ITP\_EXT1 [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1), Physically Protected Channel, [FTP\_ITP\_EXT.1](#FTP_ITP_EXT.1), Physically Protected Channel, requires the [TSF](#abbr_TSF) to use a physically protected channel for requires the [TSF](#abbr_TSF) to use a physically protected channel for transmission of data to an external entity. transmission of data to an external entity. #### Management: FTP\_ITP\_EXT.1 #### Management: FTP\_ITP\_EXT.1 #### Audit: FTP\_ITP\_EXT.1 #### Audit: FTP\_ITP\_EXT.1 #### FTP\_ITP\_EXT.1 Physically Protected Channel #### FTP\_ITP\_EXT.1 Physically Protected Channel ::: {style="margin-left: 1em;"} ::: {style="margin-left: 1em;"} Hierarchical to: No other components. Hierarchical to: No other components. Dependencies to: No dependencies. Dependencies to: No dependencies. #### FTP\_ITP\_EXT.1.1 {#ext-comp-FTP_ITP_EXT.1.1} #### FTP\_ITP\_EXT.1.1 {#ext-comp-FTP_ITP_EXT.1.1} The [TSF](#abbr_TSF) shall provide a physically protected communication The [TSF](#abbr_TSF) shall provide a physically protected communication channel between itself and \[**assignment**: [list of other channel between itself and \[**assignment**: [list of other [IT](#abbr_IT) entities within the same [IT](#abbr_IT) entities within the same platform]{.assignable-content}\]. platform]{.assignable-content}\]. ::: ::: ::: ::: Appendix D - Implicitly Satisfied Requirements {#satisfiedreqs .indexable data-level= Appendix D - Implicitly Satisfied Requirements {#satisfiedreqs .indexable data-level= ============================================== ============================================== This appendix lists requirements that should be considered satisfied by This appendix lists requirements that should be considered satisfied by products successfully evaluated against this [PP](#abbr_PP). These products successfully evaluated against this [PP](#abbr_PP). These requirements are not featured explicitly as SFRs and should not be requirements are not featured explicitly as SFRs and should not be included in the [ST](#abbr_ST). They are not included as standalone SFRs included in the [ST](#abbr_ST). They are not included as standalone SFRs because it would increase the time, cost, and complexity of evaluation. because it would increase the time, cost, and complexity of evaluation. This approach is permitted by [\[CC\]](#bibCC) Part 1, 8.2 Dependencies This approach is permitted by [\[CC\]](#bibCC) Part 1, 8.2 Dependencies between components. between components. This information benefits systems engineering activities which call for This information benefits systems engineering activities which call for inclusion of particular security controls. Evaluation against the inclusion of particular security controls. Evaluation against the [PP](#abbr_PP) provides evidence that these controls are present and [PP](#abbr_PP) provides evidence that these controls are present and have been evaluated. have been evaluated. . **[Table [16]{.counter}: Implicitly Satisfied . **[Table [16]{.counter}: Implicitly Satisfied Requirements]{#imp-sat-reqs-table .ctr data-myid="imp-sat-reqs-table" Requirements]{#imp-sat-reqs-table .ctr data-myid="imp-sat-reqs-table" data-counter-type="ct-Table"}** data-counter-type="ct-Table"}** ---------------------------------------- ------------------------------------------ ---------------------------------------- ------------------------------------------ Requirement Rationale for Satisfaction Requirement Rationale for Satisfaction FIA\_UAU.1 -- Timing of Authentication [FMT\_CFG\_EXT.1](#FMT_CFG_EXT.1) has a de FIA\_UAU.1 -- Timing of Authentication [FMT\_CFG\_EXT.1](#FMT_CFG_EXT.1) has a de ---------------------------------------- ------------------------------------------ ---------------------------------------- ------------------------------------------ Appendix E - Entropy Documentation and Assessment {#appendix-entropy .indexable data- Appendix E - Entropy Documentation and Assessment {#appendix-entropy .indexable data- ================================================= ================================================= E.1 Design Description {#s-design .indexable data-level="2"} E.1 Design Description {#s-design .indexable data-level="2"} ---------------------- ---------------------- Documentation shall include the design of the entropy source as a whole, Documentation shall include the design of the entropy source as a whole, including the interaction of all entropy source components. It will including the interaction of all entropy source components. It will describe the operation of the entropy source to include how it works, describe the operation of the entropy source to include how it works, how entropy is produced, and how unprocessed (raw) data can be obtained how entropy is produced, and how unprocessed (raw) data can be obtained from within the entropy source for testing purposes. The documentation from within the entropy source for testing purposes. The documentation should walk through the entropy source design indicating where the should walk through the entropy source design indicating where the random comes from, where it is passed next, any post-processing of the random comes from, where it is passed next, any post-processing of the raw outputs (hash, [XOR](#abbr_XOR), etc.), if/where it is stored, and raw outputs (hash, [XOR](#abbr_XOR), etc.), if/where it is stored, and finally, how it is output from the entropy source. Any conditions placed finally, how it is output from the entropy source. Any conditions placed on the process (e.g., blocking) should also be described in the entropy on the process (e.g., blocking) should also be described in the entropy source design. Diagrams and examples are encouraged. source design. Diagrams and examples are encouraged. This design must also include a description of the content of the This design must also include a description of the content of the security boundary of the entropy source and a description of how the security boundary of the entropy source and a description of how the security boundary ensures that an adversary outside the boundary cannot security boundary ensures that an adversary outside the boundary cannot affect the entropy rate. affect the entropy rate. E.2 Entropy Justification {#s-justification .indexable data-level="2"} E.2 Entropy Justification {#s-justification .indexable data-level="2"} ------------------------- ------------------------- There should be a technical argument for where the unpredictability in There should be a technical argument for where the unpredictability in the source comes from and why there is confidence in the entropy source the source comes from and why there is confidence in the entropy source exhibiting probabilistic behavior (an explanation of the probability exhibiting probabilistic behavior (an explanation of the probability distribution and justification for that distribution given the distribution and justification for that distribution given the particular source is one way to describe this). This argument will particular source is one way to describe this). This argument will include a description of the expected entropy rate and explain how to include a description of the expected entropy rate and explain how to ensure that sufficient entropy is going into the [TOE](#abbr_TOE) ensure that sufficient entropy is going into the [TOE](#abbr_TOE) randomizer seeding process. This discussion will be part of a randomizer seeding process. This discussion will be part of a justification for why the entropy source can be relied upon to produce justification for why the entropy source can be relied upon to produce bits with entropy. bits with entropy. E.3 Operating Conditions {#s-oc .indexable data-level="2"} E.3 Operating Conditions {#s-oc .indexable data-level="2"} ------------------------ ------------------------ Documentation will also include the range of operating conditions under Documentation will also include the range of operating conditions under which the entropy source is expected to generate random data. It will which the entropy source is expected to generate random data. It will clearly describe the measures that have been taken in the system design clearly describe the measures that have been taken in the system design to ensure the entropy source continues to operate under those to ensure the entropy source continues to operate under those conditions. Similarly, documentation shall describe the conditions under conditions. Similarly, documentation shall describe the conditions under which the entropy source is known to malfunction or become inconsistent. which the entropy source is known to malfunction or become inconsistent. Methods used to detect failure or degradation of the source shall be Methods used to detect failure or degradation of the source shall be included. included. E.4 Health Testing {#s-health .indexable data-level="2"} E.4 Health Testing {#s-health .indexable data-level="2"} ------------------ ------------------ More specifically, all entropy source health tests and their rationale More specifically, all entropy source health tests and their rationale will be documented. This will include a description of the health tests, will be documented. This will include a description of the health tests, the rate and conditions under which each health test is performed (e.g., the rate and conditions under which each health test is performed (e.g., at startup, continuously, or on-demand), the expected results for each at startup, continuously, or on-demand), the expected results for each health test, and rationale indicating why each test is believed to be health test, and rationale indicating why each test is believed to be appropriate for detecting one or more failures in the entropy source. appropriate for detecting one or more failures in the entropy source. Appendix F - Equivalency Guidelines {#appendix-equiv .indexable data-level="A"} Appendix F - Equivalency Guidelines {#appendix-equiv .indexable data-level="A"} =================================== =================================== F.1 Introduction {#s-vm-intro .indexable data-level="2"} F.1 Introduction {#s-vm-intro .indexable data-level="2"} ---------------- ---------------- The purpose of equivalence in [PP](#abbr_PP)-based evaluations is to The purpose of equivalence in [PP](#abbr_PP)-based evaluations is to find a balance between evaluation rigor and commercial find a balance between evaluation rigor and commercial practicability\--to ensure that evaluations meet customer expectations practicability\--to ensure that evaluations meet customer expectations while recognizing that there is little to be gained from requiring that while recognizing that there is little to be gained from requiring that every variation in a product or platform be fully tested. Generally, if every variation in a product or platform be fully tested. Generally, if a product is found to be compliant with a [PP](#abbr_PP) on a particular a product is found to be compliant with a [PP](#abbr_PP) on a particular platform, then all equivalent products on equivalent platforms are also platform, then all equivalent products on equivalent platforms are also considered to be compliant with the [PP](#abbr_PP). In this case, since considered to be compliant with the [PP](#abbr_PP). In this case, since the [GPCP](#abbr_GPCP) is itself a platform, only equivalent the [GPCP](#abbr_GPCP) is itself a platform, only equivalent [GPCP](#abbr_GPCP) products are considered in the analysis. [GPCP](#abbr_GPCP) products are considered in the analysis. A vendor can make a claim of equivalence if the vendor believes that a A vendor can make a claim of equivalence if the vendor believes that a particular instance of their product implements [PP](#abbr_PP)-specified particular instance of their product implements [PP](#abbr_PP)-specified security functionality in a way equivalent to the implementation of the security functionality in a way equivalent to the implementation of the same functionality on another instance of their product on which the same functionality on another instance of their product on which the functionality was tested. The product instances can differ in version functionality was tested. The product instances can differ in version number or feature level (model). Equivalence can be used to reduce the number or feature level (model). Equivalence can be used to reduce the testing required across claimed evaluated configurations. It can also be testing required across claimed evaluated configurations. It can also be used during Assurance Maintenance to reduce testing needed to add more used during Assurance Maintenance to reduce testing needed to add more evaluated configurations to a certification. evaluated configurations to a certification. These equivalency guidelines do not replace Assurance Maintenance These equivalency guidelines do not replace Assurance Maintenance requirements or NIAP Policy \#5 requirements for CAVP certificates. Nor requirements or NIAP Policy \#5 requirements for CAVP certificates. Nor may equivalence be used to leverage evaluations with expired may equivalence be used to leverage evaluations with expired certifications. certifications. This appendix provides guidance for determining whether products are This appendix provides guidance for determining whether products are equivalent for purposes of evaluation against the GPCPPP. This guidance equivalent for purposes of evaluation against the GPCPPP. This guidance differs from that provided in other PPs in that a [GPCP](#abbr_GPCP) is differs from that provided in other PPs in that a [GPCP](#abbr_GPCP) is itself a platform, and thus the distinction between product and platform itself a platform, and thus the distinction between product and platform is somewhat blurred. This equivalency analysis is adjusted to reflect is somewhat blurred. This equivalency analysis is adjusted to reflect this. this. For a [GPCP](#abbr_GPCP), equivalence has two aspects:\ For a [GPCP](#abbr_GPCP), equivalence has two aspects:\ 1. ***Product Equivalence:*** To be considered equivalent, GPCPs must 1. ***Product Equivalence:*** To be considered equivalent, GPCPs must be produced by the same vendor and support the same tenant software. be produced by the same vendor and support the same tenant software. 2. ***Technical Equivalence:*** GPCPs may be considered equivalent if 2. ***Technical Equivalence:*** GPCPs may be considered equivalent if there are no differences between them with respect to their there are no differences between them with respect to their implementations of [PP](#abbr_PP)-specified security functionality. implementations of [PP](#abbr_PP)-specified security functionality. The equivalency determination is made in accordance with these The equivalency determination is made in accordance with these guidelines by the validator and scheme using information provided by the guidelines by the validator and scheme using information provided by the evaluator/vendor. evaluator/vendor. F.2 Approach to Equivalency Analysis {#s-approach .indexable data-level="2"} F.2 Approach to Equivalency Analysis {#s-approach .indexable data-level="2"} ------------------------------------ ------------------------------------ There are two scenarios for performing equivalency analysis. One is when There are two scenarios for performing equivalency analysis. One is when a product has been certified and the vendor wants to show that a later a product has been certified and the vendor wants to show that a later product should be considered certified due to equivalence with the product should be considered certified due to equivalence with the earlier product. The other is when multiple product variants are going earlier product. The other is when multiple product variants are going though evaluation together and the vendor would like to reduce the though evaluation together and the vendor would like to reduce the amount of testing that must be done. The basic rules for determining amount of testing that must be done. The basic rules for determining equivalence are the same in both cases. But there is one additional equivalence are the same in both cases. But there is one additional consideration that applies to equivalence with previously certified consideration that applies to equivalence with previously certified products. That is, the product with which equivalence is being claimed products. That is, the product with which equivalence is being claimed must have a valid certification in accordance with scheme rules and the must have a valid certification in accordance with scheme rules and the Assurance Maintenance process must be followed. If a product's Assurance Maintenance process must be followed. If a product's certification has expired, then equivalence cannot be claimed with that certification has expired, then equivalence cannot be claimed with that product. product. When performing equivalency analysis for a [GPCP](#abbr_GPCP), the When performing equivalency analysis for a [GPCP](#abbr_GPCP), the evaluator/vendor should first use the factors and guidelines for Product evaluator/vendor should first use the factors and guidelines for Product Equivalence to determine the set of products to be further considered. Equivalence to determine the set of products to be further considered. Each non-equivalent product for which compliance is claimed must be Each non-equivalent product for which compliance is claimed must be fully tested. fully tested. ***"Differences in [PP](#abbr_PP)-Specified Security Functionality" ***"Differences in [PP](#abbr_PP)-Specified Security Functionality" Defined***\ Defined***\ [PP](#abbr_PP)-specified security functionality implemented by the [PP](#abbr_PP)-specified security functionality implemented by the [TOE](#abbr_TOE) that differs in actual implementation between versions [TOE](#abbr_TOE) that differs in actual implementation between versions or product models break equivalence for that functionality. Likewise, or product models break equivalence for that functionality. Likewise, the [TOE](#abbr_TOE) invokes [PP](#abbr_PP)-specified security the [TOE](#abbr_TOE) invokes [PP](#abbr_PP)-specified security functionality differently in different versions or models of the functionality differently in different versions or models of the [TOE](#abbr_TOE), then equivalence is broken for that functionality. [TOE](#abbr_TOE), then equivalence is broken for that functionality. F.3 Specific Guidance for Determining Product Equivalence {#s-modelequiv .indexable d F.3 Specific Guidance for Determining Product Equivalence {#s-modelequiv .indexable d --------------------------------------------------------- --------------------------------------------------------- Product Equivalence attempts to determine whether different feature Product Equivalence attempts to determine whether different feature levels or versions of the same product are equivalent for purposes of levels or versions of the same product are equivalent for purposes of [PP](#abbr_PP) testing. For example, if a product has a "basic" edition [PP](#abbr_PP) testing. For example, if a product has a "basic" edition and an "enterprise" edition, is it necessary to test both models? Or and an "enterprise" edition, is it necessary to test both models? Or does testing one model provide sufficient confidence that both models does testing one model provide sufficient confidence that both models are compliant? are compliant? **[Table [17]{.counter}: Factors for Determining Product **[Table [17]{.counter}: Factors for Determining Product Equivalence]{#equiv-prod-model .ctr data-myid="equiv-prod-model" Equivalence]{#equiv-prod-model .ctr data-myid="equiv-prod-model" data-counter-type="ct-Table"}**\ data-counter-type="ct-Table"}**\ Factor Factor Same/Different Same/Different Guidance Guidance Product Type Product Type Different Different Products in different product classes are not equivalent. Servers, EUDs, Products in different product classes are not equivalent. Servers, EUDs, and [IoT](#abbr_IoT) devices are not equivalent. and [IoT](#abbr_IoT) devices are not equivalent. Product Vendors Product Vendors Different Different Products manufactured by different vendors are not equivalent. Products manufactured by different vendors are not equivalent. [PP](#abbr_PP)-Specified Functionality [PP](#abbr_PP)-Specified Functionality Same Same If differences between products affect only non-PP-specified If differences between products affect only non-PP-specified functionality, then the models are equivalent. functionality, then the models are equivalent. Different Different If [PP](#abbr_PP)-specified security functionality is affected by the If [PP](#abbr_PP)-specified security functionality is affected by the differences between products, then the products are not equivalent and differences between products, then the products are not equivalent and must be tested separately. It is necessary to test only the must be tested separately. It is necessary to test only the functionality affected by the differences. If only differences are functionality affected by the differences. If only differences are tested, then the differences must be enumerated, and for each difference tested, then the differences must be enumerated, and for each difference the Vendor must provide an explanation of why each difference does or the Vendor must provide an explanation of why each difference does or does not affect [PP](#abbr_PP)-specified functionality. If the products does not affect [PP](#abbr_PP)-specified functionality. If the products are fully tested separately, then there is no need to document the are fully tested separately, then there is no need to document the differences. differences. F.4 Technical Equivalence {#ss-hardware-equiv .indexable data-level="2"} F.4 Technical Equivalence {#ss-hardware-equiv .indexable data-level="2"} ------------------------- ------------------------- Platform equivalence is based primarily on processor architecture and Platform equivalence is based primarily on processor architecture and instruction sets. instruction sets. Technical equivalence is based primarily on processor architecture, Technical equivalence is based primarily on processor architecture, instruction sets, and firmware versions. It is determined on a per-SFR instruction sets, and firmware versions. It is determined on a per-SFR basis. basis. Platforms with different processor architectures and instruction sets Platforms with different processor architectures and instruction sets are not equivalent. Processors with the same architecture that have are not equivalent. Processors with the same architecture that have instruction sets that are subsets or supersets of each other are not instruction sets that are subsets or supersets of each other are not disqualified from being equivalent. If [PP](#abbr_PP)-specified security disqualified from being equivalent. If [PP](#abbr_PP)-specified security functionality takes the same code paths when executing on different functionality takes the same code paths when executing on different processors of the same family, then the processors can be considered processors of the same family, then the processors can be considered equivalent with respect to that functionality. equivalent with respect to that functionality. For example, if for some [PP](#abbr_PP)-specified security For example, if for some [PP](#abbr_PP)-specified security functionality, one code path is followed on platforms that support the functionality, one code path is followed on platforms that support the [AES](#abbr_AES)-NI instruction and another on platforms that do not, [AES](#abbr_AES)-NI instruction and another on platforms that do not, then those two platforms are not equivalent with respect to that then those two platforms are not equivalent with respect to that functionality. But if the same path is followed whether or not the functionality. But if the same path is followed whether or not the platform supports [AES](#abbr_AES)-NI, then the platforms are equivalent platform supports [AES](#abbr_AES)-NI, then the platforms are equivalent with respect to that functionality. with respect to that functionality. Platforms that run the same versions of the same firmware are considered Platforms that run the same versions of the same firmware are considered equivalent with respect to any [PP](#abbr_PP)-specified security equivalent with respect to any [PP](#abbr_PP)-specified security functionality implemented by that firmware. If firmware versions are functionality implemented by that firmware. If firmware versions are different, then more in-depth analysis is required to determine whether different, then more in-depth analysis is required to determine whether the security functionality is implemented equivalently. the security functionality is implemented equivalently. The platforms are equivalent if they are equivalent with respect to all The platforms are equivalent if they are equivalent with respect to all [PP](#abbr_PP)-specified security functionality. [PP](#abbr_PP)-specified security functionality. **[Table [18]{.counter}: Factors for Determining Technical **[Table [18]{.counter}: Factors for Determining Technical Equivalence]{#equiv-hw-platform .ctr data-myid="equiv-hw-platform" Equivalence]{#equiv-hw-platform .ctr data-myid="equiv-hw-platform" data-counter-type="ct-Table"}**\ data-counter-type="ct-Table"}**\ ---------------------------------------- --------------------- -------------------- ---------------------------------------- --------------------- -------------------- Factor Same/Different/None Guidance Factor Same/Different/None Guidance Processor Vendors Different Functionality implem Processor Vendors Different Functionality implem Processor/Chipset Architecture Different Functionality implem Processor/Chipset Architecture Different Functionality implem Firmware Versions Same Functionality implem Firmware Versions Same Functionality implem [PP](#abbr_PP)-Specified Functionality Same For [PP](#abbr_PP)-s [PP](#abbr_PP)-Specified Functionality Same For [PP](#abbr_PP)-s [PP](#abbr_PP)-Specified Functionality Different For [PP](#abbr_PP)-s [PP](#abbr_PP)-Specified Functionality Different For [PP](#abbr_PP)-s ---------------------------------------- --------------------- -------------------- ---------------------------------------- --------------------- -------------------- F.5 Level of Specificity for Tested and Claimed Equivalent Configurations {#s-specifi F.5 Level of Specificity for Tested and Claimed Equivalent Configurations {#s-specifi ------------------------------------------------------------------------- ------------------------------------------------------------------------- In order to make equivalency determinations, the vendor and evaluator In order to make equivalency determinations, the vendor and evaluator must agree on the equivalency claims. They must then provide the scheme must agree on the equivalency claims. They must then provide the scheme with sufficient information about the [TOE](#abbr_TOE) instances and with sufficient information about the [TOE](#abbr_TOE) instances and platforms that were evaluated, and the [TOE](#abbr_TOE) instances and platforms that were evaluated, and the [TOE](#abbr_TOE) instances and platforms that are claimed to be equivalent. platforms that are claimed to be equivalent. The [ST](#abbr_ST) must describe all configurations evaluated down to The [ST](#abbr_ST) must describe all configurations evaluated down to processor manufacturer, model number, and microarchitecture version. processor manufacturer, model number, and microarchitecture version. Appendix G - Use Case Templates {#use-case-appendix .indexable data-level="A"} Appendix G - Use Case Templates {#use-case-appendix .indexable data-level="A"} =============================== =============================== G.1 Server-Class Platform, Basic {#appendix-uc-server-basic .indexable data-level="2" G.1 Server-Class Platform, Basic {#appendix-uc-server-basic .indexable data-level="2" -------------------------------- -------------------------------- The configuration for *[\[USE CASE 1\] Server-Class Platform, The configuration for *[\[USE CASE 1\] Server-Class Platform, Basic](#uc-server-basic){.dynref}* modifies the base requirements as Basic](#uc-server-basic){.dynref}* modifies the base requirements as follows:\ follows:\ ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_GEN.1](#FAU_GEN.1) in the [ST](#abbr_ST) Include [FAU\_GEN.1](#FAU_GEN.1) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_SAR.1](#FAU_SAR.1) in the [ST](#abbr_ST) Include [FAU\_SAR.1](#FAU_SAR.1) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_STG.1](#FAU_STG.1) in the [ST](#abbr_ST) Include [FAU\_STG.1](#FAU_STG.1) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_STG.4](#FAU_STG.4) in the [ST](#abbr_ST) Include [FAU\_STG.4](#FAU_STG.4) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_STG\_EXT.1](#FAU_STG_EXT.1) in the [ST](#abbr_ST) Include [FAU\_STG\_EXT.1](#FAU_STG_EXT.1) in the [ST](#abbr_ST) ::: ::: G.2 Server-Class Platform, Enhanced {#appendix-uc-server-enhanced .indexable data-lev G.2 Server-Class Platform, Enhanced {#appendix-uc-server-enhanced .indexable data-lev ----------------------------------- ----------------------------------- The configuration for *[\[USE CASE 2\] Server-Class Platform, The configuration for *[\[USE CASE 2\] Server-Class Platform, Enhanced](#uc-server-enhanced){.dynref}* modifies the base requirements Enhanced](#uc-server-enhanced){.dynref}* modifies the base requirements as follows:\ as follows:\ ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_GEN.1](#FAU_GEN.1) in the [ST](#abbr_ST) Include [FAU\_GEN.1](#FAU_GEN.1) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_SAR.1](#FAU_SAR.1) in the [ST](#abbr_ST) Include [FAU\_SAR.1](#FAU_SAR.1) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_STG.1](#FAU_STG.1) in the [ST](#abbr_ST) Include [FAU\_STG.1](#FAU_STG.1) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_STG.4](#FAU_STG.4) in the [ST](#abbr_ST) Include [FAU\_STG.4](#FAU_STG.4) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_STG\_EXT.1](#FAU_STG_EXT.1) in the [ST](#abbr_ST) Include [FAU\_STG\_EXT.1](#FAU_STG_EXT.1) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FPT\_PHP.2](#FPT_PHP.2) in the [ST](#abbr_ST) Include [FPT\_PHP.2](#FPT_PHP.2) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FPT\_PHP.3](#FPT_PHP.3) in the [ST](#abbr_ST) Include [FPT\_PHP.3](#FPT_PHP.3) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) in the [ST](#abbr_ST) Include [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) in the [ST](#abbr_ST) ::: ::: G.3 Portable Clients (laptops, tablets), Basic {#appendix-uc-client-portable-basic .i G.3 Portable Clients (laptops, tablets), Basic {#appendix-uc-client-portable-basic .i ---------------------------------------------- ---------------------------------------------- The use case *[\[USE CASE 3\] Portable Clients (laptops, tablets), The use case *[\[USE CASE 3\] Portable Clients (laptops, tablets), Basic](#uc-client-portable-basic){.dynref}* makes no changes to the base Basic](#uc-client-portable-basic){.dynref}* makes no changes to the base requirements. requirements. G.4 Portable Clients (laptops, tablets), Enhanced {#appendix-uc-client-portable-enhan G.4 Portable Clients (laptops, tablets), Enhanced {#appendix-uc-client-portable-enhan ------------------------------------------------- ------------------------------------------------- The configuration for *[\[USE CASE 4\] Portable Clients (laptops, The configuration for *[\[USE CASE 4\] Portable Clients (laptops, tablets), Enhanced](#uc-client-portable-enhanced){.dynref}* modifies the tablets), Enhanced](#uc-client-portable-enhanced){.dynref}* modifies the base requirements as follows:\ base requirements as follows:\ ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FPT\_PHP.1](#FPT_PHP.1) in the [ST](#abbr_ST) Include [FPT\_PHP.1](#FPT_PHP.1) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) in the [ST](#abbr_ST) Include [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) in the [ST](#abbr_ST) ::: ::: G.5 CSfC EUD {#appendix-uc-csfc-eud .indexable data-level="2"} G.5 CSfC EUD {#appendix-uc-csfc-eud .indexable data-level="2"} ------------ ------------ The configuration for *[\[USE CASE 5\] CSfC EUD](#uc-csfc-eud){.dynref}* The configuration for *[\[USE CASE 5\] CSfC EUD](#uc-csfc-eud){.dynref}* modifies the base requirements as follows:\ modifies the base requirements as follows:\ ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FPT\_PHP.1](#FPT_PHP.1) in the [ST](#abbr_ST) Include [FPT\_PHP.1](#FPT_PHP.1) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FPT\_PHP.2](#FPT_PHP.2) in the [ST](#abbr_ST) Include [FPT\_PHP.2](#FPT_PHP.2) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) in the [ST](#abbr_ST) Include [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_GEN.1](#FAU_GEN.1) in the [ST](#abbr_ST) Include [FAU\_GEN.1](#FAU_GEN.1) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_SAR.1](#FAU_SAR.1) in the [ST](#abbr_ST) Include [FAU\_SAR.1](#FAU_SAR.1) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_STG.1](#FAU_STG.1) in the [ST](#abbr_ST) Include [FAU\_STG.1](#FAU_STG.1) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_STG.4](#FAU_STG.4) in the [ST](#abbr_ST) Include [FAU\_STG.4](#FAU_STG.4) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_STG\_EXT.1](#FAU_STG_EXT.1) in the [ST](#abbr_ST) Include [FAU\_STG\_EXT.1](#FAU_STG_EXT.1) in the [ST](#abbr_ST) ::: ::: G.6 Tactical EUD {#appendix-uc-tactical-eud .indexable data-level="2"} G.6 Tactical EUD {#appendix-uc-tactical-eud .indexable data-level="2"} ---------------- ---------------- The configuration for *[\[USE CASE 6\] Tactical The configuration for *[\[USE CASE 6\] Tactical EUD](#uc-tactical-eud){.dynref}* modifies the base requirements as EUD](#uc-tactical-eud){.dynref}* modifies the base requirements as follows:\ follows:\ ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FPT\_PHP.3](#FPT_PHP.3) in the [ST](#abbr_ST) Include [FPT\_PHP.3](#FPT_PHP.3) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) in the [ST](#abbr_ST) Include [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1) in the [ST](#abbr_ST) Include [FIA\_AFL\_EXT.1](#FIA_AFL_EXT.1) in the [ST](#abbr_ST) ::: ::: G.7 Enterprise Desktop clients {#appendix-uc-ent-clients-desktop .indexable data-leve G.7 Enterprise Desktop clients {#appendix-uc-ent-clients-desktop .indexable data-leve ------------------------------ ------------------------------ The configuration for *[\[USE CASE 7\] Enterprise Desktop The configuration for *[\[USE CASE 7\] Enterprise Desktop clients](#uc-ent-clients-desktop){.dynref}* modifies the base clients](#uc-ent-clients-desktop){.dynref}* modifies the base requirements as follows:\ requirements as follows:\ ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_GEN.1](#FAU_GEN.1) in the [ST](#abbr_ST) Include [FAU\_GEN.1](#FAU_GEN.1) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_SAR.1](#FAU_SAR.1) in the [ST](#abbr_ST) Include [FAU\_SAR.1](#FAU_SAR.1) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_STG.1](#FAU_STG.1) in the [ST](#abbr_ST) Include [FAU\_STG.1](#FAU_STG.1) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_STG.4](#FAU_STG.4) in the [ST](#abbr_ST) Include [FAU\_STG.4](#FAU_STG.4) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FAU\_STG\_EXT.1](#FAU_STG_EXT.1) in the [ST](#abbr_ST) Include [FAU\_STG\_EXT.1](#FAU_STG_EXT.1) in the [ST](#abbr_ST) ::: ::: G.8 IoT Devices {#appendix-uc-iot-device .indexable data-level="2"} G.8 IoT Devices {#appendix-uc-iot-device .indexable data-level="2"} --------------- --------------- The configuration for *[\[USE CASE 8\] IoT The configuration for *[\[USE CASE 8\] IoT Devices](#uc-iot-device){.dynref}* modifies the base requirements as Devices](#uc-iot-device){.dynref}* modifies the base requirements as follows:\ follows:\ ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FPT\_PHP.1](#FPT_PHP.1) in the [ST](#abbr_ST) Include [FPT\_PHP.1](#FPT_PHP.1) in the [ST](#abbr_ST) ::: ::: ::: {.uc_inc_fcomp} ::: {.uc_inc_fcomp} Include [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) in the [ST](#abbr_ST) Include [FPT\_JTA\_EXT.2](#FPT_JTA_EXT.2) in the [ST](#abbr_ST) ::: ::: Appendix H - Acronyms {#acronyms .indexable data-level="A"} Appendix H - Acronyms {#acronyms .indexable data-level="A"} ===================== ===================== Acronym Meanin Acronym Meanin ---------------------------------------------------------------------------- ------ ---------------------------------------------------------------------------- ------ [[AES](#abbr_AES)]{#abbr_AES .term} [Advan [[AES](#abbr_AES)]{#abbr_AES .term} [Advan [[AK](#abbr_AK)]{#abbr_AK .term} [Asymm [[AK](#abbr_AK)]{#abbr_AK .term} [Asymm [[ANSI](#abbr_ANSI)]{#abbr_ANSI .term} [Ameri [[ANSI](#abbr_ANSI)]{#abbr_ANSI .term} [Ameri [[API](#abbr_API)]{#abbr_API .term} [Appli [[API](#abbr_API)]{#abbr_API .term} [Appli [[BAF](#abbr_BAF)]{#abbr_BAF .term} [Biome [[BAF](#abbr_BAF)]{#abbr_BAF .term} [Biome [[BMC](#abbr_BMC)]{#abbr_BMC .term} [Baseb [[BMC](#abbr_BMC)]{#abbr_BMC .term} [Baseb [[Base-PP](#abbr_Base-PP)]{#abbr_Base-PP .term} [Base [[Base-PP](#abbr_Base-PP)]{#abbr_Base-PP .term} [Base [[CC](#abbr_CC)]{#abbr_CC .term} [Commo [[CC](#abbr_CC)]{#abbr_CC .term} [Commo [[CEM](#abbr_CEM)]{#abbr_CEM .term} [Commo [[CEM](#abbr_CEM)]{#abbr_CEM .term} [Commo [[CMAC](#abbr_CMAC)]{#abbr_CMAC .term} [Ciphe [[CMAC](#abbr_CMAC)]{#abbr_CMAC .term} [Ciphe [[CN](#abbr_CN)]{#abbr_CN .term} [Commo [[CN](#abbr_CN)]{#abbr_CN .term} [Commo [[CRL](#abbr_CRL)]{#abbr_CRL .term} [Certi [[CRL](#abbr_CRL)]{#abbr_CRL .term} [Certi [[CSP](#abbr_CSP)]{#abbr_CSP .term} [Criti [[CSP](#abbr_CSP)]{#abbr_CSP .term} [Criti [[CSfC](#abbr_CSfC)]{#abbr_CSfC .term} [Comme [[CSfC](#abbr_CSfC)]{#abbr_CSfC .term} [Comme [[DAR](#abbr_DAR)]{#abbr_DAR .term} [Data- [[DAR](#abbr_DAR)]{#abbr_DAR .term} [Data- [[DH](#abbr_DH)]{#abbr_DH .term} [Diffi [[DH](#abbr_DH)]{#abbr_DH .term} [Diffi [[DN](#abbr_DN)]{#abbr_DN .term} [Disti [[DN](#abbr_DN)]{#abbr_DN .term} [Disti [[DRBG](#abbr_DRBG)]{#abbr_DRBG .term} [Deter [[DRBG](#abbr_DRBG)]{#abbr_DRBG .term} [Deter [[DSS](#abbr_DSS)]{#abbr_DSS .term} [Digit [[DSS](#abbr_DSS)]{#abbr_DSS .term} [Digit [[DTLS](#abbr_DTLS)]{#abbr_DTLS .term} [Datag [[DTLS](#abbr_DTLS)]{#abbr_DTLS .term} [Datag [[ECDHE](#abbr_ECDHE)]{#abbr_ECDHE .term} [Ellip [[ECDHE](#abbr_ECDHE)]{#abbr_ECDHE .term} [Ellip [[ECDSA](#abbr_ECDSA)]{#abbr_ECDSA .term} [Ellip [[ECDSA](#abbr_ECDSA)]{#abbr_ECDSA .term} [Ellip [[ECIES](#abbr_ECIES)]{#abbr_ECIES .term} [Ellip [[ECIES](#abbr_ECIES)]{#abbr_ECIES .term} [Ellip [[EP](#abbr_EP)]{#abbr_EP .term} [Exten [[EP](#abbr_EP)]{#abbr_EP .term} [Exten [[EUD](#abbr_EUD)]{#abbr_EUD .term} [End-U [[EUD](#abbr_EUD)]{#abbr_EUD .term} [End-U [[FIPS](#abbr_FIPS)]{#abbr_FIPS .term} [Feder [[FIPS](#abbr_FIPS)]{#abbr_FIPS .term} [Feder [[FP](#abbr_FP)]{#abbr_FP .term} [Funct [[FP](#abbr_FP)]{#abbr_FP .term} [Funct [[FQDN](#abbr_FQDN)]{#abbr_FQDN .term} [Fully [[FQDN](#abbr_FQDN)]{#abbr_FQDN .term} [Fully [[GPCP](#abbr_GPCP)]{#abbr_GPCP .term} [Gener [[GPCP](#abbr_GPCP)]{#abbr_GPCP .term} [Gener [[HMAC](#abbr_HMAC)]{#abbr_HMAC .term} [Hash- [[HMAC](#abbr_HMAC)]{#abbr_HMAC .term} [Hash- [[HTTPS](#abbr_HTTPS)]{#abbr_HTTPS .term} [Hyper [[HTTPS](#abbr_HTTPS)]{#abbr_HTTPS .term} [Hyper [[IEC](#abbr_IEC)]{#abbr_IEC .term} [Inter [[IEC](#abbr_IEC)]{#abbr_IEC .term} [Inter [[IEEE](#abbr_IEEE)]{#abbr_IEEE .term} [Insti [[IEEE](#abbr_IEEE)]{#abbr_IEEE .term} [Insti [[IP](#abbr_IP)]{#abbr_IP .term} [Inter [[IP](#abbr_IP)]{#abbr_IP .term} [Inter [[ISO](#abbr_ISO)]{#abbr_ISO .term} [Inter [[ISO](#abbr_ISO)]{#abbr_ISO .term} [Inter [[IT](#abbr_IT)]{#abbr_IT .term} [Infor [[IT](#abbr_IT)]{#abbr_IT .term} [Infor [[ITSEF](#abbr_ITSEF)]{#abbr_ITSEF .term} [Infor [[ITSEF](#abbr_ITSEF)]{#abbr_ITSEF .term} [Infor [[IoT](#abbr_IoT)]{#abbr_IoT .term} [Inter [[IoT](#abbr_IoT)]{#abbr_IoT .term} [Inter [[JTAG](#abbr_JTAG)]{#abbr_JTAG .term} [Joint [[JTAG](#abbr_JTAG)]{#abbr_JTAG .term} [Joint [[KDF](#abbr_KDF)]{#abbr_KDF .term} [Key-D [[KDF](#abbr_KDF)]{#abbr_KDF .term} [Key-D [[KMAC](#abbr_KMAC)]{#abbr_KMAC .term} [KECCA [[KMAC](#abbr_KMAC)]{#abbr_KMAC .term} [KECCA [[MAC](#abbr_MAC)]{#abbr_MAC .term} [Messa [[MAC](#abbr_MAC)]{#abbr_MAC .term} [Messa [[MC](#abbr_MC)]{#abbr_MC .term} [Manag [[MC](#abbr_MC)]{#abbr_MC .term} [Manag [[NIST](#abbr_NIST)]{#abbr_NIST .term} [Natio [[NIST](#abbr_NIST)]{#abbr_NIST .term} [Natio [[OCSP](#abbr_OCSP)]{#abbr_OCSP .term} [Onlin [[OCSP](#abbr_OCSP)]{#abbr_OCSP .term} [Onlin [[OE](#abbr_OE)]{#abbr_OE .term} [Opera [[OE](#abbr_OE)]{#abbr_OE .term} [Opera [[OEM](#abbr_OEM)]{#abbr_OEM .term} [Origi [[OEM](#abbr_OEM)]{#abbr_OEM .term} [Origi [[OID](#abbr_OID)]{#abbr_OID .term} [Objec [[OID](#abbr_OID)]{#abbr_OID .term} [Objec [[OMTP](#abbr_OMTP)]{#abbr_OMTP .term} [Open [[OMTP](#abbr_OMTP)]{#abbr_OMTP .term} [Open [[OS](#abbr_OS)]{#abbr_OS .term data-plural="OSes"} [Opera [[OS](#abbr_OS)]{#abbr_OS .term data-plural="OSes"} [Opera [[PBKDF](#abbr_PBKDF)]{#abbr_PBKDF .term} [Passw [[PBKDF](#abbr_PBKDF)]{#abbr_PBKDF .term} [Passw [[PKCS](#abbr_PKCS)]{#abbr_PKCS .term} [Publi [[PKCS](#abbr_PKCS)]{#abbr_PKCS .term} [Publi [[PP](#abbr_PP)]{#abbr_PP .term} [Prote [[PP](#abbr_PP)]{#abbr_PP .term} [Prote [[PP-Configuration](#abbr_PP-Configuration)]{#abbr_PP-Configuration .term} [Prote [[PP-Configuration](#abbr_PP-Configuration)]{#abbr_PP-Configuration .term} [Prote [[PP-Module](#abbr_PP-Module)]{#abbr_PP-Module .term} [Prote [[PP-Module](#abbr_PP-Module)]{#abbr_PP-Module .term} [Prote [[RBG](#abbr_RBG)]{#abbr_RBG .term} [Rando [[RBG](#abbr_RBG)]{#abbr_RBG .term} [Rando [[RFC](#abbr_RFC)]{#abbr_RFC .term} [Reque [[RFC](#abbr_RFC)]{#abbr_RFC .term} [Reque [[RNG](#abbr_RNG)]{#abbr_RNG .term} [Rando [[RNG](#abbr_RNG)]{#abbr_RNG .term} [Rando [[RoT](#abbr_RoT)]{#abbr_RoT .term} [Root [[RoT](#abbr_RoT)]{#abbr_RoT .term} [Root [[SA](#abbr_SA)]{#abbr_SA .term} [Secur [[SA](#abbr_SA)]{#abbr_SA .term} [Secur [[SAN](#abbr_SAN)]{#abbr_SAN .term} [Subje [[SAN](#abbr_SAN)]{#abbr_SAN .term} [Subje [[SAR](#abbr_SAR)]{#abbr_SAR .term} [Secur [[SAR](#abbr_SAR)]{#abbr_SAR .term} [Secur [[SFR](#abbr_SFR)]{#abbr_SFR .term} [Secur [[SFR](#abbr_SFR)]{#abbr_SFR .term} [Secur [[SHA](#abbr_SHA)]{#abbr_SHA .term} [Secur [[SHA](#abbr_SHA)]{#abbr_SHA .term} [Secur [[SK](#abbr_SK)]{#abbr_SK .term} [Symme [[SK](#abbr_SK)]{#abbr_SK .term} [Symme [[SPD](#abbr_SPD)]{#abbr_SPD .term} [Secur [[SPD](#abbr_SPD)]{#abbr_SPD .term} [Secur [[SSH](#abbr_SSH)]{#abbr_SSH .term} [Secur [[SSH](#abbr_SSH)]{#abbr_SSH .term} [Secur [[ST](#abbr_ST)]{#abbr_ST .term} [Secur [[ST](#abbr_ST)]{#abbr_ST .term} [Secur [[SWID](#abbr_SWID)]{#abbr_SWID .term} [Softw [[SWID](#abbr_SWID)]{#abbr_SWID .term} [Softw [[TEE](#abbr_TEE)]{#abbr_TEE .term} [Trust [[TEE](#abbr_TEE)]{#abbr_TEE .term} [Trust [[TLS](#abbr_TLS)]{#abbr_TLS .term} [Trans [[TLS](#abbr_TLS)]{#abbr_TLS .term} [Trans [[TOE](#abbr_TOE)]{#abbr_TOE .term} [Targe [[TOE](#abbr_TOE)]{#abbr_TOE .term} [Targe [[TSF](#abbr_TSF)]{#abbr_TSF .term} [[TOE] [[TSF](#abbr_TSF)]{#abbr_TSF .term} [[TOE] [[TSFI](#abbr_TSFI)]{#abbr_TSFI .term data-plural="TSFIs"} [[TSF] [[TSFI](#abbr_TSFI)]{#abbr_TSFI .term data-plural="TSFIs"} [[TSF] [[TSS](#abbr_TSS)]{#abbr_TSS .term} [[TOE] [[TSS](#abbr_TSS)]{#abbr_TSS .term} [[TOE] [[USB](#abbr_USB)]{#abbr_USB .term} [Unive [[USB](#abbr_USB)]{#abbr_USB .term} [Unive [[VPN](#abbr_VPN)]{#abbr_VPN .term} [Virtu [[VPN](#abbr_VPN)]{#abbr_VPN .term} [Virtu [[VS](#abbr_VS)]{#abbr_VS .term} [Virtu [[VS](#abbr_VS)]{#abbr_VS .term} [Virtu [[XCCDF](#abbr_XCCDF)]{#abbr_XCCDF .term} [eXten [[XCCDF](#abbr_XCCDF)]{#abbr_XCCDF .term} [eXten [[XOR](#abbr_XOR)]{#abbr_XOR .term} [Exclu [[XOR](#abbr_XOR)]{#abbr_XOR .term} [Exclu [[cPP](#abbr_cPP)]{#abbr_cPP .term data-plural="cPPs"} [Colla [[cPP](#abbr_cPP)]{#abbr_cPP .term data-plural="cPPs"} [Colla Appendix I - Bibliography {#appendix-bibliography .indexable data-level="A"} Appendix I - Bibliography {#appendix-bibliography .indexable data-level="A"} ========================= ========================= +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | Identifier | Title | | Identifier | Title | +===================================+===================================+ +===================================+===================================+ | [\[[CC](#abbr_CC)\]]{#bibCC} | Common Criteria for Information | | [\[[CC](#abbr_CC)\]]{#bibCC} | Common Criteria for Information | | | Technology Security Evaluation - | | | Technology Security Evaluation - | | | | | | | | | - [Part 1: Introduction and | | | - [Part 1: Introduction and | | | General | | | General | | | Model](http://www.commoncrite | | | Model](http://www.commoncrite | | | riaportal.org/files/ccfiles/CCPAR | | | riaportal.org/files/ccfiles/CCPAR | | | T1V3.1R5.pdf), | | | T1V3.1R5.pdf), | | | CCMB-2017-04-001, Version 3.1 | | | CCMB-2017-04-001, Version 3.1 | | | Revision 5, April 2017. | | | Revision 5, April 2017. | | | - [Part 2: Security Functional | | | - [Part 2: Security Functional | | | Components](http://www.common | | | Components](http://www.common | | | criteriaportal.org/files/ccfiles/ | | | criteriaportal.org/files/ccfiles/ | | | CCPART2V3.1R5.pdf), | | | CCPART2V3.1R5.pdf), | | | CCMB-2017-04-002, Version 3.1 | | | CCMB-2017-04-002, Version 3.1 | | | Revision 5, April 2017. | | | Revision 5, April 2017. | | | - [Part 3: Security Assurance | | | - [Part 3: Security Assurance | | | Components](http://www.common | | | Components](http://www.common | | | criteriaportal.org/files/ccfiles/ | | | criteriaportal.org/files/ccfiles/ | | | CCPART3V3.1R5.pdf), | | | CCPART3V3.1R5.pdf), | | | CCMB-2017-04-003, Version 3.1 | | | CCMB-2017-04-003, Version 3.1 | | | Revision 5, April 2017. | | | Revision 5, April 2017. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+ | [\[[CEM](#abbr_CEM)\]]{#bibCEM} | [Common Evaluation Methodology | | [\[[CEM](#abbr_CEM)\]]{#bibCEM} | [Common Evaluation Methodology | | | for Information Technology | | | for Information Technology | | | Security - Evaluation | | | Security - Evaluation | | | Methodology](http://www.commoncri | | | Methodology](http://www.commoncri | | | teriaportal.org/files/ccfiles/CEM | | | teriaportal.org/files/ccfiles/CEM | | | V3.1R4.pdf), | | | V3.1R4.pdf), | | | CCMB-2012-09-004, Version 3.1, | | | CCMB-2012-09-004, Version 3.1, | | | Revision 4, September 2012. | | | Revision 4, September 2012. | +-----------------------------------+-----------------------------------+ +-----------------------------------+-----------------------------------+