Version | Date | Comment |
---|---|---|
1.0 | 2023-01-25 | Initial Release |
Assurance | Grounds for confidence that a TOE meets the SFRs [CC]. |
Base Protection Profile (Base-PP) | Protection Profile used as a basis to build a PP-Configuration. |
Collaborative Protection Profile (cPP) | A Protection Profile developed by international technical communities and approved by multiple schemes. |
Common Criteria (CC) | Common Criteria for Information Technology Security Evaluation (International Standard ISO/IEC 15408). |
Common Criteria Testing Laboratory | Within the context of the Common Criteria Evaluation and Validation Scheme (CCEVS), an IT security evaluation facility accredited by the National Voluntary Laboratory Accreditation Program (NVLAP) and approved by the NIAP Validation Body to conduct Common Criteria-based evaluations. |
Common Evaluation Methodology (CEM) | Common Evaluation Methodology for Information Technology Security Evaluation. |
Distributed TOE | A TOE composed of multiple components operating as a logical whole. |
Operational Environment (OE) | Hardware and software that are outside the TOE boundary that support the TOE functionality and security policy. |
Protection Profile (PP) | An implementation-independent set of security requirements for a category of products. |
Protection Profile Configuration (PP-Configuration) | A comprehensive set of security requirements for a product type that consists of at least one Base-PP and at least one PP-Module. |
Protection Profile Module (PP-Module) | An implementation-independent statement of security needs for a TOE type complementary to one or more Base-PPs. |
Security Assurance Requirement (SAR) | A requirement to assure the security of the TOE. |
Security Functional Requirement (SFR) | A requirement for security enforcement by the TOE. |
Security Target (ST) | A set of implementation-dependent security requirements for a specific product. |
Target of Evaluation (TOE) | The product under evaluation. |
TOE Security Functionality (TSF) | The security functionality of the product under evaluation. |
TOE Summary Specification (TSS) | A description of how a TOE satisfies the SFRs in an ST. |
Assertion | A statement from the TOE to an RP that contains information about a subscriber. Assertions may also contain verified attributes. For the purposes of this PP-Module, assertions containing authentication status and identity attributes are made by EAP response messages in accordance with EAP-TLS or EAP-TTLS. |
Authentication Policy | A policy that specifies which authenticator types are required for a particular entity. The policy may be implicit for all entities, or configurable. |
Authenticator | Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. |
Authenticator Output | The output value generated by an authenticator. The ability to generate valid authenticator outputs on demand proves that the claimant possesses and controls the authenticator. Protocol messages sent to the verifier are dependent upon the authenticator output, but they may or may not explicitly contain it. |
Claimant | A subject whose identity is to be verified using one or more authentication protocols. |
Credential | An object or data structure that authoritatively binds an identity via an identifier or identifiers and (optionally) additional attributes, to at least one authenticator possessed and controlled by a subscriber. |
Federation Protocol | A protocol to establish a trusted relationship with a relying party, and for the purposes of this PP module, to communicate authentication status for entities requesting access to resources managed by the relying party. In this PP-module, Federation Protocols include RADIUS, DIAMETER, and other standard protocols used in direct communication between the relying party and the TOE. Federation protocols that only support bearer assertions are out of scope for this PP-Module. |
Relying Party (RP) | An entity that relies upon the subscriber’s authenticators and credentials or a verifier’s assertion of a claimant’s identity, typically to process a transaction or grant access to information or a system. |
This PP-Module inherits exact conformance as required from the specified Base-PP and as defined in the CC and CEM addenda for Exact Conformance, Selection-Based SFRs, and Optional SFRs (dated May 2017).
No PPs or PP-Modules may be specified in a PP-Configuration with this PP-Module other than the Base-PP specified in Section 1.1 Overview.
An organization deploying the TOE is expected to satisfy the organizational security policy listed below in addition to all organizational security policies defined by the claimed Base-PP.
Threat, Assumption, or OSP | Security Objectives | Rationale |
T.FALSE_ENDPOINTS | O.TRUSTED_RP | The TOE’s enforcement of mutual authentication allows it and the relying party to identify and reject attempts for each component to be impersonated. |
T.INVALID_USERS | O.SECURITY_ASSOCIATION | The TOE’s ability to maintain a security association ensures that a mechanism exists for the TSF to assert to an external entity that a given user is valid. |
O.USER_AUTH | The TOE’s proper implementation of the claimant authentication ensures that it will accurately process authentication attempts to allow only valid authentication attempts. The TOE’s ability to use trusted communications as part of the federation protocol implementation ensures that modification or disclosure of authentication data cannot be used as a method to gain access to credentials or modify an authentication result. | |
T.UNAUTHORIZED_ADMINISTRATOR_ACCESS (from NDcPP) | O.AUTHORIZED_USE | The TOE further mitigates this threat originally defined in the Base-PP by defining additional management functions that require authorization and additional interfaces that can be used securely to execute management activities. |
T.UNDETECTED_ACTIVITY (from NDcPP) | O.AUTHORIZED_USE | The TOE further mitigates this threat originally defined in the Base-PP by implementing measures to generate audit records for security-relevant events that are specific to the functionality defined by this PP-Module. |
A.RP_FEDERATION | OE.RP_FEDERATION | The OE objective OE.RP_FEDERATION is realized through A.RP_FEDERATION. |
P.AUTH_POLICY | OE.REQUIRE_AUTH | Definition of an authentication policy, which can be enforced through deployment of a conformant TOE, can be used to ensure that organizational assets are protected by enforcing appropriate requirements for authentication. |
Requirement | Auditable Events | Additional Audit Record Contents |
---|---|---|
FCO_NRO.1 | Claimant request for which the TOE does not have credential verification data | Identity of the claimant |
FCO_NRR.1 | None | |
FCS_CKM.3 | [selection: attempt to export plaintext key or CSP via defined interface, none] Note: if no defined interfaces have access to persistent keys or CSP, select 'none' | If attempt is detected, record process identifier, authorized user's identifier (if any) |
FCS_EAPTLS_EXT.1 | Protocol failures | If failure occurs, record a descriptive reason for the failure |
Successful and failed authentication of claimant | Identifier of claimant | |
FCS_RADIUS_EXT.1 | Protocol failures | If failure occurs, record a descriptive reason for the failure |
Success/failure of authentication | None | |
FCS_RADSEC_EXT.1 (selection-based) | None | |
FCS_STG_EXT.1 | None | |
FIA_AFL.1/AuthSvr | The reaching of the threshold for the unsuccessful authentication attempts | The claimed identity of the entity attempting to authenticate or the IP where the attempts originated |
Disabling an account due to the threshold being reached | ||
FIA_HOTP_EXT.1 (selection-based) | Generation of a HOTP seed key | Entity identifier |
Entity HOTP value comparison | Result of comparison - success or failure | |
FIA_PSK_EXT.1/AuthSvr (selection-based) | None | |
FIA_PSK_EXT.2 (selection-based) | None | |
FIA_PSK_EXT.3 (selection-based) | None | |
FIA_TOTP_EXT.1 (selection-based) | Generation of a TOTP seed key | Entity identifier |
Entity TOTP value comparison | Result of comparison - success or failure | |
FIA_X509_EXT.1/AuthSvr | Certificate validation failure | Reason for failure |
FIA_UAU.6 | All use of the authentication mechanism | Origin of the attempt (e.g., IP address) |
FMT_SMF.1/AuthSvr | All management actions | Identifier of initiator |
FTA_TSE.1 | Denial of session establishment due to the session establishment mechanism | Reason for denial, origin of establishment attempt |
FTP_ITC.1/NAS | Initiation of the trusted channel | Identification of the initiator |
Termination of the trusted channel | Identification of the initiator | |
Failure of the trusted channel functions | Target of failed trusted channels establishment attempt |
The auditable events defined in Table 2 are for the SFRs that are explicitly defined in this PP-Module and are intended to extend FAU_GEN.1 in the Base-PP.
The events in the Auditable Events table should be combined with those of the NDcPP in the context of a conforming Security Target.
The Auditable Events table (Table 2) includes selection-based SFRs. The auditing of selection-based SFRs is only required if that SFR is included in the ST.
Per FAU_STG_EXT.1 in the Base-PP, the TOE must support transfer of the audit data to an external IT entity using a trusted channel.
This SFR is iterated from the Base-PP to define X.509 validation requirements that are specific to claimaint authentication.
The ST author claims supported certificate validity checking options for each rule. For name constraints, all supported name types used to match names presented in a certificate to registered users and the associated standard matching method are described.
The ST author claims supported certificate policies. ‘Policy Constraints…’ is claimed if the TOE’s authentication policy depends on the certificate policies for claimant certificates. Other policy related extensions within the selection are claimed if supported. The extension inhibitPolicyMapping is not claimed if the TSF does not support certificate chains of length four or more. The policy related extensions, if supported, are primarily used in this PP-Module for claimant authentication, but are allowed for other certificate authentications. The ST author specifies the intended use and any limits of support for these extensions or specifies ‘no other policy related extension’ in the assignment of this selection.
The ST author specifies any additional supported X.509 extensions, and the associated extension processing rules used to determine claimant identity attributes or conditions that can be used in the TOE’s authentication policy.
If “an IPsec” is selected, the Base-PP SFR FCS_IPSEC_EXT.1 must be claimed.
If "a RadSec" is selected, the selection-based SFR FCS_RADSEC_EXT.1 must be claimed.
If “a mutually authenticated TLS” is selected, the Base-PP SFRs FCS_TLSS_EXT.1 and FCS_TLSS_EXT.2 must be claimed.
If “a mutually authenticated DTLS” is selected, the Base-PP SFRs FCS_DTLSS_EXT.1 and FCS_DTLSS_EXT.2 must be claimed.
The following rationale provides justification for each security objective for the TOE,
showing that the SFRs are suitable to meet and achieve the security objectives:
Objective | Addressed by | Rationale |
---|---|---|
O.AUTHORIZED_USE | FAU_GEN.1/AuthSvr | The TOE implements an audit mechanism to detect potential misuse of the TOE. |
FCS_CKM.3 | The TOE implements a cryptographic key access control mechanism to prevent compromise of data in transit confidentiality mechanisms. | |
FCS_STG_EXT.1 | The TOE implements a cryptographic key storage mechanism to prevent compromise of data in transit confidentiality mechanisms. | |
FIA_UAU.6 | The TOE implements a re-authentication mechanism to prevent compromise of an administrator account to an unattended session. | |
FMT_SMF.1/AuthSvr | The TOE implements management functions as a legitimate mechanism to control the behavior of the TSF. | |
O.SECURITY_ASSOCIATION | FCO_NRO.1 | The TOE provides a non-repudiation function to assert the source of origin of its communications with the relying party. |
FCO_NRR.1 | The TOE provides a proof of receipt function to assert to a relying part that communications with it are successful. | |
FCS_EAPTLS_EXT.1 | The TOE implements either EAP-TLS or EAP-TTLS as a mechanism to assert the success or failure of claimant authentication requests to the relying party. | |
O.TRUSTED_RP | FCS_EAPTLS_EXT.1 | The TOE implements either EAP-TLS or EAP-TTLS with mutual authentication to authenticate itself to a relying party. |
FTP_ITC.1/NAS | The TOE implements a cryptographically secure trusted channel with a relying party that allows it to authorize itself to the relying party. | |
FCS_RADSEC_EXT.1 | RadSec is one potential mechanism by which the TOE can establish a trusted channel with the relying party. | |
FIA_PSK_EXT.1/AuthSvr | Depending on the configuration of the trusted channel used to communicate with the relying party, the TOE may use a pre-shared key as the mechanism by which it authenticates itself to the relying party. | |
O.USER_AUTH | FCS_RADIUS_EXT.1 | The TOE implements RADIUS, DIAMETER, or some other direct identity federation protocol to communicate the success or failure of claimant authentication requests. |
FIA_AFL.1/AuthSvr | The TOE implements a mechanism to prevent claimant authentication attempts if an excessive number of failed attempts have been made. | |
FIA_X509_EXT.1/AuthSvr | The TOE implements a mechanism to determine the validity of X.509 certificates that are used as claimant authenticators. | |
FTA_TSE.1 | The TOE implements a mechanism to assert the failure of a claimant authentication attempt based on attributes of the claimant or of the attempt. | |
FIA_HOTP_EXT.1 | The TOE optionally supports HOTP as a form of claimant authenticator and implements mechanisms to determine the validity of a HOTP credential if supported. | |
FIA_PSK_EXT.1/AuthSvr | The TOE optionally supports PSKs as a form of claimant authenticator and may specifically support one or more of HOTP, TOTP, or password-based PSK. | |
FIA_PSK_EXT.2 | The TOE optionally supports randomly generated PSKs as a form of claimant authenticator. | |
FIA_PSK_EXT.3 | The TOE optionally supports password-based PSKs as a form of claimant authenticator and implements mechanisms to determine the validity of a password-based PSK credential if supported. | |
FIA_TOTP_EXT.1 | The TOE optionally supports TOTP as a form of claimant authenticator and implements mechanisms to determine the validity of a TOTP credential if supported. |
PP-Module Threat, Assumption, OSP | Consistency Rationale |
---|---|
T.FALSE_ENDPOINTS | This threat is similar to the T.WEAK_AUTHENTICATION_ENDPOINTS threat in the NDcPP but it applies specifically to the NAS, which is an environmental component that is defined specifically in this PP-Module. |
T.INVALID_USERS | This threat is similar to the T.UNAUTHORIZED_ADMINISTRATOR_ACCESS threat in the NDcPP but it applies to user authentication brokered by the TSF rather than to administrator authentication to the TOE itself. It is also similar to the T.UNTRUSTED_COMMUNICATION_CHANNELS threat in the NDcPP except that it applies specifically to the RADIUS communications and the protocols used to secure those, which is an interface that is defined specifically in this PP-Module. |
A.RP_FEDERATION | The NDcPP does not define any assumptions for the intended network architecture that the TOE is deployed into. Therefore, an assumption that the network can be set up in such a way that the TOE will have direct connectivity with one or more relying parties does not violate any assumptions of the NDcPP. |
P.AUTH_POLICY | This OSP relates to behavior that is not part of the Base-PP and so the Base-PP is not contradicted by guidance on its implementation. |
The objectives for the TOEs are consistent with the NDcPP based on the following rationale:
PP-Module TOE Objective | Consistency Rationale |
---|---|
O.AUTHORIZED_USE | The NDcPP does not define any TOE objectives; instead, it maps SFRs directly to threats. This TOE objective is intended to mitigate the T.UNAUTHORIZED_ADMINISTRATOR_ACCESS and T.UNDETECTED_ACTIVITY threats for the functions defined by this PP-Module. |
O.SECURITY_ASSOCIATION | The NDcPP does not define any TOE objectives; instead, it maps SFRs directly to threats. This objective is therefore assumed not to conflict with the NDcPP by virtue of the fact that the SFRs used to satisfy this objective do not conflict with the NDcPP SFRs. |
O.TRUSTED_RP | The NDcPP does not define any TOE objectives; instead, it maps SFRs directly to threats. This objective is therefore assumed not to conflict with the NDcPP by virtue of the fact that the SFRs used to satisfy this objective do not conflict with the NDcPP SFRs. |
O.USER_AUTH | The NDcPP does not define any TOE objectives; instead, it maps SFRs directly to threats. This objective is therefore assumed not to conflict with the NDcPP by virtue of the fact that the SFRs used to satisfy this objective do not conflict with the NDcPP SFRs. |
The objectives for the TOE's OE are consistent with the NDcPP based on the following rationale:
PP-Module OE Objective | Consistency Rationale |
---|---|
OE.RP_FEDERATION | The Base-PP does not define where in a particular network architecture a network device must be deployed since it is designed to be generic to various types of network devices. This PP-Module defines the expected architectural deployment specifically for a network device that acts as an authentication server. |
OE.REQUIRE_AUTH | The Base-PP does not define a particular use for a network device, so there is no consistency issue with the PP-Module defining expectations for the use of a specific type of device. |
PP-Module Requirement | Consistency Rationale |
---|---|
Modified SFRs | |
FIA_X509_EXT.1/Rev | This PP-Module modifies the Base-PP's definition of the SFR by making it mandatory rather than selection-based. |
FIA_X509_EXT.2 | This PP-Module modifies the Base-PP's definition of the SFR by making it mandatory rather than selection-based. |
FIA_X509_EXT.3 | This PP-Module modifies the Base-PP's definition of the SFR by making it mandatory rather than selection-based. |
Additional SFRs | |
This PP-Module does not add any requirements when the NDcPP is the base. | |
Mandatory SFRs | |
FAU_GEN.1/AuthSvr | This SFR iterates the FAU_GEN.1 SFR defined in the Base-PP to define auditable events for the functionality that is specific to this PP-Module. |
FCO_NRO.1 | This SFR applies to the implementation of the supported authentication protocol, which is beyond the original scope of the Base-PP. |
FCO_NRR.1 | This SFR applies to the implementation of the supported authentication protocol, which is beyond the original scope of the Base-PP. |
FCS_CKM.3 | The Base-PP requires confidentiality of cryptographic key data in FPT_SKP_EXT.1. This SFR defines more specific detail on how that function should be enforced. |
FCS_EAPTLS_EXT.1 | This SFR applies to the implementation of EAP-TLS; the Base-PP defines implementation requirements for (D)TLS, but EAP-TLS is beyond the original scope of the Base-PP. |
FCS_RADIUS_EXT.1 | This SFR applies to the implementation of authentication protocols, which is beyond the original scope of the Base-PP. |
FCS_STG_EXT.1 | This SFR is consistent with the FPT_SKP_EXT.1 requirement of the Base-PP but requires the TSF to implement a specific method of protecting key data rather than a general statement that such data is not stored in plaintext. |
FIA_AFL.1/AuthSvr | This SFR defines functional behavior enforced on external users being authenticated by the TOE, which is functionality that is not covered by the Base-PP. |
FIA_UAU.6 | This SFR defines support for re-authentication of administrators, which expands on the authentication functionality defined in the Base-PP. |
FIA_X509_EXT.1/AuthSvr | The Base-PP defines X.509 validation requirements for external entities presenting certificates to the TOE. This PP-Module defines a separate iteration of this function to define the certificate validation behavior that is enforced against claimants requesting to be authenticated by the TOE. It is substantially refined from its original definition to address issues specific to the handling of claimant certificates. |
FMT_SMF.1/AuthSvr | This SFR defines additional management functionality that is specific to the PP-Module’s product type and would therefore not be expected to be present in the Base-PP. |
FTA_TSE.1 | This SFR relates to the handling of claimants being authenticated by the TOE, which is functionality that is beyond the original scope of the Base-PP. |
FTP_ITC.1/NAS | This SFR iterates the FTP_ITC.1 SFR defined in the Base-PP to define trusted communication channels for the functionality that is specific to this PP-Module. |
Optional SFRs | |
This PP-Module does not define any Optional requirements. | |
Objective SFRs | |
This PP-Module does not define any Objective requirements. | |
Implementation-based SFRs | |
This PP-Module does not define any Implementation-based requirements. | |
Selection-based SFRs | |
FCS_RADSEC_EXT.1 | This SFR defines the implementation of RadSec and the peer authentication method that it uses. This relies on the TLS requirements defined by the Base-PP and may also use the X.509v3 certificate validation methods specified in the Base-PP, depending on the selected peer authentication method. |
FIA_HOTP_EXT.1 | This SFR extends the functionality of the Base-PP by defining the use of pre-shared keys as an authenticator. |
FIA_PSK_EXT.1/AuthSvr | This SFR extends the functionality of the Base-PP by defining the use of pre-shared keys as an authenticator. |
FIA_PSK_EXT.2 | This SFR extends the functionality of the Base-PP by defining the use of pre-shared keys as an authenticator. |
FIA_PSK_EXT.3 | This SFR extends the functionality of the Base-PP by defining the use of pre-shared keys as an authenticator. |
FIA_TOTP_EXT.1 | This SFR extends the functionality of the Base-PP by defining the use of pre-shared keys as an authenticator. |
This PP-Module does not define any Strictly Optional SFRs.
This PP-Module does not define any Objective SFRs.
This PP-Module does not define any Implementation-based SFRs.
This SFR is claimed if "a RadSec" is selected in FTP_ITC.1.1/NAS.
If "RFC 6614" is claimed in the selection for FCS_RADSEC_EXT.1.1, "TLS in accordance with FCS_TLSS_EXT.1 and FCS_TLSS_EXT.2 from the Base-PP" is claimed in FCS_RADSEC_EXT.1.3.
If "RFC 7360" is claimed in the selection for FCS_RADSEC_EXT.1.1, "DTLS in accordance with FCS_DTLSS_EXT.1 and FCS_DTLSS_EXT.2 from the Base-PP" is claimed in FCS_RADSEC_EXT.1.3. Note that RFC 7360 is not directly updated by RFC 8996, but its references to DTLS 1.2 (RFC 6347) are.
It is the intent that TLS 1.0, TLS 1.1, and DTLS 1.0 (to include via downgrade as allowed in the original RFCs) are not allowed here.
If "pre-shared keys" is selected in FCS_RADSEC_EXT.1.2, the selection-based SFR FIA_PSK_EXT.1/AuthSvr must be claimed.Functional Class | Functional Components |
---|---|
Cryptographic Support (FCS) | FCS_EAPTLS_EXT EAP-TLS Protocol FCS_RADIUS_EXT Authentication Protocol FCS_RADSEC_EXT RadSec FCS_STG_EXT Cryptographic Key Storage |
Identification and Authentication (FIA) | FIA_HOTP_EXT HMAC-Based One-Time Password Pre-Shared Keys FIA_PSK_EXT Pre-Shared Keys FIA_TOTP_EXT Time-Based One-Time Password Pre-Shared Keys |
FCS_EAPTLS_EXT.1, EAP-TLS Protocol, requires the TSF to implement EAP and EAP-TLS according to appropriate standards.
The following actions could be considered for the management functions in FMT:
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
Hierarchical to: No other components.
Dependencies to: FCS_RBG_EXT.1 Random Bit Generation
[FCS_TLSS_EXT.1 TLS Server Protocol Without Mutual Authentication, or FCS_DTLSS_EXT.1 DTLS Server Protocol Without Mutual Authentication] [FCS_TLSS_EXT.2 TLS Server Support for Mutual Authentication, or FCS_DTLSS_EXT.2 DTLS Server Support for Mutual Authentication] FIA_X509_EXT.1 X.509 Certificate ValidationFCS_RADIUS_EXT.1, Authentication Protocol, requires the TSF to implement the specified authentication protocols.
The following actions could be considered for the management functions in FMT:
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
Hierarchical to: No other components.
Dependencies to: FCS_EAPTLS_EXT.1 EAP-TLS Protocol
FCS_STG_EXT.1, Cryptographic Key Storage, requires the TSF to identify a mechanism used to securely store cryptographic keys.
The following actions could be considered for the management functions in FMT:
There are no auditable events foreseen.
FCS_RADSEC_EXT.1, RadSec, defines implementation requirements for RadSec.
The following actions could be considered for the management functions in FMT:
There are no auditable events foreseen.
Hierarchical to: No other components.
Dependencies to: FCS_RADIUS_EXT.1 Authentication Protocol
FCS_RBG_EXT.1 Random Bit Generation [FIA_PSK_EXT.1 Pre-Shared Key Composition, or FIA_X509_EXT.1 X.509 Certificate Validation]FIA_HOTP_EXT.1, HMAC-Based One-Time Password Pre-Shared Keys, defines the implementation of HOTP.
The following actions could be considered for the management functions in FMT:
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
Hierarchical to: No other components.
Dependencies to: FCS_COP.1 Cryptographic Operation
FCS_RBG_EXT.1 Random Bit GenerationFIA_PSK_EXT.1, Pre-Shared Key Usage, defines the use and composition of pre-shared keys used for authentication.
FIA_PSK_EXT.2, Generated Pre-Shared Keys, defines the use and composition of generated pre-shared keys used for authentication.
FIA_PSK_EXT.3, Password-Based Pre-Shared Keys, defines the use and composition of password-based pre-shared keys used for authentication.
The following actions could be considered for the management functions in FMT:
There are no auditable events foreseen.
Hierarchical to: No other components.
Dependencies to: [FCS_EAPTLS_EXT.1 EAP-TLS Protocol, or
FCS_IPSEC_EXT.1 IPsec]The following actions could be considered for the management functions in FMT:
There are no auditable events foreseen.
Hierarchical to: No other components.
Dependencies to: FIA_PSK_EXT.1 Pre-Shared Key Usage
The following actions could be considered for the management functions in FMT:
No auditable events are foreseen.
Hierarchical to: No other components.
Dependencies to: FCS_COP.1 Cryptographic Operation
FCS_RBG_EXT.1 Random Bit Generation FIA_PSK_EXT.1 Pre-Shared Key UsageFIA_TOTP_EXT.1, Time-Based One-Time Password Pre-Shared Keys, defines the implementation of TOTP.
The following actions could be considered for the management functions in FMT:
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
Hierarchical to: No other components.
Dependencies to: FCS_COP.1 Cryptographic Operation
FCS_RBG_EXT.1 Random Bit GenerationThis appendix lists requirements that should be considered satisfied by products successfully evaluated against this PP-Module. These requirements are not featured explicitly as SFRs and should not be included in the ST. They are not included as standalone SFRs because it would increase the time, cost, and complexity of evaluation. This approach is permitted by [CC] Part 1, 8.2 Dependencies between components.
This information benefits systems engineering activities which call for inclusion of particular security controls. Evaluation against the PP-Module provides evidence that these controls are present and have been evaluated.
This PP-Module has no implicitly satisfied requirements. All SFR dependencies are explicitly met either through SFRs defined by the PP-Module or inherited from the Base-PP.Requirement | Description | Distributed TOE SFR Allocation |
FAU_GEN.1/AuthSvr | Audit Data Generation (Authentication Server) | All |
FCO_NRO.1 | Selective Proof of Origin | Feature Dependent |
FCO_NRR.1 | Selective Proof of Receipt | Feature Dependent |
FCS_CKM.3 | Cryptographic Key Access | All |
FCS_EAPTLS_EXT.1 | EAP-TLS Protocol | Feature Dependent |
FCS_RADIUS_EXT.1 | Authentication Protocol | Feature Dependent |
FCS_STG_EXT.1 | Cryptographic Key Storage | All |
FIA_AFL.1/AuthSvr | Authentication Failure Handling (Claimant) | Feature Dependent |
FIA_X509_EXT.1/AuthSvr | X.509 Certificate Validation (Claimant) | Feature Dependent |
FIA_UAU.6 | Re-Authenticating | Feature Dependent |
FMT_SMF.1/AuthSvr | Specification of Management Functions (Authentication Server) | All |
FTA_TSE.1 | TOE Session Establishment | Feature Dependent |
FTP_ITC.1/NAS | Inter-TSF Trusted Channel (Relying Party Communications) | Feature Dependent |
FCS_RADSEC_EXT.1 (selection-based) | RadSec | Feature Dependent |
FIA_HOTP_EXT.1 (selection-based) | HMAC-Based One-Time Password Pre-Shared Keys | Feature Dependent |
FIA_PSK_EXT.1/AuthSvr (selection-based) | Pre-Shared Key Usage | Feature Dependent |
FIA_PSK_EXT.2 (selection-based) | Generated Pre-Shared Keys | Feature Dependent |
FIA_PSK_EXT.3 (selection-based) | Password-Based Pre-Shared Keys | Feature Dependent |
FIA_TOTP_EXT.1 (selection-based) | Time-Based One-Time Password Pre-Shared Keys | Feature Dependent |
Acronym | Meaning |
---|---|
AAA | Authentication, Authorization, and Accounting |
Base-PP | Base Protection Profile |
CC | Common Criteria |
CEM | Common Evaluation Methodology |
cPP | Collaborative Protection Profile |
CRL | Certificate Revocation List |
CSP | Critical Security Parameters |
DTLS | Datagram Transport Layer Security |
EAP | Extensible Authentication Protocol |
HOTP | Hash-Based One-Time Password |
IPsec | Internet Protocol Security |
MSK | Master Session Key |
OCSP | Online Certificate Status Protocol |
OE | Operational Environment |
PBKDF | Password-Based Key Derivation Function |
PP | Protection Profile |
PP-Configuration | Protection Profile Configuration |
PP-Module | Protection Profile Module |
PSK | Pre-Shared Key |
RADIUS | Remote Authentication Dial In User Service |
RBG | Random Bit Generator |
RP | Relying Party |
SAR | Security Assurance Requirement |
SFR | Security Functional Requirement |
SSH | Secure Shell |
ST | Security Target |
TLS | Transport Layer Security |
TOE | Target of Evaluation |
TOTP | Time-Based One-Time Password |
TSF | TOE Security Functionality |
TSFI | TSF Interface |
TSS | TOE Summary Specification |
WLAN | Wireless Local Area Network |
Identifier | Title |
---|---|
[CC] | Common Criteria for Information Technology Security Evaluation -
|
[NDcPP] | collaborative Protection Profile for Network Devices, Version 2.2e, March 23, 2020 |
[NDcPP SD] | Supporting Document - Evaluation Activities for Network Device cPP, Version 2.2, December 2019 |