Re: RI # 220 - FCS_CKM/COP dependency on FDP_ITC.1

Subject: Re: RI # 220 - FCS_CKM/COP dependency on FDP_ITC.1
From: "NIAP Interpretations Board" <faigin@aero.org>
Date: Mon, 08 Mar 2004 09:35:48 -0800
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal
Reply-to: cc-cmt@nist.gov


The NIB examined the proposed interpretation and concluded that FDP_ITC.1, 
Import of user data without security attributes, and FDP_ITC.2, Import of user 
data with security attributes, are the incorrect requirements that should be 
included as dependencies for FCS_CKM.2/3/4 and FCS_COM.1. 

1.  Paragraphs 1 and 2 of the Interpretation argue that the
    dependencies, FDP_ITC.1 and FDP_ITC.2, are needed if the TOE must
    import a cryptographic key to perform the cryptographic operations
    in FCS_CKM.2/3/4 and FCS_COM.1:   "The FDP_ITC family defines
    mechanisms for importing user data from outside the TSF Scope of
    Control into the TOE."  However, the cryptographic keys that need to
    be either generated or imported are TSF data -- not user data.
    FPT_ITC.1, Inter-TSF Confidentiality During Transmission, is the
    correct and more appropriate requirement to use. 

    The FPT_ITC family has the following behavior (CC, Part 2, paragraph
    383): 

    This family defines the rules for the protection from unauthorized
    disclosure of TSF data during transmission between the TSF and a
    remote trusted IT product.  This data could, for example, be TSF
    critical data such as passwords, keys, audit data, or TSF executable
    code. 

    FPT_ITC.1, in particular, has the following Behavior description in
    the CC, Part 2, Annexes (paragraph 518): 

    This family defines requirements for the creation of a trusted
    channel between the TSF and other trusted IT products for the
    performance of security critical operations. This family should be
    included whenever there are requirements for the secure
    communication of user or TSF data between the TOE and other trusted
    IT products. 

2.  The NIB suspects that specifying the FDP_ITC components may have
    resulted from a CC, Part 2, referencing error since the NIB
    determined that there are currently three SFR classes that have an
    "ITC" family: 

	*	FDP_ITC, Import from outside TSF control
	*	FPT_ITC, Confidentiality of exported TSF data
	*	FTP_ITC, Inter-TSF trusted channel

Prev by Date: Re: RI # 192 - Sequencing of sub-activities
Next by Date: Re: I-0451: When To Use IFF/IFC And ACF/ACC
Prev by thread: Re: RI # 180 - COV.3 dependency on FSP.1
Next by thread: Re: RI # 192 - Sequencing of sub-activities

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov