PD 0146: Remote Administration and Cryptographic Functionality in the TFWPP

Subject: PD 0146: Remote Administration and Cryptographic Functionality in the TFWPP
From: "Observation Decisions Review Board" <faigin@aero.org>
Date: Thu, 29 Jan 2009 10:48:45 -0800
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal


During its December 2008 meeting, the ODRB developed the following PD
based on a recent OD. Comments on this PD are welcomed and will be
considered at the next ODRB meeting. 


TITLE   

Remote Administration and Cryptographic Functionality in the TFWPP

ISSUE

The TFFW PP includes several statements that imply that remote
administration is optional (not required) to be included in the scope of
the Target of Evaluation (TOE). The specific language in the PP that
implies this functionality is optional is as follows: 

o       Application Note for FIA_UAU.4

        Application Note: TOEs that do not provide capabilities for
        authorized administrators to access the TOE remotely from either
        an internal or external network (i.e., for remote
        administration) or for authorized external IT entities do not
        have to make such functionality available in order to satisfy
        this requirement. The intent of this requirement is not to
        require developers to provide such capabilities and their
        associated single-use authentication mechanisms. The requirement
        applies to those developers that do incorporate such
        functionality and intend for it to be evaluated. 

o       Pg 15 discussion of FCS_COP.1

        Component FCS_COP.1 is a conditional requirement. If the
        developer allows administration from a remote location outside
        the physically protected TOE, then evaluation against this
        Protection Profile shall require the TOE to meet this
        component. FCS_COP.1 defines a cryptographic algorithm as well
        as the key size that must be used. The cryptographic module must
        be FIPS PUB 140-2 compliant for the reasons stated in Section
        3. 

o       FMT_MOF K includes "if"

        l) additionally, if the TSF supports remote administration from
        either an internal or external network: 

                *       enable and disable remote administration from
                        internal and external networks; 
                *       restrict addresses from which remote
                        administration can be performed; 

Given the above references in the TFFW PP, it can definitely be
concluded that the TOE need not offer remote administration to meet the
PP. 

RESOLUTION

Remote administration may be excluded from the TOE and still claim
compliance to the PP. In addition, excluding remote administration from
the TOE will comply with Policy 13 if it is clearly stated in all
applicable documents (Admin Guide, User Guide, ST, VR, VPL, etc) that
remote administration is disabled by default in the evaluated
configuration. 

RATIONALE

Although CCEVS is writing a new crypto policy that will mandate FIPS for
all crypto in the TOE, there is currently no such policy. Therefore, to
allow remote login without FIPS certification may actually cause a
greater security risk.  Once the new crypto policy is issued, CCEVS will
revisit this issue and the TFFW PP in particular.

Prev by Date: RE: TSFI Determination
Next by Date: Correction to PD 143
Prev by thread: Correction to PD 143
Next by thread: PD 0143: Meeting FTA_TAH_EXP.1 in the DBMS PP

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov