diff --git a/index.html b/index.html index a93b98f..301ca01 100644 --- a/index.html +++ b/index.html @@ -1,5 +1,5 @@
- A Security Target must claim exact conformance to this Protection Profile, as defined in the CC and CEM addenda for Exact Conformance, Selection-Based SFRs, and Optional SFRs (dated May 2017). The following PPs and PP-Modules are allowed to be specified in a PP-Configuration with this PP-Module with this PP. + A Security Target must claim exact conformance to this Protection Profile, as defined in the CC and CEM addenda for Exact Conformance, Selection-Based SFRs, and Optional SFRs (dated May 2017).
- +FCS_TLSC_EXT.1 | Failure to establish a session. | Reason for failure. | -
FCS_TLSC_EXT.1 | Failure to verify presented identifier. | Presented identifier and reference identifier. | -
FCS_TLSC_EXT.1 | Establishment/termination of a TLS session. | Non-TOE endpoint of connection. | -
FCS_TLSS_EXT.1 | Failure to establish a session. | Reason for failure. | -
FCS_DTLSC_EXT.1 | Failure of the certificate validity check. | Issuer Name and Subject Name of certificate. | -
FCS_DTLSS_EXT.1 | Failure of the certificate validity check. | Issuer Name and Subject Name of certificate. | -
FIPS 186-4 Public Key Verification (PKV) Test
For each supported NIST curve (i.e., P-256, P-384 and P-521) the evaluator shall generate 10 private/public key pairs using the key generation function of a known good implementation and modify five of the public key values so that they are incorrect, leaving five values unchanged (i.e., correct). The evaluator shall obtain in response a set of 10 PASS/FAIL values. - Key Generation for Finite-Field Cryptography (FFC) + Key Generation for Finite-Field Cryptography (FFC) The evaluator shall verify the implementation of the Parameters Generation and the Key Generation for FFC by the TOE using the Parameter Generation and Key Generation test. This test verifies the ability of the TSF to correctly produce values for the field prime p, the cryptographic prime q (dividing p-1), the cryptographic group generator g, and the calculation of the private key x and public key y. @@ -933,7 +918,7 @@This information benefits systems engineering activities which call for inclusion of particular security controls. Evaluation against the PP provides evidence that these controls are present and have been evaluated.
- Table 4: Implicitly Satisfied Requirements + Table 4: Implicitly Satisfied RequirementsRequirement | Rationale for Satisfaction | @@ -4755,10 +4749,10 @@
Assurance | Grounds for confidence that a TOE meets the SFRs [CC]. |
A Security Target must claim exact conformance to this Protection Profile, as defined in the CC and CEM addenda for Exact Conformance, Selection-Based SFRs, and Optional SFRs (dated May 2017). The following PPs and PP-Modules are allowed to be specified in a PP-Configuration with this PP-Module with this PP.
A Security Target must claim exact conformance to this Protection Profile, as defined in the CC and CEM addenda for Exact Conformance, Selection-Based SFRs, and Optional SFRs (dated May 2017).
+Threat, Assumption, or OSP | Security Objectives | Rationale |
T.3P_SOFTWARE | O.VMM_INTEGRITY | The VMM integrity mechanisms include environment-based vulnerability mitigation and potentiallysupport for introspection and device driver isolation, all of which reduce the likelihood that any vulnerabilities in third-party software can be used to exploit the TOE. |
T.DATA_LEAKAGE | O.DOMAIN_INTEGRITY | Logical separation of VMs and enforcement of domain integrity prevent unauthorized transmission of data from one VM to another. |
O.VM_ISOLATION | Logical separation of VMs and enforcement of domain integrity prevent unauthorized transmission of data from one VM to another. | |
T.DENIAL_OF_SERVICE | O.RESOURCE_ALLOCATION | The ability of the TSF to ensure the proper allocation of resources makes denial of serviceattacks more difficult. |
T.MISCONFIGURATION | O.CORRECTLY_APPLIED_CONFIGURATION | Mechanisms to prevent the application of configurations that violate the current security policy help prevent misconfigurations. |
T.PLATFORM_COMPROMISE | O.PLATFORM_INTEGRITY | Platform integrity mechanisms used by the TOE reduce the risk that an attacker can ‘break out’ of a VM and affect the platform on which the VS is running. |
T.UNAUTHORIZED_ACCESS | O.MANAGEMENT_ACCESS | Ensuring that TSF management functions cannot be executed without authorization prevents untrustedsubjects from modifying the behavior of the TOE in an unanticipated manner. |
T.UNAUTHORIZED_MODIFICATION | O.AUDIT | Enforcement of VMM integrity prevents the bypass of enforcement mechanisms and auditing ensuresthat abuse of legitimate authority can be detected. |
O.VMM_INTEGRITY | Enforcement of VMM integrity prevents the bypass of enforcement mechanisms and auditing ensuresthat abuse of legitimate authority can be detected. | |
T.UNAUTHORIZED_UPDATE | O.VMM_INTEGRITY | System integrity prevents the TOE from installing a software patch containing unknown andpotentially malicious code. |
T.UNPATCHED_SOFTWARE | O.PATCHED_SOFTWARE | The ability to patch the TOE software ensures that protections against vulnerabilities can be applied as they become available. |
T.USER_ERROR | O.VM_ISOLATION | Isolation of VMs includes clear attribution of those VMs to their respective domains which reducesthe likelihood that a user inadvertently inputs or transfers data meant for one VM into another. |
T.VMM_COMPROMISE | O.VMM_INTEGRITY | Maintaining the integrity of the VMM and ensuring that VMs execute in isolated domains mitigatethe risk that the VMM can be compromised or bypassed. |
O.VM_ISOLATION | Maintaining the integrity of the VMM and ensuring that VMs execute in isolated domains mitigatethe risk that the VMM can be compromised or bypassed. | |
T.WEAK_CRYPTO | O.VM_ENTROPY | Acquisition of good entropy is necessary to support the TOE's security-related cryptographicalgorithms. |
A.NON_MALICIOUS_USER | OE.CONFIG | If the TOE is administered by a non-malicious and non-negligent user, the expected result is that the TOE
@@ -773,7 +790,7 @@ 4.3 Security Objectives Rationale< to be physically secure. |
A.PLATFORM_INTEGRITY | OE.PHYSICAL | If the underlying platform has not been compromised prior to installation of the TOE, its integrity can be assumed to be intact. |
A.TRUSTED_ADMIN | OE.TRUSTED_ADMIN | Providing guidance to administrators and ensuring that individuals are properly trained and vetted before being given administrative responsibilities will ensure that they are trusted. |
FCS_TLSC_EXT.1 | Failure to establish a session. | Reason for failure. |
FCS_TLSC_EXT.1 | Failure to verify presented identifier. | Presented identifier and reference identifier. |
FCS_TLSC_EXT.1 | Establishment/termination of a TLS session. | Non-TOE endpoint of connection. |
FCS_TLSS_EXT.1 | Failure to establish a session. | Reason for failure. |
FCS_DTLSC_EXT.1 | Failure of the certificate validity check. | Issuer Name and Subject Name of certificate. |
FCS_DTLSS_EXT.1 | Failure of the certificate validity check. | Issuer Name and Subject Name of certificate. |