-
Notifications
You must be signed in to change notification settings - Fork 3
/
application.xml
5539 lines (5326 loc) · 315 KB
/
application.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type="text/xsl" href="..\transforms\pp2html.xsl"?>
<?xml-model href="https://raw.githubusercontent.com/commoncriteria/transforms/master/schemas/CCProtectionProfile.rng" type="application/xml" schematypens="http://relaxng.org/ns/structure/1.0"?>
<PP xmlns="https://niap-ccevs.org/cc/v1"
xmlns:h="http://www.w3.org/1999/xhtml"
xmlns:sec="https://niap-ccevs.org/cc/v1/section"
target-product="Application Software"
target-products="Application Software"
boilerplate="yes"
short="App"
>
<PPReference>
<ReferenceTable>
<PPTitle>Protection Profile for Application Software</PPTitle>
<PPVersion>2.0</PPVersion>
<PPAuthor>National Information Assurance Partnership</PPAuthor>
<PPPubDate>2024-07-31</PPPubDate>
<Keywords>application; software</Keywords>
</ReferenceTable>
</PPReference>
<RevisionHistory>
<entry>
<version>v 1.0</version>
<date>2014-10-20</date>
<subject>Initial release</subject>
</entry>
<entry>
<version>v 1.1</version>
<date>2014-11-05</date>
<subject>Addition to TLS cipher suite selections</subject>
</entry>
<entry>
<version>v 1.2</version>
<date>2016-04-22</date>
<subject>Added server-side TLS requirements (selection-based)
<h:br/>Multiple clarification based on NIAP TRRT inquiries
<h:br/>Refactored FDP_DEC_EXT.1 into separate components
</subject>
</entry>
<entry>
<version>v 1.3</version>
<date>2019-03-01</date>
<subject>Incorporated available Technical Decisions
<h:br/>Refactored FPT_TUD
<h:br/>Added a selection to FTP_DIT
<h:br/>Moved SWID Tags requirement
<h:br/>Leveraged TLS Package
<h:br/>Added equivalency section
</subject>
</entry>
<entry>
<version>v 1.4</version>
<date>2021-10-07</date>
<subject>Incorporated applicable Technical Decisions
<h:br/>Updated to TLS FP 1.1
<h:br/>Incorporated SSH FP 1.0
</subject>
</entry>
<entry>
<version>v 2.0</version>
<date>2024-07-31</date>
<subject>CC2022 conversion
<h:br/>Updating for TLS FP, SSH FP, and X509 FP
<h:br/>TDs and Github Issues
<h:br/>CNSA 2.0 updates
<h:br/>ALC FLR Updates
</subject>
</entry>
</RevisionHistory>
<!-- TDs incorporated:
TD0780: FIA_X509_EXT.1 Test 4 Clarification
TD0756: Update for platform-provided full disk encryption
TD0747: Configuration Storage Option for Android
TD0743: FTP_DIT_EXT.1.1 Selection exclusivity
TD0736: Number of elements for iterations of FCS_HTTPS_EXT.1
TD0719: ECD for PP APP V1.3 and 1.4
TD0717: Format changes for PP_APP_V1.4
TD0669: FIA_X509_EXT.1 Test 4 Interpretation
TD0664: Testing activity for FPT_TUD_EXT.2.2
TD0655: Mutual authentication in FTP_DIT_EXT.1 for SW App
TD0650: Conformance claim sections updated to allow for MOD_VPNC_V2.3 and 2.4
TD0628: Addition of Container Image to Package Format
TD0624: Addition of DataStore for Storing and Setting Configuration Options
XXXXXX: Replaced SSH EP 1.0 with SSH FP 1.0
TD0601: Updating FTP_DIT_EXT.1 to conform to changes in FCS_HTTPS_EXT. Supersedes TDs 444, 473, 587.
TD0600: Conformance claim sections updated to allow for MOD_VPNC_V2.3
TD0598: Expanded AES Modes in FCS_COP for App PP
TD0587: X.509 SFR Applicability in App PP (superseded by TD0601)
TD0582: PP-Configuration for Application Software and Virtual Private Network (VPN) Clients now allowed
TD0561: Signature verification update
TD0554: iOS/iPadOS/Android AppSW Virus Scan
TD0548: Integrity for installation tests in AppSW PP 1.3
TD0544: Alternative testing methods for FPT_AEX_EXT.1.1
TD0543: FMT_MEC_EXT.1 evaluation activity update
TD0519: Linux symbolic links and FMT_CFG_EXT.1
TD0515: Use Android APK manifest in test
TD0510: Obtaining random bytes for iOS/macOS
TD0498: Application Software PP Security Objectives and Requirements Rationale
TD0495: FIA_X509_EXT.1.2 Test Clarification
TD0473: Support for Client or Server TOEs in FCS_HTTPS_EXT (superseded by TD0601)
TD0465: Configuration Storage for .NET Apps
TD0445: User Modifiable File Definition
TD0437: Supported Configuration Mechanism
TD0435: Alternative to SELinux for FPT_AEX_EXT.1.3
TD0434: Windows Desktop Applications Test
TD0427: Reliable Time Source
TD0416: Correction to FCS_RBG_EXT.1 Test Activity
Also changed the names of FCS SFRs with iterations as follows:
FCS_CMK.1 is renamed FCS_CKM_EXT.1
FCS_CKM.1/1 (a.k.a FCS_CKM.1/ALGO) is renamed FCS_CKM.1/AK
FCS_CKM.1/2 is renamed FCS_CKM.1/SK
FCS_CKM.1/3 is renamed FCS_CKM_EXT.1/PBKDF (FCS_CKM_EXT.1/PBKDF subsequently renamed FCS_PBKDF_EXT
FCS_COP.1/1 is renamed FCS_COP.1/SKC
FCS_COP.1/2 is renamed FCS_COP.1/Hash
FCS_COP.1/3 is renamed FCS_COP.1/Sig
FCS_COP.1/4 is renamed FCS_COP.1/KeyedHash
-->
<!--
<subaactivity-decl>
<val id="sad-android" full="Android-based Platform"></val>
<val id="sad-windows" full="Microsoft Windows Platform"></val>
<val id="sad-ios" full="Apple iOS Platform"></val>
<val id="sad-linux" full="Linux-based Platform"></val>
<val id="sad-Solaris" full="Oracle Solaris Platform"></val>
<val id="sad-mac" full="Apple macOS Platform"></val>
</subaactivity-decl>
-->
<include-pkg id="pkg-ssh">
<git>
<url>https://github.com/commoncriteria/ssh</url>
<branch>release-1.0</branch>
</git>
<url>https://www.niap-ccevs.org/Profile/Info.cfm?PPID=459&id=459</url>
<depends on-sel="sel_all_ssh"/>
</include-pkg>
<include-pkg id="pkg-tls">
<git>
<url>https://github.com/commoncriteria/tls</url>
<branch>release-2.0</branch>
</git>
<url>https://www.niap-ccevs.org/Profile/Info.cfm?PPID=439&id=439</url>
<depends on-sel="sel_all_tls" on-also="sel_all_dtls"/>
</include-pkg>
<pp-preferences>
<using-cc2022/>
</pp-preferences>
<!-- 1.0 Introdiction -->
<sec:Introduction>
<!-- 1.1 Overview -->
<sec:Overview>The scope of this Protection Profile (PP) is to
describe the security functionality of application software in terms of <xref g="CC"/>
and to define functional and assurance requirements for such software. In recent years,
software attacks have shifted from targeting operating systems to targeting applications. This
has been the natural response to improvements in operating system security and development
processes. As a result, it is paramount that the
security of applications be improved to
reduce the risk of compromise.
</sec:Overview>
<!-- 1.2 Terms -->
<!-- 1.2.1 Common Criteria Terms -->
<!-- 1.2.2 Technical Terms -->
<tech-terms>
<term full="Address Space Layout Randomization" abbr="ASLR">
An anti-exploitation feature which loads memory mappings into unpredictable
locations. ASLR makes it more difficult for an attacker to redirect control to code
that they have introduced into the address space of an application process.</term>
<term abbr="ADB" full="Android Debug Bridge"/>
<term abbr="AES" full="Advanced Encryption Standard"/>
<term abbr="ANSI" full="American National Standards Institute"/>
<term abbr="APK" full="Android Application Package"/>
<term full="Application" abbr="app">
Software that runs on a platform and performs tasks on behalf of
the user or owner of the platform, as well as its supporting documentation. The
terms <h:i>TOE</h:i> and <h:i>application</h:i> are interchangeable in this document.
</term>
<term full="Application Programming Interface" abbr="API">
A specification of routines, data structures, object classes, and variables
that allows an application to make use of services provided by another software
component, such as a library. APIs are often provided for a set of libraries included
with the platform.</term>
<term abbr="APPX" full="Windows Universal Application Package"/>
<term abbr="BIOS" full="Basic Input/Output System"/>
<term abbr="CMC" full="Certificate Management over CMS"/>
<term full="Credential">
Data that establishes the identity of a user, e.g. a cryptographic key or password.</term>
<term abbr="CMS" full="Cryptographic Message Syntax"/>
<term abbr="CN" full="Common Names"/>
<term abbr="CRL" full="Certificate Revocation List"/>
<term abbr="CSA" full="Computer Security Act"/>
<term full="Data Execution Prevention" abbr="DEP">
An anti-exploitation feature of modern operating systems executing on
modern computer hardware, which enforces a non-execute permission on pages of memory.
DEP prevents pages of memory from containing both data and instructions, which makes
it more difficult for an attacker to introduce and execute code.</term>
<term abbr="DES" full="Data Encryption Standard"/>
<term full="Developer">
An entity that writes application software. For the purposes of this
document, vendors and developers are the same.</term>
<term abbr="DHE" full="Diffie-Hellman Ephemeral"/>
<term abbr="DMG" full="Apple Disk Image"/>
<term abbr="DNS" full="Domain Name System"/>
<term abbr="DPAPI" full="Data Protection Application Programming Interface"/>
<term abbr="DRBG" full="Deterministic Random Bit Generator"/>
<term abbr="DSS" full="Digital Signature Standard"/>
<term abbr="DT" full="Date/Time Vector"/>
<term abbr="DTLS" full="Datagram Transport Layer Security"/>
<term abbr="EAP" full="Extensible Authentication Protocol"/>
<term abbr="ECDHE" full="Elliptic Curve Diffie-Hellman Ephemeral"/>
<term abbr="ECDSA" full="Elliptic Curve Digital Signature Algorithm"/>
<term abbr="EMET" full="Enhanced Mitigation Experience Toolkit"/>
<term abbr="EST" full="Enrollment over Secure Transport"/>
<term abbr="FIPS" full="Federal Information Processing Standards"/>
<term abbr="ELF" full="Executable and Linkable Format"/>
<term abbr="GPS" full="Global Positioning System"/>
<term abbr="HMAC" full="Hash-based Message Authentication Code"/>
<term abbr="HTTP" full="Hypertext Transfer Protocol"/>
<term abbr="HTTPS" full="Hypertext Transfer Protocol Secure"/>
<term abbr="IANA" full="Internet Assigned Number Authority"/>
<term abbr="IEC" full="International Electrotechnical Commission"/>
<term abbr="IETF" full="Internet Engineering Task Force"/>
<term abbr="IP" full="Internet Protocol"/>
<term abbr="IPA" full="iOS Package archive"/>
<term abbr="IR" full="Intermediate Integer"/>
<term abbr="ISO" full="International Organization for Standardization"/>
<term abbr="IT" full="Information Technology"/>
<term abbr="ITSEF" full="Information Technology Security Evaluation Facility"/>
<term abbr="JNI" full="Java Native Interface"/>
<term abbr="LDAP" full="Lightweight Directory Access Protocol"/>
<term full="Mobile Code">
Software transmitted from a remote system for
execution within a limited execution environment on the local system.
Typically, there is no persistent installation and
execution begins without the user's consent or even notification.
Examples of mobile code technologies include JavaScript, Java applets, Adobe Flash,
and Microsoft Silverlight.
</term>
<term abbr="MIME" full="Multi-purpose Internet Mail Extensions"/>
<term abbr="MPKG" full="Meta Package"/>
<term abbr="MSI" full="Microsoft Installer"/>
<term abbr="NFC" full="Near Field Communication"/>
<term abbr="NIAP" full="National Information Assurance Partnership"/>
<term abbr="NIST" full="National Institute of Standards and Technology"/>
<term abbr="OCSP" full="Online Certificate Status Protocol"/>
<term abbr="OID" full="Object Identifier"/>
<term abbr="OMB" full="Office of Management and Budget"/>
<term full="Operating System" abbr="OS">
Software that manages hardware resources and provides services for
applications.</term>
<term full="Personally Identifiable Information" abbr="PII">
Any information about an individual maintained by an agency, including, but
not limited to, education, financial transactions, medical history, and criminal or
employment history and information which can be used to distinguish or trace an
individual's identity, such as their name, social security number, date and place of
birth, mother’s maiden name, biometric records, etc., including any other personal
information which is linked or linkable to an individual. <xref to="bibOMB"/></term>
<term full="Platform">
The environment in which application software runs.
The platform can be an operating system, hardware environment, a software based execution environment,
or some combination of these. These types of platforms may also run atop other platforms.
</term>
<term abbr="PDF" full="Portable Document Format"/>
<term abbr="PE" full="Portable Executable"/>
<term abbr="PID" full="Process Identifier"/>
<term abbr="PKG" full="Package file"/>
<term abbr="PKI" full="Public Key Infrastructure"/>
<term abbr="RBG" full="Random Bit Generator"/>
<term abbr="RFC" full="Request for Comment"/>
<term abbr="RNG" full="Random Number Generator"/>
<term abbr="RNGVS" full="Random Number Generator Validation System"/>
<term abbr="SE" full="Security Enhancements"/>
<term abbr="SHA" full="Secure Hash Algorithm"/>
<term abbr="S/MIME" full="Secure/Multi-purpose Internet Mail Extensions"/>
<term abbr="SSH" full="Secure Shell"/>
<term abbr="SIP" full="Session Initiation Protocol"/>
<term full="Sensitive Data">
Sensitive data may include all user or enterprise data or may be
specific application data such as emails, messaging, documents,
calendar items, and contacts. Sensitive data must minimally include
PII, credentials, and keys. Sensitive data shall be identified in
the application’s TSS by the ST author.
</term>
<term abbr="SP" full="Special Publication"/>
<term abbr="SWID" full="Software Identification"/>
<term full="Stack Cookie">
An anti-exploitation feature that places a value on the stack at the start
of a function call, and checks that the value is the same at the end of the function
call. This is also referred to as Stack Guard, or Stack Canaries.</term>
<term abbr="SAN" full="Subject Alternative Name"/>
<term abbr="TLS" full="Transport Layer Security"/>
<term abbr="UI" full="User Interface"/>
<term abbr="URI" full="Uniform Resource Identifier"/>
<term abbr="URL" full="Uniform Resource Locator"/>
<term abbr="USB" full="Universal Serial Bus"/>
<term full="Vendor">
An entity that sells application software. For purposes of this document,
vendors and developers are the same. Vendors are responsible for maintaining and
updating application software.</term>
<term abbr="XCCDF" full="eXtensible Configuration Checklist Description Format"/>
<term abbr="XOR" full="Exclusive Or"/>
</tech-terms>
<!-- 1.3 Compliant Targets of Evaluation -->
<section title="Compliant Targets of Evaluation" id="TOEdescription">
<h:p>
The requirements in this document apply to application software which runs on any type of
platform. Some application types are covered by more specific PPs, which may be expressed as
PP-Modules of this PP. Such applications are subject to the requirements of both this PP and the
PP-Module that addresses their special functionality. PPs for some
particularly specialized applications may not be expressed as PP-Modules at this time,
though the requirements in this document should be seen as objectives for those
highly specialized applications.</h:p>
<h:p>
Although the requirements in this document apply to a wide range of application
software, consult guidance from the relevant national schemes to
determine when formal Common Criteria evaluation is expected for a
particular type of application. This may vary depending upon the nature
of the security functionality of the application.</h:p>
<!-- 1.3.1 TOE Boundary -->
<sec:TOE_Boundary>
<h:p>
The application, which consists of the software provided by its vendor,
is installed onto the platform(s) it operates on. It executes on the platform, which
may be an operating system (<xref to="toe-as-apponos"/>), hardware environment,
a software based execution environment, or some combination of these (<xref to="toe-as-apponee"/>).
Those platforms may themselves run within other environments, such as virtual machines or operating
systems, that completely abstract away the underlying hardware from the application. The TOE is not
accountable for security functionality that is implemented by platform layers that are abstracted
away. Some evaluation activities are specific to the particular platform
on which the application runs, in order to provide precision and
repeatability. The only platforms currently recognized by the AppPP are those specified in SFR Evaluation Activities.
To test on a platform for which there are no EAs, a Vendor should contact NIAP with recommended EAs.
NIAP will determine if the proposed platform is appropriate for the PP and accept, reject,
or develop EAs as necessary in coordination with the technical community.
</h:p><h:p>
Applications include a diverse range of software such as office suites, thin clients, PDF readers, downloadable
smartphone apps, and apps running in a cloud container. The TOE includes
any software in the application installation package, even those pieces that may
extend or modify the functionality of the underlying platform, such as kernel drivers.
Many platforms come bundled with applications such as web browsers, email clients and media players and these too
should be considered subject to the requirements defined in this document although the expectation of formal Common Criteria evaluation
depends upon the national scheme. BIOS and other firmware, the operating system kernel,
and other systems software (and drivers) provided as part of the platform are outside the scope
of this document.
<figure entity="images/toe.png" title="TOE as an Application and Kernel Module Running on an Operating System" id="toe-as-apponos"/>
<figure entity="images/toeruntime.png" title="TOE as an Application Running in an Execution Environment Plus Native Code" id="toe-as-apponee"/>
</h:p>
</sec:TOE_Boundary>
</section> <!-- 1.3 Compliant Targets of Evaluation -->
<!-- 1.4 Use Cases -->
<sec:Use_Cases>
Requirements in this Protection Profile are designed to
address the security problem in the following use cases. These use cases are intentionally
very broad, as many specific use cases exist for application software. Many applications may
be used in combinations of these broad use cases, and evaluation against PP-Modules
of this PP, when available, may be most appropriate for some application types.
<usecases>
<usecase title="Content Creation" id="contentcreation">
<description>The application allows a user to create content, saving it to either local or
remote storage. Example content includes text documents, presentations, and images.
</description>
</usecase>
<usecase title="Content Consumption" id="contentconsumption">
<description>The application allows a user to consume content, retrieving it from either
local or remote storage. Example content includes web pages and video.</description>
</usecase>
<usecase title="Communication" id="interactivecomms">
<description>The application allows for communication interactively or
non-interactively with other users or applications over a communications channel.
Example communications include instant messages, email, and voice.
</description>
</usecase>
</usecases>
</sec:Use_Cases>
<!-- 1.5 Supported Platforms -->
<section title="Platforms with Specific EAs" id="sec-platforms">
<choice prefix="Platforms:" >
<h:p>
This PP includes platform-specific EAs for the below-listed operating system platforms. For "bare-metal" applications, applications that run on
other OS platforms, and applications that run in software-based execution environments, contact the Technical Community for guidance.</h:p>
<selectables linebreak="yes">
<selectable id="android"><h:b><snip>Android</snip></h:b>: <h:i>Mobile operating systems based on Google Android.</h:i></selectable>
<selectable id="windows"><h:b><snip>Microsoft Windows</snip></h:b>: <h:i>Microsoft Windows operating systems.</h:i></selectable>
<selectable id="ios"><h:b><snip>Apple iOS</snip></h:b>: <h:i>Apple's mobile operating system for iPhones.</h:i></selectable>
<selectable id="linux"><h:b><snip>Linux</snip></h:b>: <h:i>Linux-based operating systems other than Android.</h:i></selectable>
<selectable id="Solaris"><h:b><snip>Oracle Solaris</snip></h:b>: <h:i>Oracle's enterprise operating system.</h:i></selectable>
<selectable id="mac"><h:b><snip>Apple macOS</snip></h:b>: <h:i>Apple's operating system for MACs.</h:i></selectable></selectables>
</choice>
</section>
</sec:Introduction>
<!-- 2.0 Conformance Claims -->
<!-- incorporates TD0600 -->
<!-- incorporates TD0582 -->
<sec:Conformance_Claims boilerplate="no">
<cclaims>
<cclaim name="Conformance Statement">
<description>
<h:p>
An ST must claim exact conformance to this PP.
</h:p><h:p>
The evaluation methods used for evaluating the TOE are a combination of the workunits defined in <xref to="bibCEM"/> as well as the
Evaluation Activities for ensuring that individual SFRs and SARs have a sufficient level of supporting evidence in the Security Target and
guidance documentation and have been sufficiently tested by the laboratory as part of completing ATE_IND.1. Any functional packages
this PP claims similarly contain their own Evaluation Activities that are used in this same manner.
</h:p>
</description>
</cclaim>
<cclaim name="CC Conformance Claims">
<description>This PP is conformant to Parts 2 (extended) and 3 (extended) of Common Criteria CC:2022, Revision 1.</description>
</cclaim>
<cclaim name="PP Claim">
<description>
<h:p>
This PP does not claim conformance to any other Protection Profile.
</h:p><h:p>
The following PPs and PP-Modules are allowed to be specified in a PP-Configuration with this PP:
<!-- updated to reflect NIAP TD0650 -->
<h:div class="indent">
<h:li>Protection Profile for Mobile Device Management Version 4.0</h:li>
<h:li>PP-Module for File Encryption, Version 1.0</h:li>
<h:li>PP-Module for File Encryption Enterprise Management, Version 1.0</h:li>
<h:li>PP-Module for VPN Clients, Version 2.2</h:li>
<h:li>PP-Module for VPN Clients, Version 2.3</h:li>
<h:li>PP-Module for VPN Clients, Version 2.4</h:li>
<h:li>PP-Module for Endpoint Detection and Response, Version 1.0</h:li>
<h:li>PP-Module for Host Agent, Version 1.0</h:li>
<h:li>PP-Module for Voice and Video over IP (VVoIP), Version 1.0</h:li>
<h:li>PP-Module for Email Clients, Version 1.0</h:li>
<h:li>PP-Module for Web Browsers, Version 1.0</h:li>
<h:li>PP-Module for Redaction Tools, Version 1.0</h:li>
</h:div>
</h:p>
</description>
</cclaim>
<cclaim name="Package Claim">
<description><h:ul>
<h:li>This PP is Functional Package for TLS Version 1.1 Conformant.</h:li>
<h:li>This PP is Functional Package for TLS Version 2.0 Conformant.</h:li>
<h:li>This PP is Functional Package for SSH Version 1.0 Conformant.</h:li>
<h:li>This PP is Functional Package for X.509 Version 1.0 Conformant.</h:li>
<h:li>This PP does not conform to any assurance packages.</h:li>
</h:ul>
The functional packages to which the PP conforms include SFRs that are not mandatory to claim for the sake of conformance.
An ST that claims one or more of these functional packages may include any non-mandatory SFRs that are appropriate to claim based on the
capabilities of the TSF and on any triggers for their inclusion based inherently on the SFR selections made. All security requirements
in these packages are intended to address T.NETWORK_ATTACK and T.NETWORK_EAVESDROP threats of this PP.
</description>
</cclaim>
</cclaims>
</sec:Conformance_Claims>
<!-- 3.0 Security Problem Description -->
<sec:Security_Problem_Definition>
The security problem is described in terms
of the threats that the TOE is expected to address, assumptions about the
operational environment, and any organizational security policies that the TOE
is expected to enforce.
<!-- 3.1 Threats -->
<sec:Threats>
<threats>
<threat name="T.NETWORK_ATTACK">
<description>An attacker is positioned on a communications channel or elsewhere on the
network infrastructure. Attackers may engage in communications with the application
software or alter communications between the application software and other endpoints in
order to compromise it.
</description>
<!-- New mapping to build updated threat mapping table. -->
<addressed-by>FCS_CKM.1/SK (optional)</addressed-by><rationale>The PP includes FCS_CKM.1/SK to define the mechanism used to generate symmetric keys when the TOE performs this function.</rationale>
<addressed-by>FCS_CKM_EXT.1</addressed-by><rationale>The PP includes FCS_CKM_EXT.1 to specify whether the TOE or the platform is responsible for generation of any asymmetric keys that may be used for establishing trusted communications.</rationale>
<addressed-by>FCS_CKM.1/AK (selection-based)</addressed-by><rationale>The PP includes FCS_CKM.1/AK to define whether the TSF or the platform generates asymmetric keys that are used in support of trusted communications.</rationale>
<addressed-by>FCS_CKM.2 (selection-based)</addressed-by><rationale>The PP includes FCS_CKM.2 to define whether the TSF or the platform performs key establishment for trusted communications.</rationale>
<addressed-by>FCS_COP.1/SKC (selection-based)</addressed-by><rationale>The PP includes FCS_COP.1/SKC to define the symmetric encryption algorithms used in support of trusted communications.</rationale>
<addressed-by>FCS_COP.1/Hash (selection-based)</addressed-by><rationale>The PP includes FCS_COP.1/Hash to define the hash algorithms used in support of trusted communications.</rationale>
<addressed-by>FCS_COP.1/Sig (selection-based)</addressed-by><rationale>The PP includes FCS_COP.1/Sig to define the digital signature algorithms used in support of trusted communications.</rationale>
<addressed-by>FCS_COP.1/KeyedHash (selection-based)</addressed-by><rationale>The PP includes FCS_COP.1/KeyedHash to define the HMAC algorithms used in support of trusted communications.</rationale>
<addressed-by>FCS_HTTPS_EXT.1/Client (selection-based)</addressed-by><rationale>The PP includes FCS_HTTPS_EXT.1/Client to define the TOE’s support for the HTTPS trusted communications protocol as a client.</rationale>
<addressed-by>FCS_HTTPS_EXT.1/Server (selection-based)</addressed-by><rationale>The PP includes FCS_HTTPS_EXT.1/Server to define the TOE’s support for the HTTPS trusted communications protocol as a server.</rationale>
<addressed-by>FCS_HTTPS_EXT.2 (selection-based)</addressed-by><rationale>The PP includes FCS_HTTPS_EXT.2 to define the TOE’s behavior when presented with an invalid certificate as part of an HTTPS connection attempt.</rationale>
<addressed-by>FCS_RBG_EXT.1</addressed-by><rationale>The PP includes FCS_RBG_EXT.1 to define whether the random bit generation services used in establishing trusted communications are implemented by the TSF or by the platform.</rationale>
<addressed-by>FCS_RBG_EXT.2 (selection-based)</addressed-by><rationale>The PP includes FCS_RBG_EXT.2 to define the DRBG algorithms used in support of trusted communications.</rationale>
<addressed-by>FCS_SNI_EXT. (selection-based)</addressed-by><rationale>The PP includes FCS_SNI_EXT.1 to define the proper salt, nonce, and initialization vector usage to ensure proper cryptographic operation.</rationale>
<addressed-by>FDP_DEC_EXT.1</addressed-by><rationale>The PP includes FDP_DEC_EXT.1 to limit access to platform hardware resources, which limits the methods by which an attacker can attempt to remotely compromise the integrity of the TOE.</rationale>
<addressed-by>FDP_NET_EXT.1</addressed-by><rationale>The PP includes FDP_NET_EXT.1 to define the TOE’s usage of network communications, which may include the transmission or receipt of data over a trusted channel.</rationale>
<addressed-by>FMT_CFG_EXT.1</addressed-by><rationale>The PP includes FMT_CFG_EXT.1 for the TSP to limit unauthorized access to itself by preventing the use of default authentication credentials and by ensuring that the TOE uses appropriately restrictive platform permissions on its binaries and data</rationale>
<addressed-by>FMT_SMF.1</addressed-by><rationale>The PP includes FMT_SMF.1 to define the security-relevant management functions that are supported by the TOE.</rationale>
<addressed-by>FPR_ANO_EXT.1</addressed-by><rationale>The PP includes FPR_ANO_EXT.1 to define how the TSF provides control to the user regarding the disclosure of any PII.</rationale>
<addressed-by>FPT_AEX_EXT.1</addressed-by><rationale>The PP includes FPT_AEX_EXT.1 to add complexity to the task of compromising systems by ensuring that application is compatible with security features provided by the platform vendor and that the application implements platform-provided anti-exploitations such as ASLR and stack overflow protection.</rationale>
<addressed-by>FPT_TUD_EXT.1</addressed-by><rationale>The PP includes FPT_TUD_EXT.1 to ensure that the TOE can be patched and that any updates to the TOE have appropriate integrity protection.</rationale>
<addressed-by>FPT_IDV_EXT.1</addressed-by><rationale>The PP includes FPT_IDV_EXT.1 to provide a methodology for identifying the TOE versioning.</rationale>
<addressed-by>FPT_TUD_EXT.1</addressed-by><rationale>The PP includes FPT_TUD_EXT.1 to define how updates to the TOE are deployed and verified.</rationale>
<addressed-by>FTP_DIT_EXT.1</addressed-by><rationale>The PP includes FTP_DIT_EXT.1 to define the trusted channels used to protect data in transit, the data that is protected, and whether the trusted channels are implemented by the TSF or the platform.</rationale>
</threat>
<threat name="T.NETWORK_EAVESDROP">
<description>An attacker is positioned on a communications channel or elsewhere on the
network infrastructure. Attackers may monitor and gain access to data exchanged between
the application and other endpoints.</description>
<!-- New mapping to build updated threat mapping table. -->
<addressed-by>FCS_CKM.1/AK (selection-based)</addressed-by><rationale>The PP includes FCS_CKM.1/AK to define whether the TSF or the platform generates asymmetric keys that are used in support of trusted communications.</rationale>
<addressed-by>FCS_CKM.1/SK (optional)</addressed-by><rationale>The PP includes FCS_CKM.1/SK to define the mechanism used to generate symmetric keys when the TOE performs this function.</rationale>
<addressed-by>FCS_CKM.2 (selection-based)</addressed-by><rationale>The PP includes FCS_CKM.2 to define whether the TSF or the platform performs key establishment for trusted communications.</rationale>
<addressed-by>FCS_CKM_EXT.1</addressed-by><rationale>The PP includes FCS_CKM_EXT.1 to specify whether the TOE or the platform is responsible for generation of any asymmetric keys that may be used for establishing trusted communications.</rationale>
<addressed-by>FCS_COP.1/KeyedHash (selection-based)</addressed-by><rationale>The PP includes FCS_COP.1/KeyedHash to define the HMAC algorithms used in support of trusted communications.</rationale>
<addressed-by>FCS_COP.1/Hash (selection-based)</addressed-by><rationale>The PP includes FCS_COP.1/Hash to define the hash algorithms used in support of trusted communications.</rationale>
<addressed-by>FCS_COP.1/Sig</addressed-by><rationale>The PP includes FCS_COP.1/Sig to define the mechanism used to verify TOE updates if the TOE implements this functionality rather than the underlying platform.</rationale>
<addressed-by>FCS_COP.1/SKC (selection-based)</addressed-by><rationale>The PP includes FCS_COP.1/SKC to define the symmetric encryption algorithms used in support of trusted communications.</rationale>
<addressed-by>FCS_HTTPS_EXT.1/Client (selection-based)</addressed-by><rationale>The PP includes FCS_HTTPS_EXT.1/Client to define the TOE’s support for the HTTPS trusted communications protocol as a client.</rationale>
<addressed-by>FCS_HTTPS_EXT.1/Server (selection-based)</addressed-by><rationale>The PP includes FCS_HTTPS_EXT.1/Server to define the TOE’s support for the HTTPS trusted communications protocol as a server.</rationale>
<addressed-by>FCS_HTTPS_EXT.2 (selection-based)</addressed-by><rationale>The PP includes FCS_HTTPS_EXT.2 to define the TOE’s behavior when presented with an invalid certificate as part of an HTTPS connection attempt.</rationale>
<addressed-by>FCS_RBG_EXT.1</addressed-by><rationale>The PP includes FCS_RBG_EXT.1 to define whether the random bit generation services used in establishing trusted communications are implemented by the TSF or by the platform.</rationale>
<addressed-by>FCS_RBG_EXT.2 (selection-based)</addressed-by><rationale>The PP includes FCS_RBG_EXT.2 to define the DRBG algorithms used in support of trusted communications.</rationale>
<addressed-by>FCS_STO_EXT.1</addressed-by><rationale>The PP includes FCS_STO_EXT.1 to specify that the TSF may rely on platform-provided credential storage services.</rationale>
<addressed-by>FDP_DAR_EXT.1</addressed-by><rationale>The PP includes FDP_DAR_EXT.1 to specify that the TSF may rely on platform-provided data-at-rest protection services.</rationale>
<addressed-by>FDP_NET_EXT.1</addressed-by><rationale>The PP includes FDP_NET_EXT.1 to define the TOE’s usage of network communications, which may include the transmission or receipt of data over a trusted channel.</rationale>
<addressed-by>FIA_X509_EXT.1 (selection-based)</addressed-by><rationale>The PP includes FIA_X509_EXT.1 to specify that the TSF may rely on platform-provided X.509 certificate validation services.</rationale>
<addressed-by>FMT_MEC_EXT.1</addressed-by><rationale>The PP includes FMT_MEC_EXT.1 to ensure that the TOE can use platform services to store and set configuration options.</rationale>
<addressed-by>FMT_SMF.1</addressed-by><rationale>The PP includes FMT_SMF.1 to define the security-relevant management functions that are supported by the TOE.</rationale>
<addressed-by>FPR_ANO_EXT.1</addressed-by><rationale>The PP includes FPR_ANO_EXT.1 to define how the TSF provides control to the user regarding the disclosure of any PII.</rationale>
<addressed-by>FPT_API_EXT.1</addressed-by><rationale>The PP includes FPT_API_EXT.1 to require the TOE to leverage platform functionality by using only documented and supported APIs.</rationale>
<addressed-by>FPT_API_EXT.2 (objective)</addressed-by><rationale>The PP includes FPT_API_EXT.2 to permit the TOE to use platform-provided libraries for parsing IANA MIME media formats.</rationale>
<addressed-by>FPT_IDV_EXT.1</addressed-by><rationale>The PP includes FPT_IDV_EXT.1 to provide a methodology for identifying the TOE versioning.</rationale>
<addressed-by>FPT_LIB_EXT.1</addressed-by><rationale>The PP includes FPT_LIB_EXT.1 to ensure that the TOE does not include any unnecessary or unexpected third-party libraries which could present a privacy threat or vulnerability.</rationale>
<addressed-by>FPT_TUD_EXT.1</addressed-by><rationale>The PP includes FPT_TUD_EXT.1 to define how updates to the TOE are deployed and verified.</rationale>
<addressed-by>FPT_TUD_EXT.2 (selection-based)</addressed-by><rationale>The PP includes FPT_TUD_EXT.2 to specify that the TOE may leverage the platform-supported package manager for application distribution and leverages platform-provided mechanisms to remove all traces of itself when removed from the platform system.</rationale>
<addressed-by>FTP_DIT_EXT.1</addressed-by><rationale>The PP includes FTP_DIT_EXT.1 to define the trusted channels used to protect data in transit, the data that is protected, and whether the trusted channels are implemented by the TSF or the platform.</rationale>
</threat>
<threat name="T.LOCAL_ATTACK">
<description>An attacker can act through unprivileged software on the same computing
platform on which the application executes. Attackers may provide maliciously formatted
input to the application in the form of files or other local
communications.</description>
<!-- New mapping to build updated threat mapping table. -->
<addressed-by>FCS_CKM.1/AK (selection-based)</addressed-by><rationale>The PP includes FCS_CKM.1/AK to specify that the TSF may rely on platform-provided asymmetric key generation services.</rationale>
<addressed-by>FCS_CKM.2 (selection-based)</addressed-by><rationale>The PP includes FCS_CKM.2 to specify that the TSF may rely on platform-provided key establishment services.</rationale>
<addressed-by>FCS_CKM_EXT.1</addressed-by><rationale>The PP includes FCS_CKM_EXT.1 to specify that the TSF may rely on platform-provided key generation services.</rationale>
<addressed-by>FCS_RBG_EXT.1</addressed-by><rationale>The PP includes FCS_RBG_EXT.1 to specify that the TSF may rely on platform-provided random bit generation services.</rationale>
<addressed-by>FCS_STO_EXT.1</addressed-by><rationale>The PP includes FCS_STO_EXT.1 to specify that the TSF may rely on platform-provided credential storage services.</rationale>
<addressed-by>FDP_DAR_EXT.1</addressed-by><rationale>The PP includes FDP_DAR_EXT.1 to specify that the TSF may rely on platform-provided data-at-rest protection services.</rationale>
<addressed-by>FDP_DEC_EXT.1</addressed-by><rationale>The PP includes FDP_DEC_EXT.1 to limit access to platform hardware resources, which limits the methods by which an attacker can attempt to locally compromise the integrity of the TOE.</rationale>
<addressed-by>FMT_CFG_EXT.1</addressed-by><rationale>The PP includes FMT_CFG_EXT.1 for the TSP to limit unauthorized access to itself by preventing the use of default authentication credentials and by ensuring that the TOE uses appropriately restrictive platform permissions on its binaries and data</rationale>
<addressed-by>FMT_MEC_EXT.1</addressed-by><rationale>The PP includes FMT_MEC_EXT.1 to ensure that the TOE can use platform services to store and set configuration options.</rationale>
<addressed-by>FPT_AEX_EXT.1</addressed-by><rationale>The PP includes FPT_AEX_EXT.1 to add complexity to the task of compromising systems by ensuring that application is compatible with security features provided by the platform vendor and that the application implements platform-provided anti-exploitations such as ASLR and stack overflow protection.</rationale>
<addressed-by>FPT_API_EXT.2 (objective)</addressed-by><rationale>The PP includes FPT_API_EXT.2 to permit the TOE to use platform-provided libraries for parsing IANA MIME media formats.</rationale>
<addressed-by>FPT_API_EXT.1</addressed-by><rationale>The PP includes FPT_API_EXT.1 to require the TOE to leverage platform functionality by using only documented and supported APIs.</rationale>
<addressed-by>FPT_LIB_EXT.1</addressed-by><rationale>The PP includes FPT_LIB_EXT.1 to ensure that the TOE does not include any unnecessary or unexpected third-party libraries which could present a privacy threat or vulnerability.</rationale>
<addressed-by>FPT_TUD_EXT.1</addressed-by><rationale>The PP includes FPT_TUD_EXT.1 to ensure that the TOE can be patched and that any updates to the TOE have appropriate integrity protection.</rationale>
<addressed-by>FPT_TUD_EXT.2 (selection-based)</addressed-by><rationale>The PP includes FPT_TUD_EXT.2 to specify that the TOE may leverage the platform-supported package manager for application distribution and leverages platform-provided mechanisms to remove all traces of itself when removed from the platform system.</rationale>
<addressed-by>FTP_DIT_EXT.1</addressed-by><rationale>The PP includes FTP_DIT_EXT.1 to specify that the TSF may rely on platform-provided services to implement trusted communications.</rationale>
</threat>
<threat name="T.PHYSICAL_ACCESS">
<description>An attacker may try to access sensitive data at rest.</description>
<!-- New mapping to build updated threat mapping table. -->
<addressed-by>FCS_CKM.1/SK (optional)</addressed-by><rationale>The PP includes FCS_CKM.1/SK to define the TOE’s capability to generate symmetric keys. These keys may subsequently be used to encrypt stored credential data based on the claims made in FCS_STO_EXT.1.</rationale>
<addressed-by>FCS_RBG_EXT.2 (selection-based)</addressed-by><rationale>The PP includes FCS_RBG_EXT.2 to define the TOE’s implementation of random bit generation functionality in the event that the TOE provides this function in support of generating keys that are used for data protection.</rationale>
<addressed-by>FCS_COP.1/KeyedHash (selection-based)</addressed-by><rationale>The PP includes FCS_COP.1/KeyedHash to define HMAC mechanisms that may be used by the TOE as part of ensuring that data at rest is protected.</rationale>
<addressed-by>FCS_COP.1/Hash (selection-based)</addressed-by><rationale>The PP includes FCS_COP.1/Hash to define integrity mechanisms that may be used by the TOE as part of ensuring that data at rest is protected.</rationale>
<addressed-by>FCS_COP.1/SKC (selection-based)</addressed-by><rationale>The PP includes FCS_COP.1/SKC to define the AES cryptographic algorithm that may be used to encrypt stored credential data based on the claims made in FCS_STO_EXT.1.</rationale>
<addressed-by>FCS_PBKDF_EXT.1 (selection-based)</addressed-by><rationale>The PP includes FCS_PBKDF_EXT.1 to define the password-based key derivation function that may be used to encrypt stored credential data based on the claims made in FCS_STO_EXT.1.</rationale>
<addressed-by>FCS_RBG_EXT.1</addressed-by><rationale>The PP includes FCS_RBG_EXT.1 to define whether random bit generation services are implemented by the TSF or the platform. Depending on how data at rest is protected, the TOE may rely on the use of a random bit generator to create keys that are subsequently used for data protection.</rationale>
<addressed-by>FCS_STO_EXT.1</addressed-by><rationale>The PP includes FCS_STO_EXT.1 to define the mechanism that the TSF uses or relies upon to protect stored credential data.</rationale>
<addressed-by>FDP_DAR_EXT.1</addressed-by><rationale>The PP includes FDP_DAR_EXT.1 to define the mechanism that the TSF uses or relies upon to protect sensitive data at rest.</rationale>
</threat>
</threats>
</sec:Threats>
<!-- 3.2 Assumptions -->
<sec:Assumptions>
<assumptions>
<assumption name="A.PLATFORM">
<description>The TOE relies upon a trustworthy computing platform with a reliable time clock for
its execution. This includes the underlying platform and whatever runtime environment
it provides to the TOE.</description>
<objective-refer ref="OE.PLATFORM">
<rationale>The operational environment objective OE.PLATFORM is realized through
A.PLATFORM.</rationale>
</objective-refer>
</assumption>
<assumption name="A.PROPER_USER">
<description>
The user of the application software is not willfully negligent or hostile,
and uses the software in compliance with the applied enterprise security policy.
</description>
<objective-refer ref="OE.PROPER_USER">
<rationale>The operational environment objective OE.PROPER_USER
is realized through A.PROPER_USER.</rationale>
</objective-refer>
</assumption>
<assumption name="A.PROPER_ADMIN">
<description>The administrator of the application software is not careless, willfully
negligent or hostile, and administers the software in compliance with the applied
enterprise security policy.</description>
<objective-refer ref="OE.PROPER_ADMIN">
<rationale>The operational environment objective OE.PROPER_ADMIN
is realized through A.PROPER_ADMIN.</rationale>
</objective-refer>
</assumption>
</assumptions>
</sec:Assumptions>
<!-- 3.3 Organizational Security Policies -->
<sec:Organizational_Security_Policies>
<OSPs/>
<!-- <OSP id="P.ENTERPRISE">
<description>The configuration of the application software must be capable of adhering to
the enterprise security policy.</description>
<objective-refer ref="O.MANAGEMENT">
<rationale>The organizational security policy P.ENTERPRISE is enforced through the
objective O.MANAGEMENT as this objective represents how the enterprise and user assert
management over the TOE.</rationale>
</objective-refer>
</OSP>
</OSPs> -->
</sec:Organizational_Security_Policies>
</sec:Security_Problem_Definition>
<!-- 4.0 Security Objectives -->
<sec:Security_Objectives>
<!-- Old 4.1 Security Objectives for the TOE - Removed -->
<!-- 4.1 Security Objctives for the Operational Environment -->
<sec:Security_Objectives_for_the_Operational_Environment>
The following security objectives for the operational
environment assist the TOE in correctly providing its security
functionality. These track with the assumptions about the environment.
<SOEs>
<SOE name="OE.PLATFORM">
<description>The TOE relies upon a trustworthy computing platform for
its execution. This includes the underlying operating system and any discrete execution
environment provided to the TOE.</description>
</SOE>
<SOE name="OE.PROPER_USER">
<description>The user of the application software is not willfully negligent or hostile,
and uses the software within compliance of the applied enterprise security
policy.</description>
</SOE>
<SOE name="OE.PROPER_ADMIN">
<description>The administrator of the application software is not careless, willfully
negligent or hostile, and administers the software within compliance of the applied
enterprise security policy.</description>
</SOE>
</SOEs>
</sec:Security_Objectives_for_the_Operational_Environment>
<!-- 4.2 Security Objectives Rationale -->
<sec:Security_Objectives_Rationale/>
</sec:Security_Objectives>
<!-- 5.0 Security Requirements -->
<sec:req title="Security Requirements">
<!-- 5.1 Security Functional Requirements -->
<sec:SFRs title="Security Functional Requirements">
<!-- 5.1.1 Cryptographic Support (FCS) -->
<section title="Cryptographic Support (FCS)" id="fcs">
<!-- FCS_CKM_EXT.1 -->
<ext-comp-def fam-id="FCS_CKM_EXT" title="Cryptographic Key Management">
<fam-behavior>This family defines requirements for management of cryptographic keys that are not addressed by FCS_CKM in CC Part 2.
</fam-behavior>
</ext-comp-def>
<f-component cc-id="fcs_ckm_ext.1" name="Cryptographic Key Generation Services">
<comp-lev> requires the TSF to specify whether asymmetric key generation is implemented by the TSF,
invoked from the operational environment, or not used by the TOE.</comp-lev>
<management>No specific management functions are identified.</management>
<audit>There are no auditable events foreseen.</audit>
<dependencies>
No dependencies.
</dependencies>
<f-element id="fel-asym-key-gen">
<title>
The application shall <selectables linebreak="yes">
<selectable exclusive="yes">generate no asymmetric cryptographic keys</selectable>
<selectable id="sel_invoke_genkey">invoke platform-provided functionality for asymmetric key generation</selectable>
<selectable id="sel_impl_genkey">implement asymmetric key generation</selectable></selectables>.
</title>
<note role="application">If "<h:i>implement asymmetric key generation</h:i>" or
"<h:b>invoke platform-provided functionality for asymmetric key generation</h:b>" is selected, then
FCS_CKM.1/AK must be claimed in the ST.
</note>
<aactivity level="element">
<TSS>
<h:p>
The evaluator shall inspect the application and its developer documentation
to determine if the application needs asymmetric key generation services. If not, the
evaluator shall verify the <h:b>generate no asymmetric cryptographic keys</h:b> selection is present
in the ST. Otherwise, the evaluation activities shall be performed as stated in the
selection-based requirements.</h:p>
</TSS>
<Guidance><h:p>None.</h:p></Guidance>
<Tests><h:p>None.</h:p></Tests>
</aactivity>
</f-element>
</f-component>
<!-- FCS_CKM.1/AK -->
<f-component cc-id="fcs_ckm.1" id="fcom_asym_key_gen" iteration="AK" name="Cryptographic Asymmetric Key Generation" status="sel-based">
<depends on="sel_invoke_genkey" and="sel_impl_genkey"/>
<f-element id="fel-asym-key-gen-impl">
<title>
The <h:b>application</h:b> shall <h:b><selectables linebreak="yes">
<selectable>invoke platform-provided functionality</selectable>
<selectable>implement functionality</selectable></selectables></h:b>
to generate <h:b>asymmetric</h:b> cryptographic keys in accordance with a specified cryptographic key generation algorithm
<selectables linebreak="yes">
<selectable><h:b>[RSA schemes]</h:b> using cryptographic key sizes of [<h:i>3072-bit or greater</h:i>] that meet
the following: [<h:i>FIPS PUB 186-5, "Digital Signature Standard (DSS)," Appendix B.3</h:i>]</selectable>
<selectable><h:b>[ECC schemes]</h:b> using [<h:i>“NIST curves” P-384 and <selectables>
<selectable>P-521</selectable>
<selectable>no other curves</selectable></selectables></h:i>] that meet the following:
[<h:i>FIPS PUB 186-5, “Digital Signature Standard (DSS),” Appendix B.4</h:i>]</selectable>
<selectable>
<h:b>[FFC schemes]</h:b> using cryptographic key sizes of [<h:i>3072-bit or greater</h:i>]
that meet the following: [<h:i>FIPS PUB 186-5, “Digital Signature Standard (DSS),” Appendix B.1</h:i>]</selectable>
<selectable><h:b>[FFC Schemes]</h:b> using [<h:i>Diffie-Hellman group 15</h:i>] that meet the following:
[<h:i>RFC 3526, Section 3</h:i>]</selectable>
<selectable><h:b>[FFC Schemes]</h:b> using [<h:i>“safe-prime” groups</h:i>]
<selectables>
<selectable>MODP-3072</selectable>
<selectable>MODP-4096</selectable>
<selectable>MODP-6144</selectable>
<selectable>MODP-8192</selectable>
<selectable>ffdhe3072</selectable>
<selectable>ffdhe-4096</selectable>
<selectable>ffdhe-6144</selectable>
<selectable>ffdhe-8192</selectable>
</selectables>
that meet the following:
[<h:i>NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes
Using Discrete Logarithm Cryptography” and
<selectables>
<selectable>RFC 3526</selectable>
<selectable>RFC 7919</selectable></selectables></h:i>]</selectable></selectables>.
</title>
<note role="application">
<h:p>
The ST should claim all key generation schemes used for key
establishment and entity authentication. When key generation is used for key
establishment, the schemes in FCS_CKM.2.1 and selected cryptographic protocols must
match the selection. When key generation is used for entity authentication, the public
key is expected to be associated with an X.509v3 certificate.
</h:p><h:p>
If the TOE acts as a receiver in the RSA key establishment scheme,
the TOE does not need to implement RSA key generation.
</h:p>
</note>
<aactivity level="element">
<TSS>
<h:p>
The evaluator shall ensure that the TSS identifies the key sizes
supported by the TOE. If the ST specifies more
than one scheme, the evaluator shall examine the TSS to verify that
it identifies the usage for each scheme
</h:p><h:p>
If the ST selects "<h:b>invoke platform-provided functionality</h:b>,"
then the evaluator shall examine the TSS to verify that it describes
how the key generation functionality is invoked and that the invokation matches the algorithm and size selections for each
supported platform. The evaluator shall confirm the invocation of the platform is using non-depricated functions
provided by the platform(s).</h:p>
</TSS>
<Guidance>
<h:p>
The evaluator shall verify that the operational guidance instructs the administrator how to
configure the TOE to use the selected key generation scheme(s) and
key size(s) for all uses defined in this PP if any configuration is required.
</h:p>
</Guidance>
<Tests>
<h:p>
If the application selects "<h:b>implement functionality</h:b>," then the following test
activities shall be carried out.
</h:p><h:p>
Evaluation Activity Note: The following tests may require the developer to provide access
to a developer environment that provides the evaluator with tools that are typically available
to end-users of the application
</h:p><h:p>
<h:b>Key Generation for FIPS PUB 186-5 RSA Schemes</h:b>
</h:p><h:p>
The evaluator shall verify the implementation of RSA Key Generation by the
TOE using the Key Generation test. This test verifies the ability of
the TSF to correctly produce values for the key components including
the public verification exponent e, the private prime factors p and q, the public
modulus n and the calculation of the private signature exponent d. Key Pair generation
specifies 5 ways (or methods) to generate the primes p and q.
These include: <h:ul>
<h:li>Random Primes:
<h:ul>
<h:li>Provable primes</h:li>
<h:li>Probable primes</h:li>
</h:ul>
</h:li>
<h:li>Primes with Conditions:
<h:ul>
<h:li>Primes p1, p2, q1, q2, p, and q shall all be provable primes</h:li>
<h:li>Primes p1, p2, q1, and q2 shall be provable primes, and p and q shall be
probable primes</h:li>
<h:li>Primes p1, p2, q1, q2, p, and q shall all be probable primes</h:li>
</h:ul>
</h:li></h:ul>
To test the key generation method for the Random Provable primes method and for all
the Primes with Conditions methods, the evaluator must seed the TSF
key generation routine with sufficient data to deterministically generate the RSA key
pair. This includes the random seed(s), the public exponent of the RSA key, and the
desired key length. For each key length supported, the evaluator shall have the
TSF generate 25 key pairs. The evaluator shall verify the
correctness of the TSF’s implementation by comparing values
generated by the TSF with those generated from a known good
implementation.
</h:p><h:p>
If possible, the Random Probable primes method should also be verified against a
known good implementation as described above. Otherwise, the evaluator shall have
the TSF generate 10 keys pairs for each supported key length nlen
and verify: <h:ul>
<h:li>n = p⋅q,</h:li>
<h:li>p and q are probably prime according to Miller-Rabin tests,</h:li>
<h:li>GCD(p-1, e) = 1,</h:li>
<h:li>GCD(q-1, e) = 1,</h:li>
<h:li>2<h:sup>16</h:sup> ≤ e ≤ 2<h:sup>256</h:sup> and e is an odd integer,</h:li>
<h:li>|p-q| > 2<h:sup>nlen/2 - 100</h:sup>,</h:li>
<h:li>p ≥ 2<h:sup>nlen/2 -1/2</h:sup>,</h:li>
<h:li>q ≥ 2<h:sup>nlen/2 -1/2</h:sup>,</h:li>
<h:li>2<h:sup>(nlen/2)</h:sup> < d < LCM(p-1, q-1),</h:li>
<h:li>e⋅d = 1 mod LCM(p-1, q-1).</h:li>
</h:ul>
</h:p><h:p>
<h:b>Key Generation for Elliptic Curve Cryptography (ECC)</h:b>
</h:p><h:p>
<h:b>FIPS 186-5 ECC Key Generation Test</h:b> -
For each supported NIST curve, i.e., P-256, P-384 and P-521, the evaluator shall
require the implementation under test (IUT) to generate 10 private/public key pairs.
The private key shall be generated using an approved random bit generator (RBG). To
determine correctness, the evaluator shall submit the generated key pairs to the
public key verification (PKV) function of a known good implementation.
</h:p><h:p>
<h:b>FIPS 186-5 Public Key Verification (PKV) Test</h:b> -
For each supported NIST curve, i.e., P-384 and P-521, the evaluator shall
generate 10 private/public key pairs using the key generation function of a known
good implementation and modify five of the public key values so that they are
incorrect, leaving five values unchanged (i.e., correct). The evaluator shall obtain
in response a set of 10 PASS/FAIL values.
</h:p><h:p>
<h:b>Key Generation for Finite-Field Cryptography (FFC)</h:b>
</h:p><h:p>
The evaluator shall verify the implementation of the Parameters Generation and the
Key Generation for FFC by the TOE using the Parameter Generation and
Key Generation test. This test verifies the ability of the TSF to
correctly produce values for the field prime p, the cryptographic prime q (dividing
p-1), the cryptographic group generator g, and the calculation of the private key x
and public key y. The Parameter generation specifies two ways (or methods) to generate
the cryptographic prime q and the field prime p:
</h:p><h:p>
Cryptographic and Field Primes: <h:ul>
<h:li>Primes q and p shall both be provable primes</h:li>
<h:li>Primes q and field prime p shall both be probable primes</h:li>
</h:ul>
and two ways to generate the cryptographic group generator g:
</h:p><h:p>
Cryptographic Group Generator:
<h:ul>
<h:li>Generator g constructed through a verifiable process</h:li>
<h:li>Generator g constructed through an unverifiable process.</h:li>
</h:ul>
The Key generation specifies 2 ways to generate the private key x:
</h:p><h:p>
Private Key:
<h:ul>
<h:li>len(q) bit output of RBG where 1 ≤ x ≤ q-1</h:li>
<h:li>len(q) + 64 bit output of RBG, followed by a mod q-1 operation where
1≤ x ≤q-1.</h:li>
</h:ul>
The security strength of the RBG must be at least that of the security offered by the
FFC parameter set.
To test the cryptographic and field prime generation method for the provable primes
method and/or the group generator g for a verifiable process, the evaluator must seed
the TSF parameter generation routine with sufficient data to
deterministically generate the parameter set.
For each key length supported, the evaluator shall have the TSF
generate 25 parameter sets and key pairs. The evaluator shall verify the correctness
of the TSF’s implementation by comparing values generated by the
TSF with those generated from a known good implementation.
Verification must also confirm
<h:ul>
<h:li>g ≠ 0,1</h:li>
<h:li>q divides p-1</h:li>
<h:li>g<h:sup>q</h:sup> mod p = 1</h:li>
<h:li>g<h:sup>x</h:sup> mod p = y</h:li>
</h:ul>
for each FFC parameter set and key pair.
</h:p><h:p>
<h:b>Diffie-Hellman Group 14 and FFC Schemes using “safe-prime” groups</h:b>
</h:p><h:p>
Testing for FFC Schemes using Diffie-Hellman group 14 and/or safe-prime groups is done as part of testing
in CKM.2.1.
</h:p>
</Tests>
</aactivity>
</f-element>
</f-component>
<!-- FCS_CKM.1/SK (formerly FCS_CKM.1/2) -->
<f-component cc-id="fcs_ckm.1" id="fcom_sym_key_gen" iteration="SK" name="Cryptographic Symmetric Key Generation" status="sel-based">
<depends on="sel_aes_cbc"/>
<depends on="sel_aes_gcm"/>
<depends on="sel_aes_xts"/>
<depends on="sel_aes_ccm"/>
<depends on="sel_aes_ctr"/>
<f-element id="fel-sym-key-gen">
<title>
The <h:b>application</h:b> shall
<selectables>
<selectable>invoke platform-provided functionality</selectable>
<selectable>implement functionality</selectable>
</selectables>
generate <h:b>symmetric</h:b> cryptographic keys <h:b>using a Random Bit
Generator as specified in FCS_RBG_EXT.1</h:b> and specified
cryptographic key sizes <h:i>256-bit</h:i>
</title>
<note role="application">
Symmetric keys may be used to generate keys along the key chain.</note>
<aactivity>
<!-- Revised <tss>The evaluator shall review the TSS to determine that it describes how the
functionality described by FCS_RBG_EXT.1 <cite linkend="bibAppPP"/> is invoked.<br/>
If the email client is relying on random from the host platform, the evaluator shall
verify the TSS includes the name/manufacturer of the external RBG. If different
external RBGs are used for different platforms, the TSS identifies each one for each
platform. <br/>If the email client is relying on random from the host platform, the
evaluator shall verify the TSS describes the function call and parameters used when
calling the external DRBG function. Also, the TSS includes a short description of
the vendor's assumption for the amount of entropy seeding the external DRBG. The
evaluator uses the description of the RBG functionality in FCS_RBG_EXT or
documentation available for the operational environment to determine that the key
size being requested is identical to the key size and mode to be used for the
encryption/decryption of the user data (<linkref linkend="FCS_COP.1(f)" />. </tss> -->
<TSS>
<h:p>
The evaluator shall review the TSS to determine that it describes how the functionality described by
FCS_RBG_EXT.1 is invoked.
</h:p><h:p>
If the application is relying on random bit generation from the
host platform, the evaluator shall verify the TSS includes the
name/manufacturer of the external RBG and describes the function call and parameters
used when calling the external DRBG function. If different external RBGs are used
for different platforms, the evaluator shall verify the TSS identifies each RBG for
each platform. Also, the evaluator shall verify the TSS includes a short description
of the vendor's assumption for the amount of entropy seeding the external DRBG. The
evaluator uses the description of the RBG functionality in FCS_RBG_EXT or
documentation available for the operational environment to determine that the key
size being requested is identical to the key size and mode to be used for the
encryption/decryption of the user data.
</h:p>
</TSS>
<Guidance>
<h:p>
The evaluator shall verify the guidance documention contains any informance necessary to configure key sizes.
</h:p>
</Guidance>
<Tests>None.</Tests>
</aactivity>
</f-element>
</f-component>
<!-- FCS_CKM.2 -->