Provide the location of the issue
B.5.1.1, FPT_APW_EXT.1 Protection of Administrator Passwords
What is the enhancement request for the cPP? Please describe.
FPT_APW_EXT.1 currently does not specify a method for protecting passwords. Please consider adopting Application Software PP’s approach of specifying FCS_COP.1/SKC or FCS_CKM.1/PBKDF as acceptable methods of securely storing credentials.
Describe the solution you'd like
Suggested changes:
Introduce explicit requirements to encrypt, hash, or condition password data. To support this, introduce FCS_CKM.1/PBKDF SFR allowing password conditioning. For encryption and hashing options existing FCS_COP.1 SFRs could be used.
Provide the location of the issue B.5.1.1, FPT_APW_EXT.1 Protection of Administrator Passwords
What is the enhancement request for the cPP? Please describe. FPT_APW_EXT.1 currently does not specify a method for protecting passwords. Please consider adopting Application Software PP’s approach of specifying FCS_COP.1/SKC or FCS_CKM.1/PBKDF as acceptable methods of securely storing credentials.
Describe the solution you'd like Suggested changes:
Introduce explicit requirements to encrypt, hash, or condition password data. To support this, introduce FCS_CKM.1/PBKDF SFR allowing password conditioning. For encryption and hashing options existing FCS_COP.1 SFRs could be used.