FIA_X509_EXT.1 and FIA_X509_EXT.2 were removed from this version of the PP because the intent is to integrate the Functional Package for X.509. The only current use case for X.509 certificates in this PP is in the context of FTP_DIT_EXT.1. That SFR was updated to reference the functional package and the application note was updated to clarify the intended use of that package. Special attention to this is requested to ensure that the required X.509 claims are appropriate, or whether additional guidance is needed.
For example, the App PP did not previously have a requirement for certificate enrollment (e.g. FIA_X509_EXT.3 in the NDcPP), but this is now a required dependency in the X.509 package. Will this be an issue for vendors to meet?
Additionally, the X.509 Package has a large number of new requirements and additional selection options that were not present in the older version of the X.509 requirements. It is unclear whether we need to mandate or restrict certain options in these SFRs or if anything that conforms to the package will be acceptable.
FIA_X509_EXT.1 and FIA_X509_EXT.2 were removed from this version of the PP because the intent is to integrate the Functional Package for X.509. The only current use case for X.509 certificates in this PP is in the context of FTP_DIT_EXT.1. That SFR was updated to reference the functional package and the application note was updated to clarify the intended use of that package. Special attention to this is requested to ensure that the required X.509 claims are appropriate, or whether additional guidance is needed.
For example, the App PP did not previously have a requirement for certificate enrollment (e.g. FIA_X509_EXT.3 in the NDcPP), but this is now a required dependency in the X.509 package. Will this be an issue for vendors to meet?
Additionally, the X.509 Package has a large number of new requirements and additional selection options that were not present in the older version of the X.509 requirements. It is unclear whether we need to mandate or restrict certain options in these SFRs or if anything that conforms to the package will be acceptable.