search

commoncriteria / operatingsystem

Protection Profile for Operating Systems
The Unlicense
9 stars 6 forks source link

FTP_TRP - replace with extended component? #42

Closed jeffblank closed 9 years ago

jeffblank commented 9 years ago

look to network device, SVirt, or mobile device

bourdett commented 9 years ago

here is the req from server virt.

FTP_TRP.1 Trusted Path for Remote Administration

FTP_TRP.1.1 Refinement: The TSF shall use [selection: IPsec, TLS, TLS/HTTPS] to provide a trusted communication path between itself and remote administrators that is logically distinct from other communication paths and provides assured identification of its endpoints and protection of the communicated data from disclosure and detection of modification of the communicated data.

FTP_TRP.1.2 Refinement: The TSF shall permit remote administrators to initiate communication via the trusted path.

FTP_TRP.1.3 Refinement: The TSF shall require the use of the trusted path for all remote administration actions

ajcousi commented 9 years ago

Indeed - but it still mentions IPsec without saying what that needs to conform to!

I've changed teh wording slightly to give the following

FTP_ITC_EXT.1 Trusted channel communication

FTP_ITC_EXT.1.1 The OS shall use [selection: TLS as conforming to FCS_TLSC_EXT.1, DTLS as conforming to FCS_DTLS_EXT.1, IPsec as conforming to the IPsec VPN client PP <<--- this is the one we have issues with. ] to provide a trusted communication channel between itself and authorized IT entities supporting the following capabilities: [selection: audit server, authentication server, [assignment: other capabilities] ] that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detection of modification of the channel data. Application Note: The intent of the mandatory portion of the above requirement is to use the cryptographic protocols identified in the requirement to establish and maintain a trusted channel between the OS another trusted IT product. Assurance Activity FTP_ITC_EXT.1.2 The OS shall initiate communication via the trusted channel for administrative communication, configured enterprise connections, and software updates. Assurance Activity

ajcousi commented 9 years ago

updated to be in line with the MDF PP