jfisherbah
commented
2 years ago The following changes are proposed: a. Make FIA_X509_EXT.4 mandatory (it is currently Strictly Optional). b. Change FIA_X509_EXT.4 as follows:
FIA_X509_EXT.4.1 The TSF shall [selection: store and protect, invoke [assignment: platform storage mechanism] to store and protect] certificates from unauthorized deletion and modification.
FIA_X509_EXT.4.2 The TSF shall [selection: provide the capability for authorized administrators to load X.509v3 certificates into the TOE for use by the TSF, rely on [assignment: platform mechanism] to load X.509v3 certificates into [assignment: platform storage mechanism] for use by the TSF].
Application Note: This PP-Module assumes that any platform mechanism used for X.509 certificate loading is capable of enforcing access control to prevent unauthorized subjects from manipulating the contents of the certificate storage.
c. Update evaluation activities as follows to account for possibility of platform storage:
TSS
The evaluator shall examine the TSS to determine that it describes all certificate stores implemented that contain certificates used to meet the requirements of this PP-Module. This description shall contain information pertaining to how certificates are loaded into the store, and how the store is protected from unauthorized access.
If the TOE relies on a platform mechanism for certificate loading and storage, the evaluator shall verify that the TSS identifies this mechanism and describes how use of this mechanism is protected against unauthorized access.
Guidance
The evaluator shall check the administrative guidance to ensure that it describes how to load X.509 certificates into the TOE's certificate store, regardless of whether the TSF provides this mechanism itself or the TOE relies on a platform-provided mechanism for this.
Tests
The evaluator shall perform the following tests for each TOE function that requires the use of certificates:
Test 1: The evaluator shall demonstrate that using a certificate without a valid certification path results in the function failing. The evaluator shall then load any certificates needed to validate the certificate to be used in the function and demonstrate that the function succeeds. The evaluator then shall delete one of these dependent certificates and show that the function fails.
Test 2: The evaluator shall demonstrate that the mechanism used to load or configure X.509 certificates cannot be accessed without appropriate authorization.
Comment Mandate FIA_X509_EXT.4.1 requirements and update to include the use of platform storage.