ProtectionProfileforApplicationSoftware

Version:1.120141105

NationalInformationAssurancePartnership

RevisionHistory

Version Date Comment

v1.1 20141105 AdditiontoTLSciphersuiteselections

v1.0 20141020 Initialrelease

Contents

1.Introduction1.1.Overview1.2.Terms1.2.1.CommonCriteriaTerms1.2.2.TechnologyTerms1.3.CompliantTargetsofEvaluation1.3.1.TOEBoundary1.4.UseCases2.ConformanceClaims3.SecurityProblemDefinition3.1.Threats3.2.Assumptions3.3.OrganizationalSecurityPolicies4.SecurityObjectives4.1.SecurityObjectivesfortheTOE4.2.SecurityObjectivesfortheOperationalEnvironment4.3.SecurityObjectivesRationale5.SecurityRequirements5.1.SecurityFunctionalRequirements5.1.1.CryptographicSupport(FCS)5.1.2.UserDataProtection(FDP)5.1.3.IdentificationandAuthentication(FIA)5.1.4.SecurityManagement(FMT)5.1.5.ProtectionoftheTSF(FPT)5.1.6.TrustedPath/Channel(FTP)5.2.SecurityAssuranceRequirements5.2.1.ClassASE:SecurityTarget5.2.2.ClassADV:Development5.2.3.ClassAGD:GuidanceDocumentation5.2.4.ClassALC:LifecycleSupport5.2.5.ClassATE:Tests5.2.6.ClassAVA:VulnerabilityAssessmentAppendixA:OptionalRequirementsAppendixB:SelectionBasedRequirementsAppendixC:ObjectiveRequirementsAppendixD:EntropyDocumentationandAssessmentAppendixE:ReferencesAppendixF:Acronyms

1.Introduction

1.1Overview

ThescopeofthisProtectionProfile(PP)istodescribethesecurityfunctionalityofapplicationsoftwareintermsof[CC]andtodefinefunctionalandassurancerequirementsforsuchsoftware.Inrecentyears,softwareattackshaveshiftedfromtargetingoperatingsystemstotargetingapplications.Thishasbeenthenaturalresponsetoimprovementsinoperatingsystemsecurityanddevelopmentprocesses.Asaresult,itisparamountthatthesecurityofapplicationsbeimprovedtoreducetheriskofcompromise.

1.2Terms

ThefollowingsectionsprovidebothCommonCriteriaandtechnologytermsusedinthisProtectionProfile.

1.2.1CommonCriteriaTerms

CommonCriteria(CC) CommonCriteriaforInformationTechnologySecurityEvaluation.

CommonEvaluationMethodology(CEM)

CommonEvaluationMethodologyforInformationTechnologySecurityEvaluation.

ProtectionProfile(PP) Animplementationindependentsetofsecurityrequirementsforacategoryofproducts.

SecurityTarget(ST) Asetofimplementationdependentsecurityrequirementsforaspecificproduct.

TargetofEvaluation(TOE) Theproductunderevaluation.Inthiscase,applicationsoftwareanditssupportingdocumentation.

TOESecurityFunctionality(TSF)

Thesecurityfunctionalityoftheproductunderevaluation.

TOESummarySpecification(TSS)

AdescriptionofhowaTOEsatisfiestheSFRsinaST.

SecurityFunctionalRequirement(SFR)

ArequirementforsecurityenforcementbytheTOE.

SecurityAssuranceRequirement(SAR)

ArequirementtoassurethesecurityoftheTOE.

1.2.2TechnologyTerms

AddressSpaceLayoutRandomization(ASLR)

Anantiexploitationfeaturewhichloadsmemorymappingsintounpredictablelocations.ASLRmakesitmoredifficultforanattackertoredirectcontroltocodethattheyhaveintroducedintotheaddressspaceofanapplicationprocess.

Application(app)

Softwarethatrunsonaplatformandperformstasksonbehalfoftheuserorowneroftheplatform,aswellasitssupportingdocumentation.ThetermsTOEandapplicationareinterchangeableinthisdocument.

ApplicationProgrammingInterface(API)

Aspecificationofroutines,datastructures,objectclasses,andvariablesthatallowsanapplicationtomakeuseofservicesprovidedbyanothersoftwarecomponent,suchasalibrary.APIsareoftenprovidedforasetoflibrariesincludedwiththeplatform.

Credential Datathatestablishestheidentityofauser,e.g.acryptographickeyorpassword.

DataExecutionPrevention(DEP)

Anantiexploitationfeatureofmodernoperatingsystemsexecutingonmoderncomputerhardware,whichenforcesanonexecutepermissiononpagesofmemory.DEPpreventspagesofmemoryfromcontainingbothdataandinstructions,whichmakesitmoredifficultforanattackertointroduceandexecutecode.

Developer Anentitythatwritesapplicationsoftware.Forthepurposesofthisdocument,vendorsanddevelopersarethesame.

MobileCode Softwaretransmittedfromaremotesystemforexecutionwithinalimitedexecutionenvironmentonthelocalsystem.Typically,thereisnopersistentinstallationandexecutionbeginswithouttheuser'sconsentorevennotification.ExamplesofmobilecodetechnologiesincludeJavaScript,Javaapplets,AdobeFlash,andMicrosoftSilverlight.

OperatingSystem(OS)

Softwarethatmanageshardwareresourcesandprovidesservicesforapplications.

PersonallyIdentifiableInformation(PII)

Anyinformationaboutanindividualmaintainedbyanagency,including,butnotlimitedto,education,financialtransactions,medicalhistory,andcriminaloremploymenthistoryandinformationwhichcanbeusedtodistinguishortraceanindividual'sidentity,suchastheirname,socialsecuritynumber,dateandplaceofbirth,mothersmaidenname,biometricrecords,etc.,includinganyotherpersonalinformationwhichislinkedorlinkabletoanindividual.[OMB]

Platform Theenvironmentinwhichapplicationsoftwareruns.Theplatformcanbeanoperatingsystem,anexecutionenvironmentwhichrunsatopanoperatingsystem,orsomecombinationofthese.

SensitiveData Sensitivedatamayincludealluserorenterprisedataormaybespecificapplicationdatasuchasemails,messaging,documents,calendaritems,andcontacts.SensitivedatamustminimallyincludePII,credentials,andkeys.SensitivedatashallbeidentifiedintheapplicationsTSSbytheSTauthor.

StackCookie Anantiexploitationfeaturethatplacesavalueonthestackatthestartofafunctioncall,andchecksthatthevalueisthesameattheendofthefunctioncall.ThisisalsoreferredtoasStackGuard,orStackCanaries.

Vendor Anentitythatsellsapplicationsoftware.Forpurposesofthisdocument,vendorsanddevelopersarethesame.Vendorsareresponsibleformaintainingandupdatingapplicationsoftware.

1.3CompliantTargetsofEvaluation

Therequirementsinthisdocumentapplytoapplicationsoftwarewhichrunsonmobiledevices("apps"),aswellasondesktopandserverplatforms.SomeapplicationtypesarecoveredbymorespecificPPs,whichmaybeexpressedasExtendedPackagesofthisPP.SuchapplicationsaresubjecttotherequirementsofboththisPPandtheExtendedPackagethataddressestheirspecialfunctionality.PPsforsomeparticularlyspecializedapplicationsmaynotbeexpressedasEPsatthistime,thoughtherequirementsinthisdocumentshouldbeseenasobjectivesforthosehighlyspecializedapplications.

Althoughtherequirementsinthisdocumentapplytoawiderangeofapplicationsoftware,consultguidancefromtherelevantnationalschemestodeterminewhenformalCommonCriteriaevaluationisexpectedforaparticulartypeofapplication.Thismayvarydependinguponthenatureofthesecurityfunctionalityoftheapplication.

1.3.1TOEBoundaryAnapplicationisdefinedassoftwarethatrunsonaplatformandperformstasksonbehalfoftheuserorownerofthesystem.Theapplicationconsistsofthesoftwareprovidedbyitsvendorandwhichisinstalledontothefilesystemprovidedbytheoperatingsystem.Itexecutesontheplatform,whichmaybeanoperatingsystem(Figure1),anexecutionenvironment,orsomecombinationofthese(Figure2).Someassuranceactivitiesarespecifictotheparticularplatformonwhichtheapplicationruns,inordertoprovideprecisionandrepeatability.Testactivitiesareactivelysoughtfromplatformvendorssothatcoverageacrossplatformsisascompleteandaccurateaspossible.Thiswillalsoenablecertificationofapplicationsonthoseplatforms.

Applicationsincludesadiverserangeofsoftwaresuchasofficesuites,thinclients,PDFreaders,anddownloadablesmartphoneapps.TheTOEincludesanysoftwareintheapplicationinstallationpackage,eventhosepiecesthatmayextendthefunctionalityoftheunderlyingplatform,suchaskerneldrivers.Manyplatformscomebundledwithapplicationssuchaswebbrowsers,emailclientsandmediaplayersandthesetooshouldbeconsideredsubjecttotherequirementsdefinedinthisdocumentalthoughtheexpectationofformalCommonCriteriaevaluationdependsuponthenationalscheme.BIOSandotherfirmware,theoperatingsystemkernel,andothersystemssoftware(anddrivers)providedaspartoftheplatformareoutsidethescopeofthisdocument.

Figure1:TOEasanApplicationandKernelModuleRunningonanOperatingSystem

Figure2:TOEasanApplicationRunninginanExecutionEnvironmentPlusNativeCode

1.4UseCases

RequirementsinthisProtectionProfilearedesignedtoaddressthesecurityprobleminthefollowingusecases.Theseusecasesareintentionallyverybroad,asmanyspecificusecasesexistforapplicationsoftware.Manyapplicationsmaybeusedincombinationsofthesebroadusecases,andevaluationagainstExtendedPackagesofthisPP,whenavailable,maybemostappropriateforsomeapplicationtypes.

[USECASE1]ContentCreationTheapplicationallowsausertocreatecontent,savingittoeitherlocalorremotestorage.Examplecontentincludestextdocuments,presentations,andimages.

[USECASE2]ContentConsumptionTheapplicationallowsausertoconsumecontent,retrievingitfromeitherlocalorremotestorage.Examplecontentincludeswebpagesandvideo.

[USECASE3]CommunicationTheapplicationallowsforcommunicationinteractivelyornoninteractivelywithotherusersorapplicationsoveracommunicationschannel.Examplecommunicationsincludeinstantmessages,email,andvoice.

2.ConformanceClaimsConformanceStatement

TobeconformanttothisPP,aSTmustdemonstrateExactConformance,asubsetofStrictConformanceasdefinedin[CC]Part1(ASE_CCL).TheSTmustincludeallcomponentsinthisPPthatare:

unconditional(whicharealwaysrequired)selectionbased(whicharerequiredwhencertainselectionsarechosenintheunconditionalrequirements)

andmayincludecomponentsthatareoptionalorobjective.

Unconditionalrequirementsarefoundinthemainbodyofthedocument,whileappendicescontaintheselectionbased,optional,andobjectiverequirements.TheSTmayiterateanyofthesecomponents,butitmustnotincludeanyadditionalcomponent(e.g.fromCCPart2or3oraPPnotconformantwiththisone,orextendedbytheST)notdefinedinthisPPoraPPconformanttothisone.SeeSection1.3regardingmorespecificPPsthatmayextendthisone.

CCConformanceClaimsThisPPisconformanttoParts2(extended)and3(extended)ofCommonCriteriaVersion3.1,Revision4.[CC].

PPClaimThisPPdoesnotclaimconformancetoanyotherProtectionProfile.

PackageClaimThisPPdoesnotclaimconformancetoanypackages.

3.SecurityProblemDefinition

ThesecurityproblemisdescribedintermsofthethreatsthattheTOEisexpectedtoaddress,assumptionsabouttheoperationalenvironment,andanyorganizationalsecuritypoliciesthattheTOEisexpectedtoenforce.

3.1Threats

T.NETWORK_ATTACKAnattackerispositionedonacommunicationschannelorelsewhereonthenetworkinfrastructure.Attackersmayengageincommunicationswiththeapplicationsoftwareoraltercommunicationsbetweentheapplicationsoftwareandotherendpointsinordertocompromiseit.

T.NETWORK_EAVESDROPAnattackerispositionedonacommunicationschannelorelsewhereonthenetworkinfrastructure.Attackersmaymonitorandgainaccesstodataexchangedbetweentheapplicationandotherendpoints.

T.LOCAL_ATTACKAnattackercanactthroughunprivilegedsoftwareonthesamecomputingplatformonwhichtheapplicationexecutes.Attackersmayprovidemaliciouslyformattedinputtotheapplicationintheformoffilesorotherlocalcommunications.

T.PHYSICAL_ACCESSAnattackermaytrytoaccesssensitivedataatrest.

3.2Assumptions

A.PLATFORMTheTOEreliesuponatrustworthycomputingplatformforitsexecution.ThisincludestheunderlyingplatformandwhateverruntimeenvironmentitprovidestotheTOE.

A.PROPER_USERTheuseroftheapplicationsoftwareisnotwillfullynegligentorhostile,andusesthesoftwareincompliancewiththeappliedenterprisesecuritypolicy.

A.PROPER_ADMINTheadministratoroftheapplicationsoftwareisnotcareless,willfullynegligentorhostile,andadministersthesoftwarewithincomplianceoftheappliedenterprisesecuritypolicy.

3.3OrganizationalSecurityPolicies

TherearenoOSPsfortheapplication.

4.SecurityObjectives

4.1SecurityObjectivesfortheTOE

O.INTEGRITYConformantTOEsensuretheintegrityoftheirinstallationandupdatepackages,andalsoleverageexecutionenvironmentbasedmitigations.Softwareisseldomifevershippedwithouterrors,andtheabilitytodeploypatchesandupdatestofieldedsoftwarewithintegrityiscriticaltoenterprisenetwork

security.Processormanufacturers,compilerdevelopers,executionenvironmentvendors,andoperatingsystemvendorshavedevelopedexecutionenvironmentbasedmitigationsthatincreasethecosttoattackersbyaddingcomplexitytothetaskofcompromisingsystems.ApplicationsoftwarecanoftentakeadvantageofthesemechanismsbyusingAPIsprovidedbytheruntimeenvironmentorbyenablingthemechanismthroughcompilerorlinkeroptions.Addressedby:FDP_DEC_EXT.1,FMT_CFG_EXT.1,FPT_AEX_EXT.1,FPT_TUD_EXT.1

O.QUALITYToensurequalityofimplementation,conformantTOEsleverageservicesandAPIsprovidedbytheruntimeenvironmentratherthanimplementingtheirownversionsoftheseservicesandAPIs.Thisisespeciallyimportantforcryptographicservicesandothercomplexoperationssuchasfileandmediaparsing.LeveragingthisplatformbehaviorreliesuponusingonlydocumentedandsupportedAPIs.Addressedby:FMT_MEC_EXT.1,FPT_API_EXT.1,FPT_LIB_EXT.1

O.MANAGEMENTTofacilitatemanagementbyusersandtheenterprise,conformantTOEsprovideconsistentandsupportedinterfacesfortheirsecurityrelevantconfigurationandmaintenance.Thisincludesthedeploymentofapplicationsandapplicationupdatesthroughtheuseofplatformsupporteddeploymentmechanismsandformats,aswellasprovidingmechanismsforconfiguration.Addressedby:FMT_SMF.1,FPT_IDV_EXT.1,FPT_TUD_EXT.1.5

O.PROTECTED_STORAGEToaddresstheissueoflossofconfidentialityofuserdataintheeventoflossofphysicalcontrolofthestoragemedium,conformantTOEswillusedataatrestprotection.ThisinvolvesencryptingdataandkeysstoredbytheTOEinordertopreventunauthorizedaccesstothisdata.Addressedby:FDP_DAR_EXT.1,FCS_STO_EXT.1,FCS_RBG_EXT.1

O.PROTECTED_COMMSToaddressbothpassive(eavesdropping)andactive(packetmodification)networkattackthreats,conformantTOEswilluseatrustedchannelforsensitivedata.Sensitivedataincludescryptographickeys,passwords,andanyotherdataspecifictotheapplicationthatshouldnotbeexposedoutsideoftheapplication.Addressedby:FTP_DIT_EXT.1,FCS_TLSC_EXT.1,FCS_DTLS_EXT.1,FCS_RBG_EXT.1

4.2SecurityObjectivesfortheOperationalEnvironment

ThefollowingsecurityobjectivesfortheoperationalenvironmentassisttheTOEincorrectlyprovidingitssecurityfunctionality.Thesetrackwiththeassumptionsabouttheenvironment.

OE.PLATFORMTheTOEreliesuponatrustworthycomputingplatformforitsexecution.ThisincludestheunderlyingoperatingsystemandanydiscreteexecutionenvironmentprovidedtotheTOE.

OE.PROPER_USERTheuseroftheapplicationsoftwareisnotwillfullynegligentorhostile,andusesthesoftwarewithincomplianceoftheappliedenterprisesecuritypolicy.

OE.PROPER_ADMINTheadministratoroftheapplicationsoftwareisnotcareless,willfullynegligentorhostile,andadministersthesoftwarewithincomplianceoftheappliedenterprisesecuritypolicy.

4.3SecurityObjectivesRationale

Thissectiondescribeshowtheassumptions,threats,andorganizationalsecuritypoliciesmaptothesecurityobjectives.

Threat,Assumption,orOSP SecurityObjectives Rationale

T.NETWORK_ATTACK O.PROTECTED_COMMS,O.INTEGRITY,O.MANAGEMENT

ThethreatT.NETWORK_ATTACKiscounteredbyO.PROTECTED_COMMSasthisprovidesforintegrityoftransmitteddata.ThethreatT.NETWORK_ATTACKiscounteredbyO.INTEGRITYasthisprovidesforintegrityofsoftwarethatisinstalledontothesystemfromthenetwork.ThethreatT.NETWORK_ATTACKiscounteredbyO.MANAGEMENTasthisprovidesfortheabilitytoconfiguretheapplicationtodefendagainstnetworkattack.

T.NETWORK_EAVESDROP O.PROTECTED_COMMS,O.QUALITY,O.MANAGEMENT

ThethreatT.NETWORK_EAVESDROPiscounteredbyO.PROTECTED_COMMSasthisprovidesforconfidentialityoftransmitteddata.TheobjectiveO.QUALITYensuresuseofmechanismsthatprovideprotectionagainstnetworkbasedattack.ThethreatT.NETWORK_EAVESDROPiscounteredbyO.MANAGEMENTasthisprovidesfortheabilitytoconfiguretheapplicationtoprotecttheconfidentialityofitstransmitteddata.

T.LOCAL_ATTACK O.QUALITY TheobjectiveO.QUALITYprotectsagainsttheuseofmechanismsthatweakentheTOEwithregardtoattackbyothersoftwareontheplatform.

T.PHYSICAL_ACCESS O.PROTECTED_STORAGE TheobjectiveO.PROTECTED_STORAGEprotectsagainstunauthorizedattemptstoaccessphysicalstorageusedbytheTOE.

A.PLATFORM OE.PLATFORM TheoperationalenvironmentobjectiveOE.PLATFORMisrealizedthroughA.PLATFORM.

A.PROPER_USER OE.PROPER_USER TheoperationalenvironmentobjectiveOE.PROPER_USERisrealizedthroughA.PROPER_USER.

A.PROPER_ADMIN OE.PROPER_ADMIN TheoperationalenvironmentobjectiveOE.PROPER_ADMINisrealizedthroughA.PROPER_ADMIN.

5.SecurityRequirementsThischapterdescribesthesecurityrequirementswhichhavetobefulfilledbytheTOE.ThoserequirementscomprisefunctionalcomponentsfromPart2andassurancecomponentsfromPart3of[CC].Thefollowingnotationsareused:

Refinementoperation(denotedbyboldtext):isusedtoadddetailstoarequirement,andthusfurtherrestrictsarequirement.Selection(denotedbyitalicizedtext):isusedtoselectoneormoreoptionsprovidedbythe[CC]instatingarequirement.Assignmentoperation(denotedbyitalicizedtext):isusedtoassignaspecificvaluetoanunspecifiedparameter,suchasthelengthofapassword.Showingthevalueinsquarebracketsindicatesassignment.Iterationoperation:areidentifiedwithanumberinsideparentheses(e.g."(1)")

5.1SecurityFunctionalRequirements

TheSecurityFunctionalRequirementsincludedinthissectionarederivedfromPart2oftheCommonCriteriaforInformationTechnologySecurityEvaluation,Version3.1,Revision4,withadditionalextendedfunctionalcomponents.

5.1.1CryptographicSupport(FCS)

FCS_RBG_EXT.1RandomBitGenerationServices

FCS_RBG_EXT.1.1Theapplicationshall[selection:

usenoDRBGfunctionality,invokeplatformprovidedDRBGfunctionality,implementDRBGfunctionality

]foritscryptographicoperations.

ApplicationNote:IfimplementDRBGfunctionalityischosen,thenadditionalFCS_RBG_EXT.2elementsshallbeincludedintheST.Inthisrequirement,cryptographicoperationsincludeallcryptographickeygeneration/derivation/agreement,IVs(forcertainmodes),aswellasprotocolspecificrandomvalues.

AssuranceActivity

IfusenoDRBGfunctionalityisselected,theevaluatorshallinspecttheapplicationanditsdeveloperdocumentationandverifythattheapplicationneedsnorandombitgenerationservices.

IfimplementDRBGfunctionalityisselected,theevaluatorshallensurethatadditionalFCS_RBG_EXT.2elementsareincludedintheST.

IfinvokeplatformprovidedDRBGfunctionalityisselected,theevaluationactivitieswillbeperformedasstatedinthefollowingrequirements.TheevaluatorshallverifythattheTSSidentifiesthecallsusedinacquiringrandomfromeachinstantiationoftheRBGusedfortheapplication'scryptographicfunctionality.Theevaluatorshallensurethatrandombitsareacquiredproperlyfromthe

platform.Thisvariesonaperplatformbasis:

ForBlackBerry:TheevaluatorshallverifythattheapplicationinvokesSecurityBuilderCryptoGSE.

ForAndroid:Theevaluatorshallverifythattheapplicationusesatleastoneofjavax.crypto.KeyGeneratorclassorthejava.security.SecureRandomclassor/dev/random or/dev/urandom.

ForWindows:TheevaluatorshallverifythatBCryptGenRandomorCryptGenRandomAPIisusedforclassicdesktopapplications.TheevaluatorshallverifythattheSystem.RandomAPIisusedforWindowsStoreApplications.Infutureversionsofthisdocument,CryptGenRandommayberemovedasanoptionasitisnolongerthepreferredAPIpervendordocumentation.

ForiOS:TheevaluatorshallverifythattheapplicationinvokesSecRandomCopyBytesoruses/dev/randomdirectlytoacquirerandom.

ForLinux:Theevaluatorshallverifythattheapplicationcollectsrandomfrom/dev/randomor/dev/urandom.

ForSolaris:Theevaluatorshallverifythattheapplicationcollectsrandomfrom/dev/random.

ForMacOSX:Theevaluatorshallverifythattheapplicationuses/dev/randomtoacquirerandom.Ifinvocationofplatformprovidedfunctionalityisachievedinanotherway,theevaluatorshallensuretheTSSdescribeshowthisiscarriedout,andhowitisequivalenttothemethodslistedhere(e.g.higherlevelAPIinvokesidenticallowlevelAPI).

FCS_STO_EXT.1StorageofSecrets

FCS_STO_EXT.1.1Theapplicationshall[selection:

notstoreanycredentials,invokethefunctionalityprovidedbytheplatformtosecurelystore[assignment:listofcredentials],implementfunctionalitytosecurelystore[assignment:listofcredentials]

]tononvolatilememory.

ApplicationNote:Thisrequirementensuresthatpersistentcredentials(secretkeys,PKIprivatekeys,orpasswords)arestoredsecurelywhennotinuse.

Ifimplementfunctionalitytosecurelystorecredentialsisselected,thenthefollowingrequirementsmustbeincludedintheST:FCS_COP.1(1).Ifothercryptographicoperationsareusedtoimplementthesecurestorageofcredentials,thecorrespondingrequirementsmustbeincludedintheST.

AssuranceActivity

TheevaluatorshallchecktheTSStoensurethatitlistsallpersistent

credentials(secretkeys,PKIprivatekeys,orpasswords)neededtomeettherequirementsintheST.Foreachoftheseitems,theevaluatorshallconfirmthattheTSSlistsforwhatpurposeitisused,andhowitisstored.

Forallcredentialsforwhichtheapplicationinvokesplatformprovidedfunctionality,theevaluatorshallperformthefollowingactionswhichvaryperplatform.

ForBlackBerry:TheevaluatorshallverifythattheapplicationusestheBlackBerryKeyStoreandSecurityBuilderAPIstostorecredentials.

ForAndroid:TheevaluatorshallverifythattheapplicationusestheAndroidKeyStoretostorecertificates.

ForWindows:TheevaluatorshallverifythatallcertificatesarestoredintheWindowsCertificateStore.Theevaluatorshallverifythatothersecrets,likepasswords,arestoredintheWindowsCredentialManagerorstoredusingtheDataProtectionAPI(DPAPI).ForWindowsStoreApps,theevaluatorshallverifythattheapplicationisusingtheProtectDataclassandstoringcredentialsinIsolatedStorage.

ForiOS:TheevaluatorshallverifythatallcredentialsarestoredwithinaKeychain.

ForLinux:TheevaluatorshallverifythatallkeysarestoredusingLinuxkeyrings.

ForSolaris:TheevaluatorshallverifythatallkeysarestoredusingSolarisKey Management Framework (KMF).

ForMacOSX:TheevaluatorshallverifythatallcredentialsarestoredwithinKeychain.

5.1.2UserDataProtection(FDP)

FDP_DEC_EXT.1AccesstoPlatformResources

FDP_DEC_EXT.1.1Theapplicationshallprovideuserawarenessofitsintenttoaccess[selection:

nohardwareresources,networkconnectivity,camera,microphone,locationservices,NFC,USB,Bluetooth,[assignment:listofadditionalhardwareresources]

].

ApplicationNote:Theevaluatorshouldensurethattheselectioncapturesallplatformhardwareresourceswhichtheapplicationintendstoaccess.The

requirementiswordedinthiswayduetothediversityofmethodsbywhichuserawarenesscanbeachieved,whichvariesperplatform.Selectionsshouldbeexpressedinamannerconsistentwithhowtheapplicationexpressesitsaccessneedstotheunderlyingplatform.Forexample,theplatformmayprovidelocationserviceswhichimpliesthepotentialuseofavarietyofhardwareresources(e.g.satellitereceivers,WiFi,cellularradio)yetlocationservicesistheproperselection.Thisisbecauseuseoftheseresourcescanbeinferred,butalsobecausetheactualusagemayvarybasedontheparticularplatform.Resourcesthatdonotneedtobeexplicitlyidentifiedarethosewhichareordinarilyusedbyanyapplicationsuchascentralprocessingunits,mainmemory,displays,inputdevices(e.g.keyboards,mice),andpersistentstoragedevicesprovidedbytheplatform.

AssuranceActivity

Theevaluatorshallinstallandruntheapplicationandinspectitsuserdocumentationtoverifythattheuserisinformedofanyneedtoaccesshardwareresources.Themethodofdoingsovariesperplatform.

ForBlackBerry:Theevaluatorshallinstalltheapplicationandrunitforthefirsttime.Theevaluatorshallverifythattheapplicationdisplaysallplatformresourcesitwouldliketoaccess.Note:Iftheusergoesto:App permissions > Settings > Security andPrivacy > Application Permissions > Select applicationin question,itwilllistwhichplatformresourceareapproved/deniedandcanbechanged.

ForAndroid:Theevaluatorshallinstalltheapplicationandverifythattheapplicationdisplaystheplatformresourcesitwouldliketoaccess.ThisincludespermissionssuchasACCESS_COARSE_LOCATION,ACCESS_FINE_LOCATION,BLUETOOTH,CAMERA,INTERNET,NFC,READ_EXTERNAL_STORAGE,RECORD_AUDIO.AcompletelistofAndroidpermissionscanbefoundat:

http://developer.android.com/reference/android/Manifest.permission.htmlhttp://developer.android.com/reference/android/Manifest.permission_group.html

ForWindows:ForWindowsStoreAppstheevaluatorshallchecktheWMAppManifest.xmlfileforalistofrequiredhardwarecapabilities.Theevaluatorshallverifythattheuserismadeawareoftherequiredhardwarecapabilitieswhentheapplicationisfirstinstalled.ThisincludespermissionssuchasID_CAP_ISV_CAMERA,ID_CAP_LOCATION,ID_CAP_NETWORKING,ID_CAP_MICROPHONE,ID_CAP_PROXIMITYandsoon.AcompletelistofWindowsApppermissionscanbefoundat:

http://msdn.microsoft.com/enUS/library/windows/apps/jj206936.aspx

ForWindowsDesktopApplicationstheevaluatorshallverifythateithertheapplicationorthedocumentationprovidetheuserwithalistoftherequiredhardwareresources.

ForiOS:Theevaluatorshallverifythateithertheapplicationorthedocumentationprovidetheuserwithalistoftherequiredhardwareresources.

ForLinux:Theevaluatorshallverifythateithertheapplication

softwareoritsdocumentationprovidestheuserwithalistoftherequiredhardwareresources.

ForSolaris:Theevaluatorshallverifythateithertheapplicationsoftwareoritsdocumentationprovidestheuserwithalistoftherequiredhardwareresources.

ForMacOSX:Theevaluatorshallverifythateithertheapplicationsoftwareoritsdocumentationprovidestheuserwithalistoftherequiredhardwareresources.

FDP_DEC_EXT.1.2Theapplicationshallprovideuserawarenessofitsintenttoaccess[selection:

nosensitiveinformationrepositories,addressbook,calendar,calllists,systemlogs,[assignment:listofadditionalsensitiveinformationrepositories]

].

ApplicationNote:Sensitiveinformationrepositoriesaredefinedasthosecollectionsofsensitivedatathatcouldbeexpectedtobesharedamongsomeapplications,users,oruserroles,buttowhichnotallofthesewouldordinarilyrequireaccess.Theintentisfortheevaluatortoensurethattheselectioncapturesallsensitiveinformationrepositorieswhichtheapplicationisintendedtoaccess.Therequirementiswordedinthiswayduetothediversityofmethodsbywhichuserawarenesscanbeachieved,whichvariesperplatform.

AssuranceActivity

Theevaluatorshallensurethattheselectioncapturesallsensitiveinformationrepositorieswhichtheapplicationisintendedtoaccess.Theevaluatorshallinstallandruntheapplicationsoftwareandinspectitsuserdocumentationtoverifythattheuserisinformedofanyneedtoaccesstheserepositories.Themethodofdoingsovariesperplatform.

ForBlackBerry:Theevaluatorshallinstalltheapplicationandrunitforthefirsttime.Theevaluatorshallverifythattheapplicationdisplaysallplatformresourcesitwouldliketoaccess.

ForAndroid:Theevaluatorshallinstalltheapplicationandverifythattheapplicationdisplaysthepermissionsusedtoaccesssystemwiderepositories.ThisincludespermissionssuchasREAD_CALENDAR,READ_CALL_LOG,READ_CONTACTS,READ_EXTERNAL_STORAGE,READ_LOGS.AcompletelistofAndroidpermissionscanbefoundat:

http://developer.android.com/reference/android/Manifest.permission.htmlhttp://developer.android.com/reference/android/Manifest.permission_group.html

ForWindows:ForWindowsStoreAppstheevaluatorshallchecktheWMAppManifest.xmlfileforalistofrequiredcapabilities.Theevaluatorshallverifythattheuserismadeawareoftherequiredinformationrepositorieswhentheapplicationisfirstinstalled.This

includespermissionssuchasID_CAP_CONTACTS,ID_CAP_APPOINTMENTS,ID_CAP_MEDIALIBandsoon.AcompletelistofWindowsApppermissionscanbefoundat:

http://msdn.microsoft.com/enUS/library/windows/apps/jj206936.aspx

ForWindowsDesktopApplicationtheevaluatorshallverifythateithertheapplicationsoftwareoritsdocumentationprovidestheuserwithalistoftherequiredsensitiveinformationrepositories.

ForiOS:Theevaluatorshallverifythateithertheapplicationsoftwareoritsdocumentationprovidesprovidestheuserwithalistoftherequiredsensitiveinformationrepositories.

ForLinux:Theevaluatorshallverifythateithertheapplicationsoftwareoritsdocumentationprovidestheuserwithalistofrequiredsensitiveinformationrepositories.

ForSolaris:Theevaluatorshallverifythateithertheapplicationsoftwareoritsdocumentationprovidestheuserwithalistofrequiredsensitiveinformationrepositories.

ForMacOSX:Theevaluatorshallverifythateithertheapplicationsoftwareoritsdocumentationprovidestheuserwithalistofrequiredsensitiveinformationrepositories.

FDP_DEC_EXT.1.3Theapplicationshallonlyseekaccesstothoseresourcesforwhichithasprovidedajustificationtoaccess.

AssuranceActivity

Theevaluatorshallreviewdocumentationprovidedbytheapplicationdeveloperandforeachresourcewhichitrequestsaccessto,identifythejustificationastowhyaccessisrequired.

FDP_DEC_EXT.1.4Theapplicationshallrestrictnetworkcommunicationto[selection:

nonetworkcommunication,userinitiatedcommunicationfor[assignment:listoffunctionsforwhichtheusercaninitiatenetworkcommunication],respondto[assignment:listofremotelyinitiatedcommunication],[assignment:listofapplicationinitiatednetworkcommunication]

].

ApplicationNote:Thisrequirementisintendedtorestrictbothinboundandoutboundnetworkcommunicationstoonlythoserequired,ortonetworkcommunicationsthatareuserinitiated.Itdoesnotapplytonetworkcommunicationsinwhichtheapplicationmaygenericallyaccessthefilesystemwhichmayresultintheplatformaccessingremotelymounteddrives/shares.

AssuranceActivity

Theevaluatorshallperformthefollowingtests:

Test1:Theevaluatorshallruntheapplication.Whiletheapplicationisrunning,theevaluatorshallsniffnetworktrafficignoringallnonapplicationassociatedtrafficandverifythatanynetworkcommunicationswitnessedaredocumentedintheTSSorareuserinitiated.Test2:Theevaluatorshallruntheapplication.Aftertheapplicationinitializes,theevaluatorshallrunnetworkportscanstoverifythatanyportsopenedbytheapplicationhavebeencapturedintheSTforthethirdselectionanditsassignment.Thisincludesconnectionbasedprotocols(e.g.TCP,DCCP)aswellasconnectionlessprotocols(e.g.UDP).

FDP_DEC_EXT.1.5Theapplicationshall[selection:

nottransmitPIIoveranetwork,requireuserapprovalbeforeexecuting[assignment:listoffunctionsthattransmitPIIoveranetwork]

].

ApplicationNote:ThisrequirementonlyappliestoPIIthatisspecificallyrequestedbytheapplicationitdoesnotapplyiftheuservolunteersPIIwithoutpromptingfromtheapplicationintoageneral(orinappropriate)datafield.AdialogboxthatdeclaresintenttosendPIIpresentedtotheuseratthetimetheapplicationisstartedissufficienttomeetthisrequirement.

AssuranceActivity

TheevaluatorshallinspecttheTSSdocumentationtoidentifyfunctionalityintheapplicationwherePIIcanbetransmitted,andperformthefollowingtests.

Test1:TheevaluatorshallruntheapplicationandexercisethefunctionalityresponsiblyfortransmittingPIIandverifythatuserapprovalisrequiredbeforetransmissionofthePII.

FDP_DAR_EXT.1EncryptionOfSensitiveApplicationData

FDP_DAR_EXT.1.1Theapplicationshall[selection:

leverageplatformprovidedfunctionalitytoencryptsensitivedata,implementfunctionalitytoencryptsensitivedata,notstoreanysensitivedata

]innonvolatilememory.

ApplicationNote:Ifimplementfunctionalitytoencryptsensitivedataisselected,thenevaluationisrequiredagainsttheApplicationSoftwareProtectionProfileExtendedPackage:FileEncryption.

Anyfilethatmaypotentiallycontainsensitivedata(toincludetemporaryfiles)shallbeprotected.Theonlyexceptionisiftheuserintentionallyexportsthesensitivedatatononprotectedfiles.

AssuranceActivity

Theevaluatorshallinventorythefilesystemlocationswheretheapplicationmaywritedata.Theevaluatorshallruntheapplicationandattempttostoresensitivedata.Theevaluatorshalltheninspectthoseareasofthefilesystemtonotewheredatawasstored(ifany),anddeterminewhetherithasbeenencrypted.

Ifnotstoreanysensitivedataisselected,theevaluatorshallinspecttheTSSandensurethatitdescribeshowsensitivedatacannotbewrittentononvolatilememory.Theevaluatorshallalsoensurethatthisisconsistentwiththefilesystemtestabove.

Ifimplementfunctionalitytoencryptsensitivedataisselected,thenevaluationisrequiredagainsttheApplicationSoftwareProtectionProfileExtendedPackage:FileEncryption.Theevaluatorshallensurethatsuchevaluationisunderway.

Ifleverageplatformprovidedfunctionalityisselected,theevaluationactivitieswillbeperformedasstatedinthefollowingrequirements,whichvaryonaperplatformbasis:

ForBlackBerry:TheevaluatorshallinspecttheTSSandensurethatitdescribeshowtheapplicationusestheAdvancedDataatRestProtectionAPIandhowtheapplicationusestheappropriatedomaintostoreandprotecteachdatafile.

ForAndroid:TheevaluatorshallinspecttheTSSandverifythatitdescribeshowfilescontainingsensitivedataarestoredwiththeMODE_PRIVATEflagset.

ForWindows:TheWindowsplatformcurrentlydoesnotprovidedataatrestencryptionserviceswhichdependuponinvocationbyapplicationdevelopers.TheevaluatorshallverifythattheOperationalUserGuidancemakestheneedtoactivateplatformencryption,suchasBitLockerorEncryptingFileSystem(EFS),cleartotheenduser.

ForiOS:TheevaluatorshallinspecttheTSSandensurethatitdescribeshowtheapplicationusestheCompleteProtection,ProtectedUnlessOpen,orProtectedUntilFirstUserAuthenticationDataProtectionClassforeachdatafilestoredlocally.

ForLinux:TheLinuxplatformcurrentlydoesnotprovidedataatrestencryptionserviceswhichdependuponinvocationbyapplicationdevelopers.TheevaluatorshallverifythattheOperationalUserGuidancemakestheneedtoactivateplatformencryptioncleartotheenduser.

ForSolaris:TheSolarisplatformcurrentlydoesnotprovidedataatrestencryptionserviceswhichdependuponinvocationbyapplicationdevelopers.TheevaluatorshallverifythattheOperationalUserGuidancemakestheneedtoactivateplatformencryptioncleartotheenduser.

ForMacOSX:TheMacOSXplatformcurrentlydoesnotprovidedataatrestencryptionserviceswhichdependuponinvocationbyapplicationdevelopers.TheevaluatorshallverifythattheOperationalUserGuidancemakestheneedtoactivateplatformencryptioncleartotheenduser.

5.1.3IdentificationandAuthentication(FIA)

5.1.4SecurityManagement(FMT)

FMT_MEC_EXT.1SupportedConfigurationMechanism

FMT_MEC_EXT.1.1Theapplicationshallinvokethemechanismsrecommendedbytheplatformvendorforstoringandsettingconfigurationoptions.

ApplicationNote:Configurationoptionsthatarestoredremotelyarenotsubjecttothisrequirement.

AssuranceActivity

TheevaluatorshallreviewtheTSStoidentifytheapplication'sconfigurationoptions(e.g.settings)anddeterminewhetherthesearestoredandsetusingthemechanismssupportedbytheplatform.Themethodofdoingsovariesperplatform.

ForBlackBerry:Theevaluatorshallruntheapplicationandmakesecurityrelatedchangestoitsconfiguration.Theevaluatorshallcheckthatatleastonefileintheappfolderoftheapplicationworkingdirectorywasmodifiedtoreflectthechangemade.

ForAndroid:Theevaluatorshallruntheapplicationandmakesecurityrelatedchangestoitsconfiguration.TheevaluatorshallcheckthatatleastoneXMLfileatlocation/data/data/package/shared_prefs/reflectsthechangesmadetotheconfigurationtoverifythattheapplicationusedSharedPreferencesand/orPreferenceActivityclassesforstoringconfigurationdata,wherepackageistheJavapackageoftheapplication.

ForWindows:TheevaluatorshalldetermineandverifythatWindowsStoreAppapplicationsuseeithertheWindows.UI.ApplicationSettingsnamespaceortheIsolatedStorageSettingsnamespaceforstoringapplicationspecificsettings.ForClassicDesktopapplications,theevaluatorshallruntheapplicationwhilemonitoringitwiththeSysInternaltoolProcMonandmakechangestoitsconfiguration.TheevaluatorshallverifythatProcMonlogsshowcorrespondingchangestothetheWindowsRegistry.

ForiOS:Theevaluatorshallverifythattheappusestheuserdefaults systemorkey-value storeforstoringallsettings.

ForLinux:Theevaluatorshallruntheapplicationwhilemonitoringitwiththeutilitystrace.Theevaluatorshallmakesecurityrelatedchangestoitsconfiguration.Theevaluatorshallverifythatstracelogscorrespondingchangestoconfigurationfilesthatresidein/etc(forsystemspecificconfiguration)orintheuser'shomedirectory(foruserspecificconfiguration).

ForSolaris:Theevaluatorshallruntheapplicationwhilemonitoringitwiththeutilitydtrace.Theevaluatorshallmakesecurityrelatedchangestoitsconfiguration.Theevaluatorshallverifythatdtrace

logscorrespondingchangestoconfigurationfilesthatresidein/etc(forsystemspecificconfiguration)orintheuser'shomedirectory(foruserspecificconfiguration).

ForMacOSX:TheevaluatorshallverifythattheapplicationstoresandretrievessettingsusingtheNSUserDefaultsclass.

FMT_CFG_EXT.1SecurebyDefaultConfiguration

FMT_CFG_EXT.1.1Theapplicationshallonlyprovideenoughfunctionalitytosetnewcredentialswhenconfiguredwithdefaultcredentialsornocredentials.

ApplicationNote:Defaultcredentialsarecredentials(e.g.,passwords,keys)thatareautomatically(withoutuserinteraction)loadedontotheplatformduringapplicationinstallation.CredentialsthataregeneratedduringinstallationusingrequirementslaidoutinFCS_RBG_EXT.1arenotbydefinitiondefaultcredentials.

AssuranceActivity

TheevaluatorshallchecktheTSStodetermineiftheapplicationrequiresanytypeofcredentialsandiftheapplicationsinstallswithdefaultcredentials.Iftheapplicationusesanydefaultcredentialstheevaluatorshallrunthefollowingtests.

Test1:Theevaluatorshallinstallandruntheapplicationwithoutgeneratingorloadingnewcredentialsandverifythatonlytheminimalapplicationfunctionalityrequiredtosetnewcredentialsisavailable.Test2:Theevaluatorshallattempttoclearallcredentialsandverifythatonlytheminimalapplicationfunctionalityrequiredtosetnewcredentialsisavailable.Test3:Theevaluatorshallruntheapplication,establishnewcredentialsandverifythattheoriginaldefaultcredentialsnolongerprovideaccesstotheapplication.

FMT_CFG_EXT.1.2Theapplicationshallbeconfiguredbydefaultwithfilepermissionswhichprotectitanditsdatafromunauthorizedaccess.

ApplicationNote:Thepreciseexpectationsforfilepermissionsvaryperplatformbutthegeneralintentionisthatatrustboundaryprotectstheapplicationanditsdata.

AssuranceActivity

Theevaluatorshallinstallandruntheapplication.Theevaluatorshallinspectthefilesystemoftheplatform(totheextentpossible)foranyfilescreatedbytheapplicationandensurethattheirpermissionsareadequatetoprotectthem.Themethodofdoingsovariesperplatform.

ForBlackBerry:Theevaluatorshallrunls -alR|grep -E'$.......(r|-w|--x)'insidetheapplication'sdatadirectoriesto

ensurethatallfilesarenotworldaccessible(eitherread,write,orexecute).Thecommandshouldnotprintanyfiles.Theevaluatorshallalsoverifythatnosensitivedataiswrittentoexternalstoragewhichcouldberead/modifiedbyanyotherapplication.

ForAndroid:Theevaluatorshallrunls -alR|grep -E '$.......(r|-w|--x)'insidetheapplication'sdatadirectoriestoensurethatallfilesarenotworldaccessible(eitherread,write,orexecute).Thecommandshouldnotprintanyfiles.Theevaluatorshallalsoverifythatnosensitivedataiswrittentoexternalstorageasthisdatacanberead/modifiedbyanyapplicationcontainingtheREAD_EXTERNAL_STORAGEand/orWRITE_EXTERNAL_STORAGEpermissions.

ForWindows:TheevaluatorshallruntheSysInternalstools,ProcessMonitorandAccessCheck(ortoolsofequivalentcapability,likeicacls.exe)forClassicDesktopapplicationstoverifythatfileswrittentodiskduringanapplicationsinstallationhavethecorrectfilepermissions,suchthatastandardusercannotmodifytheapplicationoritsdatafiles.ForWindowsStoreAppstheevaluatorshallconsidertherequirementmetbecauseoftheAppContainersandbox.

ForiOS:TheevaluatorshalldeterminewhethertheapplicationleveragestheappropriateDataProtectionClassforeachdatafilestoredlocally.

ForLinux:Theevaluatorshallrunthecommandfind . -perm/007insidetheapplication'sdatadirectoriestoensurethatallfilesarenotworldaccessible(eitherread,write,orexecute).Thecommandshouldnotprintanyfiles.

ForSolaris:Theevaluatorshallrunthecommandfind . \( -perm -001 -o -perm -002 -o -perm -004 \)insidetheapplication'sdatadirectoriestoensurethatallfilesarenotworldaccessible(eitherread,write,orexecute).Thecommandshouldnotprintanyfiles.

ForMacOSX:Theevaluatorshallrunthecommandfind . -perm+007insidetheapplication'sdatadirectoriestoensurethatallfilesarenotworldaccessible(eitherread,write,orexecute).Thecommandshouldnotprintanyfiles.

FMT_SMF.1SpecificationofManagementFunctions

FMT_SMF.1.1TheTSFshallbecapableofperformingthefollowingmanagementfunctions[selection:

nomanagementfunctions,enable/disablethetransmissionofanyinformationdescribingthesystem'shardware,software,orconfiguration,enable/disablethetransmissionofanyPII,enable/disabletransmissionofanyapplicationstate(e.g.crashdump)information,enable/disablenetworkbackupfunctionalityto[assignment:listofenterpriseorcommercialcloudbackupsystems],[assignment:listofothermanagementfunctionstobeprovidedby

theTSF]].

ApplicationNote:Thisrequirementstipulatesthatanapplicationneedstoprovidetheabilitytoenable/disableonlythosefunctionsthatitactuallyimplements.Theapplicationisnotresponsibleforcontrollingthebehavioroftheplatformorotherapplications.

AssuranceActivity

TheevaluatorshallverifythateverymanagementfunctionmandatedbythePPisdescribedintheoperationalguidanceandthatthedescriptioncontainstheinformationrequiredtoperformthemanagementdutiesassociatedwiththemanagementfunction.Theevaluatorshalltesttheapplication'sabilitytoprovidethemanagementfunctionsbyconfiguringtheapplicationandtestingeachoptionselectedfromabove.TheevaluatorisexpectedtotestthesefunctionsinallthewaysinwhichtheSTandguidancedocumentationstatetheconfigurationcanbemanaged.

5.1.5ProtectionoftheTSF(FPT)

FPT_API_EXT.1UseofSupportedServicesandAPIs

FPT_API_EXT.1.1TheapplicationshallonlyusesupportedplatformAPIs.

ApplicationNote:Thedefinitionofsupportedmayvarydependinguponwhethertheapplicationisprovidedbyathirdparty(whoreliesupondocumentedplatformAPIs)orbyaplatformvendorwhomaybeabletoguaranteesupportforplatformAPIswhicharenotexternallydocumented.

AssuranceActivity

TheevaluatorshallverifythattheTSSliststheplatformAPIsusedintheapplication.TheevaluatorshallthencomparethelistwiththesupportedAPIs(availablethroughe.g.developeraccounts,platformdevelopergroups)andensurethatallAPIslistedintheTSSaresupported.

FPT_AEX_EXT.1AntiExploitationCapabilities

FPT_AEX_EXT.1.1Theapplicationshallnotrequesttomapmemoryatanexplicitaddressexceptfor[assignment:listofexplicitexceptions].

ApplicationNote:Requestingamemorymappingatanexplicitaddresssubvertsaddressspacelayoutrandomization(ASLR).

AssuranceActivity

TheevaluatorshallensurethattheTSSdescribesthecompilerflagsusedtoenableASLRwhentheapplicationiscompiled.Theevaluatorshallperformeitherastaticordynamicanalysistodeterminethatno

memorymappingsareplacedatanexplicitandconsistentaddress.Themethodofdoingsovariesperplatform.

ForBlackBerry:TheevaluatorshallrunthesameapplicationontwodifferentBlackBerrysystemsandrunatoolthatwilllistallmemorymappedaddressesfortheapplication.Theevaluatorshallthenverifythetwodifferentinstancessharenomappinglocations.

ForAndroid:TheevaluatorshallrunthesameapplicationontwodifferentAndroidsystems.ConnectviaADBandinspect/proc/PID/maps.Ensurethetwodifferentinstancessharenomappinglocations.

ForWindows:TheevaluatorshallrunthesameapplicationontwodifferentWindowssystemsandrunatoolthatwilllistallmemorymappedaddressesfortheapplication.Theevaluatorshallthenverifythetwodifferentinstancessharenomappinglocations.TheMicrosoftsysinternalstool,VMMap,couldbeusedtoviewmemoryaddressesofarunningapplication.TheevaluatorshalluseatoolsuchasMicrosoft'sBinScopeBinaryAnalyzertoconfirmthattheapplicationhasASLRenabled.

ForiOS:Theevaluatorshallperformastaticanalysistosearchforanymmapcalls(orAPIcallsthatcallmmap),andensurethatnoargumentsareprovidedthatrequestamappingatafixedaddress

ForLinux:TheevaluatorshallrunthesameapplicationontwodifferentLinuxsystems.Theevaluatorshallthencomparetheirmemorymapsusingpmap -x PID toensurethetwodifferentinstancessharenomappinglocations.

ForSolaris:TheevaluatorshallrunthesameapplicationontwodifferentSolarissystems.Theevaluatorshallthencomparetheirmemorymapsusingpmap -x PID toensurethetwodifferentinstancessharenomappinglocations.

ForMacOSX:TheevaluatorshallrunthesameapplicationontwodifferentMacOSXsystems.Theevaluatorshallthencomparetheirmemorymapsusingvmmap PIDtoensurethetwodifferentinstancessharenomappinglocations.

FPT_AEX_EXT.1.2Theapplicationshall[selection:

notallocateanymemoryregionwithbothwriteandexecutepermissions,allocatememoryregionswithwriteandexecutepermissionsforonly[assignment:listoffunctionsperformingjustintimecompilation]

].

ApplicationNote:RequestingamemorymappingwithbothwriteandexecutepermissionssubvertstheplatformprotectionprovidedbyDEP.Iftheapplicationperformsnojustintimecompiling,thenthefirstselectionmustbechosen.

AssuranceActivity

Theevaluatorshallverifythatnomemorymappingrequestsare

madewithwriteandexecutepermissions.Themethodofdoingsovariesperplatform.

ForBlackBerry:Theevaluatorshallperformstaticanalysisontheapplicationtoverifythat

mmapisneverinvokedwithboththePROT_WRITEandPROT_EXECpermissions,andmprotectisneverinvoked.

ForAndroid:Theevaluatorshallperformstaticanalysisontheapplicationtoverifythat

mmapisneverinvokedwithboththePROT_WRITEandPROT_EXECpermissions,andmprotectisneverinvoked.

ForWindows:TheevaluatorshalluseatoolsuchasMicrosoft'sBinScopeBinaryAnalyzertoconfirmthattheapplicationpassestheNXCheck.Theevaluatormayalsoensurethatthe/NXCOMPATflagwasusedduringcompilationtoverifythatDEPprotectionsareenabledfortheapplication.

ForiOS:TheevaluatorshallperformstaticanalysisontheapplicationtoverifythatmprotectisneverinvokedwiththePROT_EXECpermission.

ForLinux:Theevaluatorshallperformstaticanalysisontheapplicationtoverifythatboth

mmapisneverbeinvokedwithboththePROT_WRITEandPROT_EXECpermissions,andmprotectisneverinvokedwiththePROT_EXECpermission.

ForSolaris:Theevaluatorshallperformstaticanalysisontheapplicationtoverifythatboth

mmapisneverbeinvokedwithboththePROT_WRITEandPROT_EXECpermissions,andmprotectisneverinvokedwiththePROT_EXECpermission.

ForMacOSX:TheevaluatorshallperformstaticanalysisontheapplicationtoverifythatmprotectisneverinvokedwiththePROT_EXECpermission.

FPT_AEX_EXT.1.3Theapplicationshallbecompatiblewithsecurityfeaturesprovidedbytheplatformvendor.

ApplicationNote:Thisrequirementisdesignedtoensurethatplatformsecurityfeaturesdonotneedtobedisabledinorderfortheapplicationtorun.

AssuranceActivity

Theevaluatorshallconfiguretheplatformintheascribedmannerandcarryoutoneoftheprescribedtests:

ForBlackBerry:TheevaluatorshallensurethattheapplicationcansuccessfullyrunonthelatestversionoftheBlackBerryOS.

ForAndroid:TheevaluatorshallensurethattheapplicationcanrunwithSEforAndroidenabledandenforcing.

ForWindows:ForbothclassicdesktopandWindowsStoreapplications,theevaluatorshallconfigurethelatestversionofMicrosoft'sEnhancedMitigationExperienceToolkit(EMET)toprotecttheapplication.TheevaluatorshallthenruntheapplicationandverifythattheapplicationdoesnotcrashwhileprotectedbyEMET.

ForiOS:TheevaluatorshallensurethattheapplicationcansuccessfullyrunonthelatestversionofiOS.

ForLinux:TheevaluatorshallensurethattheapplicationcansuccessfullyrunonasystemwithSELinuxenabledandenforcing.

ForSolaris:TheevaluatorshallensurethattheapplicationcanrunwithSolarisTrustedExtensionsenabledandenforcing.

ForMacOSX:TheevaluatorshallensurethattheapplicationcansuccessfullyrunonthelatestversionofOSX.

FPT_AEX_EXT.1.4Theapplicationshallnotwriteusermodifiablefilestodirectoriesthatcontainexecutablefilesunlessexplicitlydirectedbytheusertodoso.

ApplicationNote:Executablesandusermodifiablefilesmaynotsharethesameparentdirectory,butmaysharedirectoriesabovetheparent.

AssuranceActivity

Theevaluatorshallruntheapplicationanddeterminewhereitwritesitsfiles.Forfileswheretheuserdoesnotchoosethedestination,theevaluatorshallcheckwhetherthedestinationdirectorycontainsexecutablefiles.Thisvariesperplatform:

ForBlackBerry:Theevaluatorshallconsidertherequirementmetbecausetheplatformforcesapplicationstowritealldatawithintheapplicationworkingdirectory(sandbox).

ForAndroid:Theevaluatorshallruntheprogram,mimickingnormalusage,andnotewhereallfilesarewritten.Theevaluatorshallensurethattherearenoexecutablefilesstoredunder/data/data/package/wherepackageistheJavapackageoftheapplication.

ForWindows:ForWindowsStoreAppstheevaluatorshallconsidertherequirementmetbecausetheplatformforcesapplicationstowritealldatawithintheapplicationworkingdirectory(sandbox).ForWindowsDesktopApplicationstheevaluatorshallruntheprogram,mimickingnormalusage,andnotewhereallfilesarewritten.Theevaluatorshallensurethattherearenoexecutablefilesstoredinthesamedirectoriestowhichtheapplicationwroteandnodatafilesintheapplicationsinstalldirectory.

ForiOS:Theevaluatorshallconsidertherequirementmetbecausetheplatformforcesapplicationstowritealldatawithinthe

applicationworkingdirectory(sandbox).

ForLinux:Theevaluatorshallruntheprogram,mimickingnormalusage,andnotewhereallfilesarewritten.Theevaluatorshallensurethattherearenoexecutablefilesstoredinthesamedirectoriestowhichtheapplicationwrote.

ForSolaris:Theevaluatorshallruntheprogram,mimickingnormalusage,andnotewhereallfilesarewritten.Theevaluatorshallensurethattherearenoexecutablefilesstoredinthesamedirectoriestowhichtheapplicationwrote.

ForMacOSX:Theevaluatorshallruntheprogram,mimickingnormalusage,andnotewhereallfilesarewritten.Theevaluatorshallensurethattherearenoexecutablefilesstoredinthesamedirectoriestowhichtheapplicationwrote.

FPT_AEX_EXT.1.5Theapplicationshallbecompiledwithstackbasedbufferoverflowprotectionenabled.

AssuranceActivity

TheevaluatorshallensurethattheTSSsectionoftheSTdescribesthecompilerflagusedtoenablestackbasedbufferoverflowprotectionintheapplication.Theevaluatorshallperformastaticanalysistoverifythatstackbasedbufferoverflowprotectionispresent.Themethodofdoingsovariesperplatform:

ForBlackBerry:Theevaluatorshallensurethatthefstackprotectorstrongorfstackprotectorallflagsareused.Thefstackprotectorallflagispreferredbutfstackprotectorstrongisacceptable.

ForAndroid:ApplicationsthatareentirelyJavarunintheJavamachineanddonotneedtraditionalstackprotection.ForapplicationsusingJavaNativeInterface(JNI),theevaluatorshallensurethatthe-fstack-protector-strongor-fstack-protector-allflagsareused.The-fstack-protector-allflagispreferredbut-fstack-protector-strongisacceptable.

ForWindows:TheevaluatorshallreviewtheTSSandverifythatthe/GSflagwasusedduringcompilation.Theevaluatorshallrunatool,likeBinScope,thatcanverifythecorrectusageof/GS

ForiOS:IftheapplicationiscompiledusingGCCorXcode,theevaluatorshallensurethatthe-fstack-protector-strongor-fstack-protector-allflagsareused.The-fstack-protector-allflagispreferredbut-fstack-protector-strongisacceptable.Iftheapplicationisbuiltusinganyothercompiler,thentheevaluatorshalldeterminethatappropriatestackprotectionhasbeenusedduringthebuildprocess.

ForLinux:IftheapplicationiscompiledusingGCC,theevaluatorshallensurethatthe-fstack-protector-strongor-fstack-protector-allflagsareused.The-fstack-protector-allflagispreferredbut-fstack-protector-strongisacceptable.Ifthe

applicationisbuiltusingclang,itmustbecompiledandlinkedwiththe-fsanitize=addressflag.Iftheapplicationisbuiltusinganyothercompiler,thentheevaluatorshalldeterminethatappropriatestackprotectionhasbeenusedduringthebuildprocess.

ForSolaris:IftheapplicationiscompiledusingGCC,theevaluatorshallensurethatthe-fstack-protector-strongor-fstack-protector-allflagsareused.The-fstack-protector-allflagispreferredbut-fstack-protector-strongisacceptable.Iftheapplicationisbuiltusingclang,itmustbecompiledandlinkedwiththe-fsanitize=addressflag.Iftheapplicationisbuiltusinganyothercompiler,thentheevaluatorshalldeterminethatappropriatestackprotectionhasbeenusedduringthebuildprocess.

ForMacOSX:IftheapplicationiscompiledusingGCCorXcode,theevaluatorshallensurethatthe-fstack-protector-strongor-fstack-protector-allflagsareused.The-fstack-protector-allflagispreferredbut-fstack-protector-strongisacceptable.Iftheapplicationisbuiltusinganyothercompiler,thentheevaluatorshalldeterminethatappropriatestackprotectionhasbeenusedduringthebuildprocess.

FPT_TUD_EXT.1IntegrityforInstallationandUpdate

FPT_TUD_EXT.1.1Theapplicationshall[selection:providetheability,leveragetheplatform]tocheckforupdatesandpatchestotheapplicationsoftware.

ApplicationNote:Thisrequirementisabouttheabilityto"check"forupdates.Theactualinstallationofanyupdatesshouldbedonebytheplatform.Thisrequirementisintendedtoensurethattheapplicationcancheckforupdatesprovidedbythevendor,asupdatesprovidedbyanothersourcemaycontainmaliciouscode.

AssuranceActivity

Theevaluatorshallcheckforanupdateusingproceduresdescribedinthedocumentationandverifythattheapplicationdoesnotissueanerror.Ifitisupdatedorifitreportsthatnoupdateisavailablethisrequirementisconsideredtobemet.

FPT_TUD_EXT.1.2Theapplicationshallbedistributedusingtheformatoftheplatformsupportedpackagemanager.

AssuranceActivity

Theevaluatorshallverifythatapplicationupdatesaredistributedintheformatsupportedbytheplatform.Thisvariesperplatform:

ForBlackBerry:TheevaluatorshallensurethattheapplicationispackagedintheBlackberry(BAR)format.

ForAndroid:TheevaluatorshallensurethattheapplicationispackagedintheAndroidapplicationpackage(APK)format.

ForWindows:TheevaluatorshallensurethattheapplicationispackagedintheStandardWindowsInstaller(MSI)formatortheWindowsAppStorepackage(APPX)format.

ForiOS:TheevaluatorshallensurethattheapplicationispackagedintheIPAformat.

ForLinux:Theevaluatorshallensurethattheapplicationispackagedintheformatofthepackagemanagementinfrastructureofthechosendistribution.Forexample,applicationsrunningonRedHatandRedHatderivativesshouldbepackagedinRPMformat.ApplicationsrunningonDebianandDebianderivativesshouldbepackagedindebformat.

ForSolaris:TheevaluatorshallensurethattheapplicationispackagedinthePKGformat.

ForMacOSX:TheevaluatorshallensurethatapplicationispackagedintheDMGformat,thePKGformat,ortheMPKGformat.

FPT_TUD_EXT.1.3Theapplicationshallbepackagedsuchthatitsremovalresultsinthedeletionofalltracesoftheapplication,withtheexceptionofconfigurationsettings,outputfiles,andaudit/logevents.

ApplicationNote:Applicationsbundledwiththesystem/firmwareimagearenotsubjecttothisrequirementiftheuserisunabletoremovetheapplicationthroughmeansprovidedbytheOS.

AssuranceActivity

Theevaluatorshallrecordthepathofeveryfileontheentirefilesystempriortoinstallationoftheapplication,andtheninstallandruntheapplication.Afterwards,theevaluatorshallthenuninstalltheapplication,andcomparetheresultingfilesystemtotheinitialrecordtoverifythatnofiles,otherthanconfiguration,output,andaudit/logfiles,havebeenaddedtothefilesystem.

FPT_TUD_EXT.1.4Theapplicationshallnotdownload,modify,replaceorupdateitsownbinarycode.

ApplicationNote:Thisrequirementappliestothecodeoftheapplicationitdoesnotapplytomobilecodetechnologiesthataredesignedfordownloadandexecutionbytheapplication.

AssuranceActivity

Theevaluatorshallverifythattheapplication'sexecutablefilesarenotchangedbytheapplication.Theevaluatorshallcompletethefollowingtest:

Test1:Theevaluatorshallinstalltheapplicationandthenlocateallofitsexecutablefiles.Theevaluatorshallthen,foreachfile,saveoffeitherahashofthefileoracopyofthefile

itself.TheevaluatorshallthenruntheapplicationandexerciseallfeaturesoftheapplicationasdescribedintheTSS.Theevaluatorshallthencompareeachexecutablefilewiththeeitherthesavedhashorthesavedcopyofthefiles.Theevaluatorshallverifythattheseareidentical.

FPT_TUD_EXT.1.5Theapplicationshall[selection,atleastoneof:providetheability,leveragetheplatform]toquerythecurrentversionoftheapplicationsoftware.

AssuranceActivity

Theevaluatorshallquerytheapplicationforthecurrentversionofthesoftwareaccordingtotheoperationaluserguidance(AGD_OPE.1)andshallverifythatthecurrentversionmatchesthatofthedocumentedandinstalledversion.

FPT_TUD_EXT.1.6Theapplicationinstallationpackageanditsupdatesshallbedigitallysignedsuchthatitsplatformcancryptographicallyverifythempriortoinstallation.

ApplicationNote:Thespecificsoftheverificationofinstallationpackagesandupdatesinvolvesrequirementsontheplatform(andnottheapplication),sothesearenotfullyspecifiedhere.

AssuranceActivity

TheevaluatorshallverifythattheTSSidentifieshowtheapplicationinstallationpackageandupdatestoitaresignedbyanauthorizedsource.ThedefinitionofanauthorizedsourcemustbecontainedintheTSS.TheevaluatorshallalsoensurethattheTSS(ortheoperationalguidance)describeshowcandidateupdatesareobtained.

FPT_LIB_EXT.1UseofThirdPartyLibraries

FPT_LIB_EXT.1.1Theapplicationshallbepackagedwithonly[assignment:listofthirdpartylibraries].

ApplicationNote:Theintentionofthisrequirementisfortheevaluatortodiscoveranddocumentwhethertheapplicationisincludingunnecessaryorunexpectedthirdpartylibraries.Thisincludesadwarelibrarieswhichcouldpresentaprivacythreat,aswellasensuringdocumentationofsuchlibrariesincasevulnerabilitiesarelaterdiscovered.

AssuranceActivity

Theevaluatorshallinstalltheapplicationandsurveyitsinstallationdirectoryfordynamiclibraries.Theevaluatorshallverifythatlibrariesfoundtobepackagedwithoremployedbytheapplicationarelimitedtothoseintheassignment.

5.1.6TrustedPath/Channel(FTP)

FTP_DIT_EXT.1ProtectionofDatainTransit

FTP_DIT_EXT.1.1Theapplicationshall[selection:

nottransmitanydata,nottransmitanysensitivedata,encryptalltransmittedsensitivedatawith[selection,atleastoneof:HTTPS,TLS,DTLS],encryptalltransmitteddatawith[selection,atleastoneof:HTTPS,TLS,DTLS]

]betweenitselfandanothertrustedITproduct.

ApplicationNote:Extendedpackagesmayoverridethisrequirementtoprovideforotherprotocols.Encryptionisnotrequiredforapplicationstransmittingdatathatisnotsensitive.

IfHTTPSisselected,thenevaluationofelementsfromFCS_TLSC_EXT.1isrequired.IfTLSisselected,thenevaluationofelementsfromFCS_HTTPS_EXT.1isrequired.IfDTLSisselected,thenevaluationofelementsfromFCS_DTLS_EXT.1isrequired.

AssuranceActivity

Theevaluatorshallperformthefollowingtests.Test1:Theevaluatorshallexercisetheapplication(attemptingtotransmitdataforexamplebyconnectingtoremotesystemsorwebsites)whilecapturingpacketsfromtheapplication.TheevaluatorshallverifyfromthepacketcapturethatthetrafficisencryptedwithHTTPS,TLSorDTLSinaccordancewiththeselectionintheST.Test2:Theevaluatorshallexercisetheapplication(attemptingtotransmitdataforexamplebyconnectingtoremotesystemsorwebsites)whilecapturingpacketsfromtheapplication.Theevaluatorshallreviewthepacketcaptureandverifythatnosensitivedataistransmittedintheclear.Test3:TheevaluatorshallinspecttheTSStodetermineifusercredentialsaretransmitted.Ifcredentialsaretransmittedtheevaluatorshallsetthecredentialtoaknownvalue.TheevaluatorshallcapturepacketsfromtheapplicationwhilecausingcredentialstobetransmittedasdescribedintheTSS.Theevaluatorshallperformastringsearchofthecapturednetworkpacketsandverifythattheplaintextcredentialpreviouslysetbytheevaluatorisnotfound.

5.2SecurityAssuranceRequirements

TheSecurityObjectivesfortheTOEinSection5wereconstructedtoaddressthreatsidentifiedinSection3.1.TheSecurityFunctionalRequirements(SFRs)inSection5.1areaformalinstantiationoftheSecurity

Objectives.ThePPidentifiestheSecurityAssuranceRequirements(SARs)toframetheextenttowhichtheevaluatorassessesthedocumentationapplicablefortheevaluationandperformsindependenttesting.

ThissectionliststhesetofSARsfromCCpart3thatarerequiredinevaluationsagainstthisPP.IndividualAssuranceActivities(AAs)tobeperformedarespecifiedbothinSection5aswellasinthissection.

ThegeneralmodelforevaluationofTOEsagainstSTswrittentoconformtothisPPisasfollows:

AftertheSThasbeenapprovedforevaluation,theInformationTechnologySecurityEvaluationFacility(ITSEF)willobtaintheTOE,supportingenvironmentalIT,andtheadministrative/userguidesfortheTOE.TheITSEFisexpectedtoperformactionsmandatedbytheCommonEvaluationMethodology(CEM)fortheASEandALCSARs.TheITSEFalsoperformstheAssuranceActivitiescontainedwithinSection5,whichareintendedtobeaninterpretationoftheotherCEMassurancerequirementsastheyapplytothespecifictechnologyinstantiatedintheTOE.TheAssuranceActivitiesthatarecapturedinSection5alsoprovideclarificationastowhatthedeveloperneedstoprovidetodemonstratetheTOEiscompliantwiththePP.

5.2.1ClassASE:SecurityTargetAsperASEactivitiesdefinedin[CEM].

5.2.2ClassADV:DevelopmentTheinformationabouttheTOEiscontainedintheguidancedocumentationavailabletotheenduseraswellastheTSSportionoftheST.TheTOEdevelopermustconcurwiththedescriptionoftheproductthatiscontainedintheTSSasitrelatestothefunctionalrequirements.TheAssuranceActivitiescontainedinSection5.1shouldprovidetheSTauthorswithsufficientinformationtodeterminetheappropriatecontentfortheTSSsection.

ADV_FSP.1BasicFunctionalSpecification(ADV_FSP.1)

ADV_FSP.1.1DThedevelopershallprovideafunctionalspecification.

ADV_FSP.1.2DThedevelopershallprovideatracingfromthefunctionalspecificationtotheSFRs.

ApplicationNote:Asindicatedintheintroductiontothissection,thefunctionalspecificationiscomprisedoftheinformationcontainedintheAGD_OPEandAGD_PREdocumentation.Thedevelopermayreferenceawebsiteaccessibletoapplicationdevelopersandtheevaluator.TheassuranceactivitiesinthefunctionalrequirementspointtoevidencethatshouldexistinthedocumentationandTSSsectionsincethesearedirectlyassociatedwiththeSFRs,thetracinginelementADV_FSP.1.2Disimplicitlyalreadydoneandnoadditionaldocumentationisnecessary.

ADV_FSP.1.1CThefunctionalspecificationshalldescribethepurposeandmethodofuseforeachSFRenforcingandSFRsupportingTSFI.

ADV_FSP.1.2CThefunctionalspecificationshallidentifyallparametersassociatedwitheachSFRenforcingandSFRsupportingTSFI.

ADV_FSP.1.3CThefunctionalspecificationshallproviderationalefortheimplicitcategorizationofinterfacesasSFRnoninterfering.

ADV_FSP.1.4C

ThetracingshalldemonstratethattheSFRstracetoTSFIsinthefunctionalspecification.

ADV_FSP.1.1ETheevaluatorshallconfirmthattheinformationprovidedmeetsallrequirementsforcontentandpresentationofevidence.

ADV_FSP.1.2ETheevaluatorshalldeterminethatthefunctionalspecificationisanaccurateandcompleteinstantiationoftheSFRs.

5.2.3ClassAGD:GuidanceDocumentationTheguidancedocumentswillbeprovidedwiththeST.GuidancemustincludeadescriptionofhowtheITpersonnelverifiesthattheOperationalEnvironmentcanfulfillitsroleforthesecurityfunctionality.ThedocumentationshouldbeinaninformalstyleandreadablebytheITpersonnel.GuidancemustbeprovidedforeveryoperationalenvironmentthattheproductsupportsasclaimedintheST.ThisguidanceincludesinstructionstosuccessfullyinstalltheTSFinthatenvironmentandInstructionstomanagethesecurityoftheTSFasaproductandasacomponentofthelargeroperationalenvironment.Guidancepertainingtoparticularsecurityfunctionalityisalsoprovidedrequirementsonsuchguidancearecontainedintheassuranceactivitiesspecifiedwitheachrequirement.

AGD_OPE.1OperationalUserGuidance(AGD_OPE.1)

AGD_OPE.1.1DThedevelopershallprovideoperationaluserguidance.

ApplicationNote:Theoperationuserguidancedoesnothavetobecontainedinasingledocument.Guidancetousers,administratorsandapplicationdeveloperscanbespreadamongdocumentsorwebpages.Whereappropriate,theguidancedocumentationisexpressedintheeXtensibleConfigurationChecklistDescriptionFormat(XCCDF)tosupportsecurityautomation.Ratherthanrepeatinformationhere,thedevelopershouldreviewtheassuranceactivitiesforthiscomponenttoascertainthespecificsoftheguidancethattheevaluatorwillbecheckingfor.Thiswillprovidethenecessaryinformationforthepreparationofacceptableguidance.

AGD_OPE.1.1CTheoperationaluserguidanceshalldescribe,foreachuserrole,theuseraccessiblefunctionsandprivilegesthatshouldbecontrolledinasecureprocessingenvironment,includingappropriatewarnings.

ApplicationNote:Userandadministratoraretobeconsideredinthedefinitionofuserrole.

AGD_OPE.1.2CTheoperationaluserguidanceshalldescribe,foreachuserrole,howtousetheavailableinterfacesprovidedbytheTOEinasecuremanner.

AGD_OPE.1.3CTheoperationaluserguidanceshalldescribe,foreachuserrole,theavailablefunctionsandinterfaces,inparticularallsecurityparametersunderthecontroloftheuser,indicatingsecurevaluesasappropriate.

AGD_OPE.1.4CTheoperationaluserguidanceshall,foreachuserrole,clearlypresenteachtypeofsecurityrelevanteventrelativetotheuseraccessiblefunctionsthatneedtobeperformed,includingchangingthesecuritycharacteristicsofentitiesunderthecontroloftheTSF.

AGD_OPE.1.5CTheoperationaluserguidanceshallidentifyallpossiblemodesofoperationoftheTOE(includingoperationfollowingfailureoroperationalerror),theirconsequences,andimplicationsformaintainingsecureoperation.

AGD_OPE.1.6CTheoperationaluserguidanceshall,foreachuserrole,describethesecuritymeasurestobefollowedinordertofulfillthesecurityobjectivesfortheoperationalenvironmentasdescribedintheST.

AGD_OPE.1.7CTheoperationaluserguidanceshallbeclearandreasonable.

AGD_OPE.1.1ETheevaluatorshallconfirmthattheinformationprovidedmeetsallrequirementsforcontentandpresentationofevidence.

AssuranceActivity

SomeofthecontentsoftheoperationalguidancewillbeverifiedbytheassuranceactivitiesinSection5.1andevaluationoftheTOEaccordingtothe[CEM].Thefollowingadditionalinformationisalsorequired.IfcryptographicfunctionsareprovidedbytheTOE,theoperationalguidanceshallcontaininstructionsforconfiguringthecryptographicengineassociatedwiththeevaluatedconfigurationoftheTOE.ItshallprovideawarningtotheadministratorthatuseofothercryptographicengineswasnotevaluatednortestedduringtheCCevaluationoftheTOE.ThedocumentationmustdescribetheprocessforverifyingupdatestotheTOEbyverifyingadigitalsignaturethismaybedonebytheTOEortheunderlyingplatform.Theevaluatorshallverifythatthisprocessincludesthefollowingsteps:Instructionsforobtainingtheupdateitself.ThisshouldincludeinstructionsformakingtheupdateaccessibletotheTOE(e.g.,placementinaspecificdirectory).Instructionsforinitiatingtheupdateprocess,aswellasdiscerningwhethertheprocesswassuccessfulorunsuccessful.Thisincludesgenerationofthehash/digitalsignature.TheTOEwilllikelycontainsecurityfunctionalitythatdoesnotfallinthescopeofevaluationunderthisPP.Theoperationalguidanceshallmakeitcleartoanadministratorwhichsecurityfunctionalityiscoveredbytheevaluationactivities.

AGD_PRE.1PreparativeProcedures(AGD_PRE.1)

AGD_PRE.1.1DThedevelopershallprovidetheTOE,includingitspreparativeprocedures.

ApplicationNote:Aswiththeoperationalguidance,thedevelopershouldlooktotheassuranceactivitiestodeterminetherequiredcontentwithrespecttopreparativeprocedures.

AGD_PRE.1.1CThepreparativeproceduresshalldescribeallthestepsnecessaryforsecureacceptanceofthedeliveredTOEinaccordancewiththedeveloper'sdeliveryprocedures.

AGD_PRE.1.2CThepreparativeproceduresshalldescribeallthestepsnecessaryforsecure

installationoftheTOEandforthesecurepreparationoftheoperationalenvironmentinaccordancewiththesecurityobjectivesfortheoperationalenvironmentasdescribedintheST.

AGD_PRE.1.1ETheevaluatorshallconfirmthattheinformationprovidedmeetsallrequirementsforcontentandpresentationofevidence.

AGD_PRE.1.2ETheevaluatorshallapplythepreparativeprocedurestoconfirmthattheTOEcanbepreparedsecurelyforoperation.

AssuranceActivity

Asindicatedintheintroductionabove,therearesignificantexpectationswithrespecttothedocumentationespeciallywhenconfiguringtheoperationalenvironmenttosupportTOEfunctionalrequirements.TheevaluatorshallchecktoensurethattheguidanceprovidedfortheTOEadequatelyaddressesallplatformsclaimedfortheTOEintheST.

5.2.4ClassALC:LifecycleSupportAttheassurancelevelprovidedforTOEsconformanttothisPP,lifecyclesupportislimitedtoenduservisibleaspectsofthelifecycle,ratherthananexaminationoftheTOEvendorsdevelopmentandconfigurationmanagementprocess.Thisisnotmeanttodiminishthecriticalrolethatadeveloperspracticesplayincontributingtotheoveralltrustworthinessofaproductrather,itisareflectionontheinformationtobemadeavailableforevaluationatthisassurancelevel.

ALC_CMC.1LabelingoftheTOE(ALC_CMC.1)

ALC_CMC.1.1DThedevelopershallprovidetheTOEandareferencefortheTOE.

ALC_CMC.1.1CTheTOEshallbelabeledwithauniquereference.

ApplicationNote:Uniquereferenceinformationincludes:ApplicationNameApplicationVersionApplicationDescriptionPlatformonwhichApplicationRunsSoftwareIdentification(SWID)tags,ifavailable

ALC_CMC.1.1ETheevaluatorshallconfirmthattheinformationprovidedmeetsallrequirementsforcontentandpresentationofevidence.

AssuranceActivity

TheevaluatorshallchecktheSTtoensurethatitcontainsanidentifier(suchasaproductname/versionnumber)thatspecificallyidentifiestheversionthatmeetstherequirementsoftheST.Further,theevaluatorshallchecktheAGDguidanceandTOEsamplesreceivedfortestingtoensurethattheversionnumberisconsistentwiththatintheST.Ifthevendormaintainsawebsiteadvertisingthe

TOE,theevaluatorshallexaminetheinformationonthewebsitetoensurethattheinformationintheSTissufficienttodistinguishtheproduct.

ALC_CMS.1TOECMCoverage(ALC_CMS.1)

ALC_CMS.1.1DThedevelopershallprovideaconfigurationlistfortheTOE.

ALC_CMS.1.1CTheconfigurationlistshallincludethefollowing:theTOEitselfandtheevaluationevidencerequiredbytheSARs.

ALC_CMS.1.2CTheconfigurationlistshalluniquelyidentifytheconfigurationitems.

ALC_CMS.1.1ETheevaluatorshallconfirmthattheinformationprovidedmeetsallrequirementsforcontentandpresentationofevidence.

AssuranceActivity

The"evaluationevidencerequiredbytheSARs"inthisPPislimitedtotheinformationintheSTcoupledwiththeguidanceprovidedtoadministratorsandusersundertheAGDrequirements.ByensuringthattheTOEisspecificallyidentifiedandthatthisidentificationisconsistentintheSTandintheAGDguidance(asdoneintheassuranceactivityforALC_CMC.1),theevaluatorimplicitlyconfirmstheinformationrequiredbythiscomponent.Lifecyclesupportistargetedaspectsofthedeveloperslifecycleandinstructionstoprovidersofapplicationsforthedevelopersdevices,ratherthananindepthexaminationoftheTSFmanufacturersdevelopmentandconfigurationmanagementprocess.Thisisnotmeanttodiminishthecriticalrolethatadeveloperspracticesplayincontributingtotheoveralltrustworthinessofaproductrather,itsareflectionontheinformationtobemadeavailableforevaluation.

Theevaluatorshallensurethatthedeveloperhasidentified(inguidancedocumentationforapplicationdevelopersconcerningthetargetedplatform)oneormoredevelopmentenvironmentsappropriateforuseindevelopingapplicationsforthedevelopersplatform.Foreachofthesedevelopmentenvironments,thedevelopershallprovideinformationonhowtoconfiguretheenvironmenttoensurethatbufferoverflowprotectionmechanismsintheenvironment(s)areinvoked(e.g.,compilerflags).Theevaluatorshallensurethatthisdocumentationalsoincludesanindicationofwhethersuchprotectionsareonbydefault,orhavetobespecificallyenabled.TheevaluatorshallensurethattheTSFisuniquelyidentified(withrespecttootherproductsfromtheTSFvendor),andthatdocumentationprovidedbythedeveloperinassociationwiththerequirementsintheSTisassociatedwiththeTSFusingthisuniqueidentification.

ALC_TSU_EXT.1TimelySecurityUpdates

ALC_TSU_EXT.1.1DThedevelopershallprovideadescriptionintheTSSofhowtimelysecurityupdatesaremadetotheTOE.Applicationdevelopersmustsupportupdatestotheirproductsforpurposesoffixingsecurityvulnerabilities.

ALC_TSU_EXT.1.2DThedevelopershallprovideadescriptionintheTSSofhowusersarenotifiedwhenupdateschangesecuritypropertiesortheconfigurationoftheproduct.

ALC_TSU_EXT.1.1CThedescriptionshallincludetheprocessforcreatinganddeployingsecurityupdatesfortheTOEsoftware.

ALC_TSU_EXT.1.2CThedescriptionshallexpressthetimewindowasthelengthoftime,indays,betweenpublicdisclosureofavulnerabilityandthepublicavailabilityofsecurityupdatestotheTOE.

ALC_TSU_EXT.1.3CThedescriptionshallincludethemechanismspubliclyavailableforreportingsecurityissuespertainingtotheTOE.Thereportingmechanismcouldincludewebsites,emailaddresses,aswellasameanstoprotectthesensitivenatureofthereport(e.g.,publickeysthatcouldbeusedtoencryptthedetailsofaproofofconceptexploit).

ALC_TSU_EXT.2.1ETheevaluatorshallconfirmthattheinformationprovidedmeetsallrequirementsforcontentandpresentationofevidence.

AssuranceActivity

TheevaluatorshallverifythattheTSScontainsadescriptionofthetimelysecurityupdateprocessusedbythedevelopertocreateanddeploysecurityupdates.Theevaluatorshallverifythatthisdescriptionaddressestheentireapplication.Theevaluatorshallalsoverifythat,inadditiontotheTOEdevelopersprocess,anythirdpartyprocessesarealsoaddressedinthedescription.Theevaluatorshallalsoverifythateachmechanismfordeploymentofsecurityupdatesisdescribed.

Theevaluatorshallverifythat,foreachdeploymentmechanismdescribedfortheupdateprocess,theTSSlistsatimebetweenpublicdisclosureofavulnerabilityandpublicavailabilityofthesecurityupdatetotheTOEpatchingthisvulnerability,toincludeanythirdpartyorcarrierdelaysindeployment.Theevaluatorshallverifythatthistimeisexpressedinanumberorrangeofdays.

Theevaluatorshallverifythatthisdescriptionincludesthepubliclyavailablemechanisms(includingeitheranemailaddressorwebsite)forreportingsecurityissuesrelatedtotheTOE.Theevaluatorshallverifythatthedescriptionofthismechanismincludesamethodforprotectingthereporteitherusingapublickeyforencryptingemailoratrustedchannelforawebsite.

5.2.5ClassATE:TestsTestingisspecifiedforfunctionalaspectsofthesystemaswellasaspectsthattakeadvantageofdesignorimplementationweaknesses.TheformerisdonethroughtheATE_INDfamily,whilethelatteristhroughthe

AVA_VANfamily.AttheassurancelevelspecifiedinthisPP,testingisbasedonadvertisedfunctionalityandinterfaceswithdependencyontheavailabilityofdesigninformation.Oneoftheprimaryoutputsoftheevaluationprocessisthetestreportasspecifiedinthefollowingrequirements.

ATE_IND.1IndependentTestingConformance(ATE_IND.1)

ATE_IND.1.1DThedevelopershallprovidetheTOEfortesting.

ATE_IND.1.1CTheTOEshallbesuitablefortesting.

ATE_IND.1.1ETheevaluatorshallconfirmthattheinformationprovidedmeetsallrequirementsforcontentandpresentationofevidence.

ATE_IND.1.2ETheevaluatorshalltestasubsetoftheTSFtoconfirmthattheTSFoperatesasspecified.

ApplicationNote:Theevaluatorshalltesttheapplicationonthemostcurrentfullypatchedversionoftheplatform.

AssuranceActivity

Theevaluatorshallprepareatestplanandreportdocumentingthetestingaspectsofthesystem,includinganyapplicationcrashesduringtesting.Theevaluatorshalldeterminetherootcauseofanyapplicationcrashesandincludethatinformationinthereport.Thetestplancoversallofthetestingactionscontainedinthe[CEM]andthebodyofthisPPsAssuranceActivities.

WhileitisnotnecessarytohaveonetestcasepertestlistedinanAssuranceActivity,theevaluatormustdocumentinthetestplanthateachapplicabletestingrequirementintheSTiscovered.Thetestplanidentifiestheplatformstobetested,andforthoseplatformsnotincludedinthetestplanbutincludedintheST,thetestplanprovidesajustificationfornottestingtheplatforms.Thisjustificationmustaddressthedifferencesbetweenthetestedplatformsandtheuntestedplatforms,andmakeanargumentthatthedifferencesdonotaffectthetestingtobeperformed.Itisnotsufficienttomerelyassertthatthedifferenceshavenoaffectrationalemustbeprovided.IfallplatformsclaimedintheSTaretested,thennorationaleisnecessary.Thetestplandescribesthecompositionofeachplatformtobetested,andanysetupthatisnecessarybeyondwhatiscontainedintheAGDdocumentation.ItshouldbenotedthattheevaluatorisexpectedtofollowtheAGDdocumentationforinstallationandsetupofeachplatformeitheraspartofatestorasastandardpretestcondition.Thismayincludespecialtestdriversortools.Foreachdriverortool,anargument(notjustanassertion)shouldbeprovidedthatthedriverortoolwillnotadverselyaffecttheperformanceofthefunctionalitybytheTOEanditsplatform.

Thisalsoincludestheconfigurationofthecryptographicenginetobeused.ThecryptographicalgorithmsimplementedbythisenginearethosespecifiedbythisPPandusedbythecryptographicprotocolsbeingevaluated(IPsec,TLS,SSH).Thetestplanidentifieshighleveltestobjectivesaswellasthetestprocedurestobefollowedto

achievethoseobjectives.Theseproceduresincludeexpectedresults.

Thetestreport(whichcouldjustbeanannotatedversionofthetestplan)detailstheactivitiesthattookplacewhenthetestprocedureswereexecuted,andincludestheactualresultsofthetests.Thisshallbeacumulativeaccount,soiftherewasatestrunthatresultedinafailureafixinstalledandthenasuccessfulrerunofthetest,thereportwouldshowafailandpassresult(andthesupportingdetails),andnotjustthepassresult.

5.2.6ClassAVA:VulnerabilityAssessmentForthefirstgenerationofthisprotectionprofile,theevaluationlabisexpectedtosurveyopensourcestodiscoverwhatvulnerabilitieshavebeendiscoveredinthesetypesofproducts.Inmostcases,thesevulnerabilitieswillrequiresophisticationbeyondthatofabasicattacker.Untilpenetrationtoolsarecreatedanduniformlydistributedtotheevaluationlabs,theevaluatorwillnotbeexpectedtotestforthesevulnerabilitiesintheTOE.Thelabswillbeexpectedtocommentonthelikelihoodofthesevulnerabilitiesgiventhedocumentationprovidedbythevendor.Thisinformationwillbeusedinthedevelopmentofpenetrationtestingtoolsandforthedevelopmentoffutureprotectionprofiles.

AVA_VAN.1VulnerabilitySurvey(AVA_VAN.1)

AVA_VAN.1.1DThedevelopershallprovidetheTOEfortesting.

AVA_VAN.1.1CTheTOEshallbesuitablefortesting.

ApplicationNote:Suitabilityfortestingmeansnotbeingobfuscatedorpackagedinsuchawayastodisrupteitherstaticordyanmicanalysisbytheevaluator.

AVA_VAN.1.1ETheevaluatorshallconfirmthattheinformationprovidedmeetsallrequirementsforcontentandpresentationofevidence.

AVA_VAN.1.2ETheevaluatorshallperformasearchofpublicdomainsourcestoidentifypotentialvulnerabilitiesintheTOE.

ApplicationNote:PublicdomainsourcesincludetheCommonVulnerabilitiesandExposures(CVE)dictionaryforpubliclyknownvulnerabilities.Publicdomainsourcesalsoincludesiteswhichprovidefreecheckingoffilesforviruses.

AVA_VAN.1.3ETheevaluatorshallconductpenetrationtesting,basedontheidentifiedpotentialvulnerabilities,todeterminethattheTOEisresistanttoattacksperformedbyanattackerpossessingBasicattackpotential.

AssuranceActivity

Theevaluatorshallgenerateareporttodocumenttheirfindingswithrespecttothisrequirement.ThisreportcouldphysicallybepartoftheoveralltestreportmentionedinATE_IND,oraseparatedocument.Theevaluatorperformsasearchofpublicinformationtofindvulnerabilitiesthathavebeenfoundinsimilarapplicationswithaparticularfocusonnetworkprotocolstheapplicationusesand

documentformatsitparses.Theevaluatorshallalsorunavirusscannerwiththemostcurrentvirusdefinitionsagainsttheapplicationfilesandverifythatnofilesareflaggedasmalicious.Theevaluatordocumentsthesourcesconsultedandthevulnerabilitiesfoundinthereport.

Foreachvulnerabilityfound,theevaluatoreitherprovidesarationalewithrespecttoitsnonapplicability,ortheevaluatorformulatesatest(usingtheguidelinesprovidedinATE_IND)toconfirmthevulnerability,ifsuitable.Suitabilityisdeterminedbyassessingtheattackvectorneededtotakeadvantageofthevulnerability.Ifexploitingthevulnerabilityrequiresexpertskillsandanelectronmicroscope,forinstance,thenatestwouldnotbesuitableandanappropriatejustificationwouldbeformulated.

A.OptionalRequirementsAsindicatedinSection2,thebaselinerequirements(thosethatmustbeperformedbytheTOE)arecontainedinthebodyofthisPP.Additionally,therearethreeothertypesofrequirementsspecifiedinAppendixA,AppendixB,andAppendixC.Thefirsttype(inthisAppendix)arerequirementsthatcanbeincludedintheST,butarenotrequiredinorderforaTOEtoclaimconformancetothisPP.Thesecondtype(inAppendixB)arerequirementsbasedonselectionsinthebodyofthePP:ifcertainselectionsaremade,thenadditionalrequirementsinthatappendixmustbeincluded.Thethirdtype(inAppendixCarecomponentsthatarenotrequiredinordertoconformtothisPP,butwillbeincludedinthebaselinerequirementsinfutureversionsofthisPP,soadoptionbyvendorsisencouraged.NotethattheSTauthorisresponsibleforensuringthatrequirementsthatmaybeassociatedwiththoseinAppendixA,AppendixB,andAppendixCbutarenotlisted(e.g.,FMTtyperequirements)arealsoincludedintheST.

FCS_TLSC_EXT.1TLSClientProtocol

FCS_TLSC_EXT.1.4TheapplicationshallsupportmutualauthenticationusingX.509v3certificates.

ApplicationNote:TheuseofX.509v3certificatesforTLSisaddressedinFIA_X509_EXT.2.1.ThisrequirementaddsthataclientmustbecapableofpresentingacertificatetoaTLSserverforTLSmutualauthentication.

AssuranceActivity

TheevaluatorshallensurethattheTSSdescriptionrequiredperFIA_X509_EXT.2.1includestheuseofclientsidecertificatesforTLSmutualauthentication.

TheevaluatorshallverifythattheAGDguidancerequiredperFIA_X509_EXT.2.1includesinstructionsforconfiguringtheclientsidecertificatesforTLSmutualauthentication.

Theevaluatorshallalsoperformthefollowingtest:Test1:Theevaluatorshallperformthefollowingmodificationtothetraffic:

Configuretheservertorequiremutualauthentication

andthenmodifyabyteinaCAfieldintheServersCertificateRequesthandshakemessage.ThemodifiedCAfieldmustnotbetheCAusedtosigntheclientscertificate.Theevaluatorshallverifytheconnectionisunsuccessful.

B.SelectionBasedRequirementsAsindicatedintheintroductiontothisPP,thebaselinerequirements(thosethatmustbeperformedbytheTOEoritsunderlyingplatform)arecontainedinthebodyofthisPP.ThereareadditionalrequirementsbasedonselectionsinthebodyofthePP:ifcertainselectionsaremade,thenadditionalrequirementsbelowwillneedtobeincluded.

FCS_RBG_EXT.2RandomBitGenerationfromApplication

FCS_RBG_EXT.2.1Theapplicationshallperformalldeterministicrandombitgeneration(DRBG)servicesinaccordancewith[selection,atleastoneof:

NISTSpecialPublication80090Ausing[selection:Hash_DRBG(any),HMAC_DRBG(any),CTR_DRBG(AES)],FIPSPub1402AnnexC:X9.31Appendix2.4usingAES

].

ThisrequirementdependsuponselectioninFCS_RBG_EXT.1.1.

ApplicationNote:ThisrequirementshallbeincludedinSTsinwhichimplementDRBGfunctionalityischoseninFCS_RBG_EXT.1.1.TheSTauthorshouldselectthestandardtowhichtheRBGservicescomply(eitherSP80090AorFIPS1402AnnexC).

SP80090Acontainsthreedifferentmethodsofgeneratingrandomnumberseachofthese,inturn,dependsonunderlyingcryptographicprimitives(hashfunctions/ciphers).TheSTauthorwillselectthefunctionused(ifSP80090Aisselected),andincludethespecificunderlyingcryptographicprimitivesusedintherequirementorintheTSS.Whileanyoftheidentifiedhashfunctions(SHA1,SHA224,SHA256,SHA384,SHA512)areallowedforHash_DRBGorHMAC_DRBG,onlyAESbasedimplementationsforCTR_DRBGareallowed.

NotethatforFIPSPub1402AnnexC,currentlyonlythemethoddescribedinNISTRecommendedRandomNumberGeneratorBasedonANSIX9.31AppendixA.2.4,Section3isvalid.UseofthisDRBGisdisallowedafter2015perNISTSP800131A.ThePPwillbeupdatedtoreflectthishowever,developersshouldbegintransitioningfromthisDRBGassoonaspossible.

AssuranceActivity

Theevaluatorshallperformthefollowingtests,dependingonthestandardtowhichtheRBGconforms.

ImplementationsConformingtoFIPS1402AnnexC.

ThereferenceforthetestscontainedinthissectionisTheRandomNumberGeneratorValidationSystem(RNGVS).Theevaluatorsshallconductthefollowingtwotests.Notethatthe"expectedvalues"areproducedbyareferenceimplementationofthealgorithmthatisknowntobecorrect.ProofofcorrectnessislefttoeachScheme.

Test1:TheevaluatorsshallperformaVariableSeedTest.Theevaluatorsshallprovideasetof128(Seed,DT)pairstotheTSFRBGfunction,each128bits.Theevaluatorsshallalsoprovideakey(ofthelengthappropriatetotheAESalgorithm)thatisconstantforall128(Seed,DT)pairs.TheDTvalueisincrementedby1foreachset.Theseedvaluesshallhavenorepeatswithintheset.TheevaluatorsensurethatthevaluesreturnedbytheTSFmatchtheexpectedvalues.Test2:TheevaluatorsshallperformaMonteCarloTest.Forthistest,theysupplyaninitialSeedandDTvaluetotheTSFRBGfunctioneachoftheseis128bits.Theevaluatorsshallalsoprovideakey(ofthelengthappropriatetotheAESalgorithm)thatisconstantthroughoutthetest.TheevaluatorstheninvoketheTSFRBG10,000times,withtheDTvaluebeingincrementedby1oneachiteration,andthenewseedforthesubsequentiterationproducedasspecifiedinNISTRecommendedRandomNumberGeneratorBasedonANSIX9.31AppendixA.2.4Usingthe3KeyTripleDESandAESAlgorithms,Section3.Theevaluatorsensurethatthe10,000thvalueproducedmatchestheexpectedvalue.

ImplementationsConformingtoNISTSpecialPublication80090ATest1:Theevaluatorshallperform15trialsfortheRNGimplementation.IftheRNGisconfigurable,theevaluatorshallperform15trialsforeachconfiguration.TheevaluatorshallalsoconfirmthattheoperationalguidancecontainsappropriateinstructionsforconfiguringtheRNGfunctionality.

IftheRNGhaspredictionresistanceenabled,eachtrialconsistsof(1)instantiateDRBG,(2)generatethefirstblockofrandombits(3)generateasecondblockofrandombits(4)uninstantiate.Theevaluatorverifiesthatthesecondblockofrandombitsistheexpectedvalue.Theevaluatorshallgenerateeightinputvaluesforeachtrial.Thefirstisacount(014).Thenextthreeareentropyinput,nonce,andpersonalizationstringfortheinstantiateoperation.Thenexttwoareadditionalinputandentropyinputforthefirstcalltogenerate.Thefinaltwoareadditionalinputandentropyinputforthesecondcalltogenerate.Thesevaluesarerandomlygenerated.generateoneblockofrandombitsmeanstogeneraterandombitswithnumberofreturnedbitsequaltotheOutputBlockLength(asdefinedinNISTSP80090A).

IftheRNGdoesnothavepredictionresistance,eachtrialconsistsof(1)instantiateDRBG,(2)generatethefirstblockofrandombits(3)reseed,(4)generateasecondblockofrandombits(5)uninstantiate.Theevaluatorverifiesthatthesecondblockofrandombitsistheexpectedvalue.Theevaluatorshallgenerateeightinputvaluesforeachtrial.Thefirstisacount(0

14).Thenextthreeareentropyinput,nonce,andpersonalizationstringfortheinstantiateoperation.Thefifthvalueisadditionalinputtothefirstcalltogenerate.Thesixthandseventhareadditionalinputandentropyinputtothecalltoreseed.Thefinalvalueisadditionalinputtothesecondgeneratecall.

Thefollowingparagraphscontainmoreinformationonsomeoftheinputvaluestobegenerated/selectedbytheevaluator.

Entropyinput:thelengthoftheentropyinputvaluemustequaltheseedlength.

Nonce:Ifanonceissupported(CTR_DRBGwithnoDerivationFunctiondoesnotuseanonce),thenoncebitlengthisonehalftheseedlength.

Personalizationstring:Thelengthofthepersonalizationstringmustbelessthenorequaltoseedlength.Iftheimplementationonlysupportsonepersonalizationstringlength,thenthesamelengthcanbeusedforbothvalues.Ifmorethanonestringlengthissupport,theevaluatorshallusepersonalizationstringsoftwodifferentlengths.Iftheimplementationdoesnotuseapersonalizationstring,novalueneedstobesupplied.

Additionalinput:theadditionalinputbitlengthshavethesamedefaultsandrestrictionsasthepersonalizationstringlengths.

FCS_RBG_EXT.2.2ThedeterministicRBGshallbeseededbyanentropysourcethataccumulatesentropyfromaplatformbasedDRBGand[selection:

asoftwarebasednoisesource,noothernoisesource

]withaminimumof[selection:128bits,256bits

]ofentropyatleastequaltothegreatestsecuritystrength(accordingtoNISTSP80057)ofthekeysandhashesthatitwillgenerate.

ThisrequirementdependsuponselectioninFCS_RBG_EXT.1.1.

ApplicationNote:ThisrequirementshallbeincludedinSTsinwhichimplementDRBGfunctionalityischoseninFCS_RBG_EXT.1.1.Forthefirstselectioninthisrequirement,theSTauthorselects'softwarebasednoisesource'ifanyadditionalnoisesourcesareusedasinputtotheapplication'sDRBG.Notethattheapplicationmustusetheplatform'sDRBGtoseeditsDRBG.

Inthesecondselectioninthisrequirement,theSTauthorselectstheappropriatenumberofbitsofentropythatcorrespondstothegreatestsecuritystrengthofthealgorithmsincludedintheST.SecuritystrengthisdefinedinTables2and3ofNISTSP80057A.Forexample,iftheimplementationincludes2048bit

RSA(securitystrengthof112bits),AES128(securitystrength128bits),andHMACSHA256(securitystrength256bits),thentheSTauthorwouldselect256bits.

AssuranceActivity

DocumentationshallbeproducedandtheevaluatorshallperformtheactivitiesinaccordancewithAppendixDandtheClarificationtotheEntropyDocumentationandAssessmentAnnex.

Inthefuture,specificstatisticaltesting(inlinewithNISTSP80090B)willberequiredtoverifytheentropyestimates.

FCS_CKM_EXT.1CryptographicKeyGenerationServices

FCS_CKM_EXT.1.1Theapplicationshall[selection:

generatenoasymmetriccryptographickeys,invokeplatformprovidedfunctionalityforasymmetrickeygeneration,implementasymmetrickeygeneration

].

ThisrequirementdependsuponselectioninFCS_TLSC_EXT.1.

ApplicationNote:Ifimplementasymmetrickeygenerationorinvokeplatformprovidedfunctionalityforasymmetrickeygenerationischosen,thenadditionalFCS_CKM.1elementsshallbeincludedintheST.

AssuranceActivity

Theevaluatorshallinspecttheapplicationanditsdeveloperdocumentationtodetermineiftheapplicationneedsasymmetrickeygenerationservices.Ifnot,theevaluatorshallverifythegeneratenoasymmetriccryptographickeysselectionispresentintheST.Otherwise,theevaluationactivitiesshallbeperformedasstatedintheselectionbasedrequirements.

FCS_CKM.1CryptographicKeyGeneration

FCS_CKM.1.1Theapplicationshallgenerateasymmetriccryptographickeysinaccordancewithaspecifiedcryptographickeygenerationalgorithm[selection:

[RSAschemes]usingcryptographickeysizesof[2048bitorgreater]thatmeetthefollowing:[selection:FIPSPUB1864,DigitalSignatureStandard(DSS),AppendixB.3,ANSIX9.311998,Section4.1

],[ECCschemes]using[NISTcurvesP256,P384and[selection:P521,noothercurves]]thatmeetthefollowing:[FIPSPUB186

4,DigitalSignatureStandard(DSS),AppendixB.4],[FFCschemes]usingcryptographickeysizesof[2048bitorgreater]thatmeetthefollowing:[FIPSPUB1864,DigitalSignatureStandard(DSS),AppendixB.1]

].

ThisrequirementdependsuponselectioninFCS_CKM_EXT.1.

ApplicationNote:TheSTauthorshallselectallkeygenerationschemesused