Vendors undertaking a Common Criteria project for the first time are often surprised by the scope and focus of the testing for a Network Devices collaborative Protection Profile (NDcPP) CC evaluation. Lightship’s Technical Director, Greg McLearn often refers to the testing involved in the NDcPP as “ensuring that the product is a good network citizen”. This is the NDcPP philosophy.Read More
There are 41 products listed on the NIAP PCL that are compliant with the collaborative Protection Profile for Network Devices (NDcPP) v1.0. These PCL listings will all expire within the next year or so. What can these vendors expect when updating their certifications from NDcPP v1.0 to NDcPP v2.0e? In this post, we examine the changes that have occurred to the NDcPP to help answer this question.Read More
In this multi-part Lightship Security video tutorial series geared toward vendors who are new to FIPS 140-2, we discuss the “origins” of a cryptographic module and the design requirements for FIPS 140-2 compliance. The tutorial also touches on self-tests and the concept of FIPS 140-2 “modes of operation” including Approved, non-Approved, and Mixed Modes. Stay tuned for further installments.Read More
Edit 20-March-2019: NIAP published a v1.1 of the Functional Package which addresses many of the item discussed in this blog. The title of the blog is updated and ambiguities previously found are corrected where they’ve been addressed.
NIAP recently released their first, and widely anticipated, modular protection profile package targeting the TLS communication protocol. This package is not meant to stand on its own and is designed to be included within new versions of NIAP protection profiles. While it is unlikely to be explicitly referenced by collaborative Protection Profiles (cPP), the requirements will almost certainly be highly similar.Read More
December marks the 3-year anniversary of the founding of Lightship. As such, we’ve been taking stock to consider our progress, challenges and future plans.
First the good news. In 2018, Lightship was able to successfully execute on the following:
- Became the 5th and only independently owned and accredited Common Criteria lab in Canada
- Completed our accreditation to become 1 of 22 FIPS 140-2 labs worldwide
- Completed one of the fastest formal NDcPP v2 end to end CC evaluations ever completed in North America
- Secured development funding from the Government of Canada for Greenlight test automation innovations
- Added more modules and utilities as part of the Greenlight platform to improve reporting, ease of integration and usability for us and our clients
- Added critical mass to our development and delivery team to support our growing client base
- Earned the certification business of several new domestic and international industry leading security vendors through our modernized and automated Functional Gap Analysis offering and end to end expedited CC certification methodology
We took a strategic decision early on at Lightship Security to focus our initial Greenlight development efforts on automating the tests specified by the Network Device collaborative Protection Profile (NDcPP). There are two main reasons for this:
- It is the most widely used Common Criteria Protection Profile in North America (given its generic applicability)
- It is the forerunner for most NIAP Approved Protection Profiles which re-use a large portion of the NDcPP Security Functional Requirements (SFRs)
Now, we have automated the testing not only for NDcPP but also several other Protection Profiles by virtue of this SFR re-use. Below we present an analysis of the re-use of NDcPP requirements across NIAP Approved Protection Profiles (all but a few).
As part of our continued commitment to develop innovative certification automation solutions, Lightship Security is pleased to announce that it has received additional development funding from the National Research Council of Canada Industrial Research Assistance Program (NRC IRAP).
The NRC IRAP support will be used by Lightship to provide advanced functionality of our industry first Conformance Automation Platform – Greenlight, specifically to support our growing list of clients with continuous certification readiness through automated functional pre-testing.
NDcPPv2.1 is hot off the presses from the Network iTC.
It is yet to be officially accepted by NIAP for PCL usage however this is probably not too far off, perhaps with some minor tweaks (the new NTP SFR being something to watch).
Here are some notes from our initial review:
- NTP. A new SFR has been added for NTP which we understand refers to mechanisms that are supported by commonly available NTP clients. Vendors still have the option of specifying manual time configuration. If v2.1 is accepted by NIAP as is, this will remove the mandated use of a trusted channel for NTP which was causing problems for some vendors in v2.0e.
- TLS. Administrators can now elect to ignore certificate validation failures. Support for 192-bit ciphersuites has been removed and a couple of new suites have been added.
- X.509. Certificate revocation checking requirements have been ‘clarified’ by an application note. This may result in changes for implementations that meet the current requirements.
- Audit Events. All generation/import/change of long-term cryptographic keys (i.e. not session keys) need to be audited, including those that are automatically generated by the TOE.
Since this article was posted, the international Network Interpretations Team has issued RFI 201824 stating that the send and receive keys can be independently rekeyed. Therefore, the requirement that the ‘aggregate’ traffic be counted is no longer mandated according to the iTC. NIAP has yet to endorse RFI 201824, meaning that still, as of April 2, 2019, NIAP still requires the aggregate be counted.
In the current version of the NDcPP there is a cryptographic Security Functional Requirement (SFR) called FCS_SSH*_EXT.1.8. On the face of it, FCS_SSH*_EXT.1.8 is a fairly straightforward SFR with a relatively straightforward means to enforce it:
FCS_SSHS_EXT.1.8: The TSF shall ensure that within SSH connections the same session keys are used for a threshold of no longer than one hour, and no more than one gigabyte of transmitted data. After either of the thresholds are reached a rekey needs to be performed.
However, it is vitally important to read the application note (Application Note 102 in NDcPP v2.0+20180314) that follows this SFR element, because one small detail appears to be catching vendors by surprise:
For the maximum transmitted data threshold, the total incoming and outgoing data needs to be counted.
In this short video tutorial, we examine the freely available FIPS 140-2 test suite which is part of the OpenSSL FIPS Object Module development package.