ndcpp-v2-1-technical-decisions

NDcPP v2.1 endorsed by NIAP but which TDs apply?

Lachlan Turner Certifications, Common Criteria

[March 14, 2019 update] The NIAP list of TDs is now up to date with NDcPP v2.1 attribution.

NIAP announced their endorsement today of version 2.1 of the Network Device collaborative Protection Profile. We’ve previously described the changes in NDcPP v2.1. In this post, we look at which NIAP Technical Decisions (i.e. interpretations / minor edits) will still apply to this new version.

A review of the NIAP list of Technical Decisions (TDs) shows that none are yet explicitly attributed to NDcPP v2.1, however our analysis shows that the following TDs will be applicable:

  • TD0395: NIT Technical Decision for Different Handling of TLS1.1 and TLS1.2
  • TD0396: NIT Technical Decision for FCS_TLSC_EXT.1.1, Test 2
  • TD0397: NIT Technical Decision for Fixing AES-CTR Mode Tests
  • TD0398: NIT Technical Decision for FCS_SSH*EXT.1.1 RFCs for AES-CTR
  • TD0399: NIT Technical Decision for Manual installation of CRL (FIA_X509_EXT.2)
  • TD0400: NIT Technical Decision for FCS_CKM.2 and elliptic curve-based key establishment
  • TD0401: NIT Technical Decision for Reliance on external servers to meet SFRs
  • TD0402: NIT Technical Decision for RSA-based FCS_CKM.2 Selection

Note that TD0394 is not applicable although it was released subsequent to publication of NDcPP v2.1. This is because FMT_MTD.1/CryptoKeys is now a selection based SFR.

The previously endorsed version of NDcPP – v2.0e – is set to ‘sunset’ on 10 September 2019 – meaning evaluations against v2.0e will still be accepted up to the sunset date. We’d generally recommend moving to NDcPP v2.1 anyway.

Find out more about the Network Device collaborative Protection Profile and How to get on the NSA/NIAP Product Compliant List (PCL).