Dedicated Security Components

CCDB iTC Liaison:  US

Introduction and Status

The CCDB has established a Work Group to assist in creating an iTC (and hence cPPs) for Dedicated Security Component (the Work Group name is abbreviated to "DSC WG"). The Work Group comprises participants from 2 nations, at present: The UK and the US.

The invitation notice for joining the candidate iTC, with contact details, can be found here: iTC invitation letter.

To join the iTC, please message: iTC-DSC@niap-ccevs.org.

DSC cPP v1.0 (Final Candidate)

  • Public Review for DSC cPP v1.0 Final Candidate closes (4 wks) - March 17 - April 14, 2020
  • iTC adjudicates all feedback received on published candidate (2 wks) - April 14 - 28, 2020

DSC SD v1.0 (Final Candidate)

  • Scoped and bounded Evaluation Activities in support of the DSC cPP v1.0 Final Candidate
  • SD Coverage updated to align with changes made to cPP v1.0 Final Candidate

iTC Activity

  • Multiple Sessions *were* scheduled at cancelled CCUF workshop in Burlington, MA (March 17-19) to discuss Final Candidate documents
  • Reviewing, comparing, and collaborating with OTHER iTCs / PPs (GP, FIDO, BSI (CSP PP), etc.)
  • Planning setup of a DSC Interpretations Team to be in place prior to final release of DSC cPP / SD v1.0

DSC cPP v1.0 & SD v1.0 (Final Candidates) Released for Public Review

The vendor led DSC iTC is pleased to announce the public review of the DSC cPP v1.0 and Supporting Document (SD) v1.0 (Final Candidate).

The DSC iTC is formally calling for final review and comments to be submitted within the next 4 weeks — public review will close on 14 April 2020.
The DSC iTC will complete adjudication on feedback received against published final candidate - 2 weeks — close on 28 April 2020.

Considerations during review

The DSC iTC should be aware that certain items in the cPP and SD intentionally remain open to feedback from this larger community review. We request that reviewers consider the following in their review:

  • Formal extended components definition in the cPP is an open action item to be resolved once the cPP review has been completed toD reduce multiple changes to extended SFRs.
  • Determining the appropriate bounding of evaluation activities defined for FPT_PHP.3. We solicit thoughtful feedback on defining objective and measurable evaluation activities for demonstrating that the TSF is resistant to specific physical attacks.
  • Completing the vulnerability analysis requirements. Specifically, to ensure vulnerability testing is sufficiently rigorous and objectively comparable across different evaluations:
    • The public vulnerability sources that should be searched for potential findings.
    • The search terms that should be considered when searching the identified sources for potential findings.
    • Identify specific attacks or analysis of individual vulnerabilities (e.g. CVEs) that should be considered by the evaluators regardless of the outcome of public vulnerability searches.
    • Specific tools, if necessary, that should be used by the evaluators to conduct testing against a DSC.

Comment Submissions

The DSC iTC requests that all submissions be sent using the Comment Matrix document and changing its name to “DSC-1.0-Candidate-Comments-<Org>-<FirstName LastInitial>” with your organization name, first name, and last initial. An example would be “DSC-1.0-Candidate-Comments-MyCompany-JohnD”. Completed comment forms should be e-mailed to iTC-DSC-Tech-Editors@niap-ccevs.org by 14 April 2020. Submitted comments will be consolidated and adjudicated by the DSC iTC Tech Writers group within the following two weeks.

Initial Essential Security Requirements (ESR) and Position Statements

Essential Security Requirements

The working group has produced an Essential Security Requirements document for Dedicated Security Component. The ESR represents the common needs of the WG members in the technology area. The document can be found here: Essential Security Requirements.

Information about Dedicated Security Component cPP Position Statements can be found here: Position Statements.