Version: 1, Published: 2025-06-05

Impacted Documents

  • CPP_HCD_V1.0e_supporting_doc

References

  • FCS_SSHC_EXT.1.8

  • FCS_SSHS_EXT.1.8

Issue Description

The test assurance activity for FCS_SSHC_EXT.1.8 and FCS_SSHS_EXT.1.8 requires testing the time-based threshold option to verify that the TOE initiates rekeying before reaching the threshold. However, due to limitations in the TOE or its hardware, reaching the threshold might not always be feasible.

Resolution

Update the TSS assurance activity for FCS_SSHC_EXT.1.8 and FCS_SSHS_EXT.1.8 to require a description of any TOE and/or hardware limitations that prevent the time-based threshold from being reached. Also, update the test assurance activity for FCS_SSHC_EXT.1.8 and FCS_SSHS_EXT.1.8 to omit testing of the time-based threshold option when such limitations make it infeasible.

CPP_HCD_V1.0e_supporting_doc

The SD is updated as follows (yellow highlights for additions, strikethrough for deletions) per section that is being updated:

5.2.6.1.7. FCS_SSHC_EXT.1.8

In cases where TOE limitation will prevent reaching data transfer threshold in less than one hour, the evaluator shall check the TSS to ensure it contains:

  1. An argument describing this TOE limitation and

  2. Identification of the hardware components (if any) that form the basis of the such argument.

For example, if specific Ethernet Controller or Wi-Fi radio chip is the root cause of such limitation, these subsystems shall be identified.

5.2.6.3.7. FCS_SSHC_EXT.1.8

In cases where data transfer threshold could not be reached due to TOE limitations it is acceptable to omit testing of this (SSH rekeying based on data transfer threshold) threshold . if both the following conditions are met:

  1. An argument is present in the TSS section describing this hardware-based limitation and

  2. All hardware components that are the basis of such argument are definitively identified in the ST. For example, if specific Ethernet Controller or WiFi radio chip is the root cause of such limitation, these chips must be identified.

5.2.7.1.7. FCS_SSHS_EXT.1.8

In cases where TOE limitation will prevent reaching data transfer threshold in less than one hour, the evaluator shall check the TSS to ensure it contains:

  1. An argument describing this TOE limitation and

  2. Identification of the hardware components (if any) that form the basis of the such argument.

For example, if specific Ethernet Controller or Wi-Fi radio chip is the root cause of such limitation, these subsystems shall be identified.

5.2.7.3.7. FCS_SSHS_EXT.1.8

In cases where data transfer threshold could not be reached due to TOE limitations it is acceptable to omit testing of this (SSH rekeying based on data transfer threshold) threshold . if both the following conditions are met:

  1. An argument is present in the TSS section describing this hardware-based limitation and

  2. All hardware components that are the basis of such argument are definitively identified in the ST. For example, if specific Ethernet Controller or WiFi radio chip is the root cause of such limitation, these chips must be identified.

Tracking

Issue #363