PP-Module for Email Clients Version: 2.0 2015-06-18 National Information Assurance Partnership
PP-ModuleforEmailClients
Version:2.02015-06-18
NationalInformationAssurancePartnership
RevisionHistory
Version Date Comment
v1.0 2014-04-01 Release-EmailClientProtectionProfile
v2.0 2021-05-28 UpdateasPP-ModulethatextendstheProtectionProfileforApplicationSoftware
v2.0 2015-06-18 ApplicationSoftwareModuleforEmailClients
Contents
1 Introduction1.1 Overview1.2 Terms1.2.1 CommonCriteriaTerms1.2.2 TechnicalTerms1.3 CompliantTargetsofEvaluation1.4 UseCases2 ConformanceClaims3 SecurityProblemDescription3.1 Threats3.2 Assumptions3.3 OrganizationalSecurityPolicies4 SecurityObjectives4.1 SecurityObjectivesfortheTOE4.2 SecurityObjectivesfortheOperationalEnvironment4.3 SecurityObjectivesRationale5 SecurityRequirements5.1 ApplicationSoftwarePPSecurityFunctionalRequirementsDirection5.1.1 ModifiedSFRs5.2 TOESecurityFunctionalRequirements5.2.1 CryptographicSupport(FCS)5.2.2 UserDataProtection(FDP)5.2.3 IdentificationandAuthentication(FIA)5.2.4 SecurityManagement(FMT)5.2.5 ProtectionoftheTSF(FPT)5.2.6 TrustedPath/Channels(FTP)5.3 TOESecurityFunctionalRequirementsRationale6 ConsistencyRationale6.1 ProtectionProfileforApplicationSoftware6.1.1 ConsistencyofTOEType6.1.2 ConsistencyofSecurityProblemDefinition6.1.3 ConsistencyofObjectives6.1.4 ConsistencyofRequirements
AppendixA- OptionalSFRsA.1 StrictlyOptionalRequirementsA.1.1 CryptographicSupport(FCS)A.1.2 UserDataProtection(FDP)A.2 ObjectiveRequirementsA.3 Implementation-basedRequirementsAppendixB- Selection-basedRequirementsB.1 CryptographicSupport(FCS)B.2 IdentificationandAuthentication(FIA)B.3 ProtectionoftheTSF(FPT)AppendixC- AcronymsAppendixD- Bibliography
1Introduction
1.1OverviewEmailclientsareuserapplicationsthatprovidefunctionalitytosend,receive,accessandmanageemail.Thecomplexityofemailcontentandemailclientshasgrownovertime.ModernemailclientscanrenderHTMLaswellasplaintext,andmayincludefunctionalitytodisplaycommonattachmentformats,suchasAdobePDFandMicrosoftWorddocuments.Someemailclientsallowtheirfunctionalitytobemodifiedbyusersthroughtheadditionofadd-ons.Protocolshavealsobeendefinedforcommunicatingbetweenemailclientsandservers.Someclientssupportmultipleprotocolsfordoingthesametask,allowingthemtobeconfiguredaccordingtoemailserverspecifications.Thecomplexityandrichfeaturesetofmodernemailclientsmakethematargetforattackers,introducingsecurityconcerns.Thisdocumentisintendedtofacilitatetheimprovementofemailclientsecuritybyrequiringuseofoperatingsystemsecurityservices,cryptographicstandards,andenvironmentalmitigations.Additionally,therequirementsinthisdocumentdefineacceptablebehaviorforemailclientsregardlessofthesecurityfeaturesprovidedbytheoperatingsystem.ThisModulealongwiththeProtectionProfileforApplicationSoftware([AppPP])provideabaselinesetofSecurityFunctionalRequirements(SFRs)foremailclientsrunningonanyoperatingsystemregardlessofthecompositionoftheunderlyingplatform.ThetermsemailclientandTOEareinterchangeableinthisdocument.
Figure1:SendingandDeliveringEmailoverTLS
1.2TermsThefollowingsectionslistCommonCriteriaandtechnologytermsusedinthisdocument.
1.2.1CommonCriteriaTerms
Assurance GroundsforconfidencethataTOEmeetstheSFRs[CC].
BaseProtectionProfile(Base-PP)
ProtectionProfileusedasabasistobuildaPP-Configuration.
CommonCriteria(CC)
CommonCriteriaforInformationTechnologySecurityEvaluation(InternationalStandardISO/IEC15408).
CommonCriteriaTestingLaboratory
WithinthecontextoftheCommonCriteriaEvaluationandValidationScheme(CCEVS),anITsecurityevaluationfacility,accreditedbytheNationalVoluntaryLaboratoryAccreditationProgram(NVLAP)andapprovedbytheNIAPValidationBodytoconductCommonCriteria-basedevaluations.
CommonEvaluationMethodology(CEM)
CommonEvaluationMethodologyforInformationTechnologySecurityEvaluation.
DistributedTOE
ATOEcomposedofmultiplecomponentsoperatingasalogicalwhole.
OperationalEnvironment(OE)
HardwareandsoftwarethatareoutsidetheTOEboundarythatsupporttheTOEfunctionalityandsecuritypolicy.
ProtectionProfile(PP)
Animplementation-independentsetofsecurityrequirementsforacategoryofproducts.
ProtectionProfileConfiguration(PP-Configuration)
AcomprehensivesetofsecurityrequirementsforaproducttypethatconsistsofatleastoneBase-PPandatleastonePP-Module.
ProtectionProfileModule(PP-Module)
Animplementation-independentstatementofsecurityneedsforaTOEtypecomplementarytooneormoreBaseProtectionProfiles.
SecurityAssuranceRequirement(SAR)
ArequirementtoassurethesecurityoftheTOE.
SecurityFunctionalRequirement(SFR)
ArequirementforsecurityenforcementbytheTOE.
SecurityTarget(ST)
Asetofimplementation-dependentsecurityrequirementsforaspecificproduct.
TOESecurityFunctionality(TSF)
Thesecurityfunctionalityoftheproductunderevaluation.
TOESummarySpecification(TSS)
AdescriptionofhowaTOEsatisfiestheSFRsinanST.
TargetofEvaluation(TOE)
Theproductunderevaluation.
1.2.2TechnicalTerms
ActiveSync Microsoftprotocolforsynchronizingmessagingandcalendardatabetweenmobileclientsandemailservers.
Add-on Capabilityorfunctionalityaddedtoanapplicationincludingplug-ins,extensionsorothercontrols.
EmailClient Applicationusedtosend,receive,accessandmanageemailprovidedbyanemailserver.ThetermsemailclientandTOEareinterchangeableinthis
document.
InternetMessageAccessProtocol(IMAP)
InternetMessageAccessProtocol-ProtocolforanemailclienttoretrieveemailfromanemailserveroverTCP/IP;IMAP4definedinRFC3501.
MessagingApplicationProgrammingInterface(MAPI)
MessagingApplicationProgrammingInterface-openspecificationusedbyemailclientssuchasMicrosoftOutlookandThunderbird;definedin[MS-OXCMAPIHTTP].
PostOfficeProtocol(POP) ProtocolforanemailclienttoretrieveemailfromanemailserveroverTCP/IP;POP3definedinRFC1939.
RemoteProcedureCall(RPC)
ProtocolusedbyMicrosoftExchangetosend/receiveMAPIcommands;definedin[MS-OXCRPC]MS-OXCRPC.
Secure/MultipurposeInternetMailExtensions(S/MIME)
Usedtosignand/orencryptmessagesattherequestoftheuseruponsendingemailandtoverifydigitalsignatureonasignedmessageuponreceipt.
SimpleMailTransferProtocol(SMTP)
ProtocolforanemailclienttosendemailtoanemailserveroverTCP/IP;SMTPdefinedinRFC5321.
1.3CompliantTargetsofEvaluationTheTargetofEvaluation(TOE)inthisPP-Moduleisanemailclientapplicationrunningonadesktopormobileoperatingsystem.ThisPP-Moduledescribestheextendedsecurityfunctionalityofemailclientsintermsof[CC].AsanextensionoftheApSoPP,itisexpectedthatthecontentofthisPP-ModulewillbeappropriatelycombinedwiththeApSoPPtoincludeselection-basedrequirementsinaccordancewiththeselectionsand/orassignmentsmade,andanyoptionaland/orobjectivecomponentstoincludethefollowingcomponentsatminimum:
FCS_CKM.1(1)FCS_CKM_EXT.1FCS_CKM.2FCS_COP.1(1)FCS_COP.1(2)FCS_COP.1(3)FCS_COP.1(4)FCS_TLSC_EXT.1FIA_X509_EXT.1FIA_X509_EXT.2
AnSTmustidentifytheapplicableversionoftheApSoPPandthisPP-Moduleinitsconformanceclaims.
1.4UseCasesEmailclientsperformtasksassociatedprimarilywiththefollowingusecase.
[USECASE1]Sending,receiving,accessing,managinganddisplayingemailEmailclientsareusedforsending,receiving,viewing,accessing,managingemailincoordinationwithamailserver.EmailclientscanrenderHTMLaswellasplaintext,andcandisplaycommonattachmentformats.
2ConformanceClaimsConformanceStatement
ThisPP-ModuleinheritsexactconformanceasrequiredfromthespecifiedBase-PPandasdefinedintheCCandCEMaddendaforExactConformance,Selection-BasedSFRs,andOptionalSFRs(datedMay2017).ThefollowingPPsandPP-ModulesareallowedtobespecifiedinaPP-ConfigurationwiththisPP-Module.
ProtectionProfileforApplicationSoftware,version1.3
CCConformanceClaimsThisisconformanttoParts2(extended)and3(conformant)ofCommonCriteriaVersion3.1,Revision5.
PPClaimThisdoesnotclaimconformancetoanyProtectionProfile.
PackageClaimThisdoesnotclaimconformancetoanypackages.
ConformanceStatementThisPP-ModuleinheritsexactconformanceasrequiredfromthespecifiedBase-PPandasdefinedintheCCandaddendaforExactConformance,Selection-BasedSFRs,andOptionalSFRs(datedMay2017).
CCConformanceClaimsThisPP-ModuleisconformanttoParts2(extended)and3(extended)ofCommonCriteriaVersion3.1,Release5[CC].
PackageClaimsTherearenopackageclaimsforthisPP-Module.
3SecurityProblemDescriptionThesecurityproblemisdescribedintermsofthethreatsthattheemailclientisexpectedtoaddress,assumptionsabouttheoperationalenvironment,andanyorganizationalsecuritypoliciesthatitisexpectedtoenforce.ThisPP-Moduledoesnotrepeatthethreats,assumptions,andorganizationalsecuritypoliciesidentifiedintheApSoPP,thoughtheyallapplygiventheconformanceandhencedependenceofthisPP-Moduleonit.Togetherthethreats,assumptionsandorganizationalsecuritypoliciesoftheApSoPPandthosedefinedinthisPP-ModuledescribethoseaddressedbyanemailclientastheTargetofEvaluation.Notably,emailclientsareparticularlyatriskfromtheNetworkAttackthreatidentifiedintheAppPP.Attackerscansendmaliciousemailmessagesdirectlytousers,andtheemailclientwillrenderorotherwiseprocessthisuntrustedcontent.
3.1ThreatsThefollowingthreatisspecifictoemailclients,andrepresentsanadditiontothoseidentifiedintheBase-PP.
T.FLAWED_ADDONEmailclientfunctionalitycanbeextendedwithintegrationofthird-partyutilitiesandtools.This
expandedsetofcapabilitiesismadepossibleviatheuseofadd-ons.Thetightintegrationbetweenthebasicemailclientcodeandthenewcapabilitiesthatadd-onsprovideincreasestheriskthatmalefactorscouldinjectseriousflawsintotheemailclientapplication,eithermaliciouslybyanattacker,oraccidentallybyadeveloper.Theseflawsenableundesirablebehaviorsincluding,butnotlimitedto,allowingunauthorizedaccesstosensitiveinformationintheemailclient,unauthorizedaccesstothedevice'sfilesystem,orevenprivilegeescalationthatenablesunauthorizedaccesstootherapplicationsortheoperatingsystem.
3.2AssumptionsThisdocumentdoesnotdefineanyadditionalassumptions.
3.3OrganizationalSecurityPoliciesAnorganizationdeployingtheTOEisexpectedtosatisfytheorganizationalsecuritypolicylistedbelowinadditiontoallorganizationalsecuritypoliciesdefinedbytheclaimedbasePP.ThisdocumentdoesnotdefineanyadditionalOSPs.
4SecurityObjectivesThisPP-ModuleaddsSFRstoobjectivesidentifiedintheBase-PPanddescribesanadditionalobjectivespecifictothisPP-Module.
4.1SecurityObjectivesfortheTOEO.MANAGEMENT
QQQQ
O.PROTECTED_STORAGEQQQQ
O.PROTECTED_COMMSQQQQ
O.ADDON_INTEGRITYToaddressissuesassociatedwithmaliciousorflawedplug-insorextensions,conformantemailclientsimplementmechanismstoensuretheirintegrity.Thisincludesverificationatinstallationtimeandupdate.
4.2SecurityObjectivesfortheOperationalEnvironmentTheOperationalEnvironmentoftheTOEimplementstechnicalandproceduralmeasurestoassisttheTOEincorrectlyprovidingitssecurityfunctionality(whichisdefinedbythesecurityobjectivesfortheTOE).ThesecurityobjectivesfortheOperationalEnvironmentconsistofasetofstatementsdescribingthegoalsthattheOperationalEnvironmentshouldachieve.ThissectiondefinesthesecurityobjectivesthataretobeaddressedbytheITdomainorbynon-technicalorproceduralmeans.TheassumptionsidentifiedinSection3areincorporatedassecurityobjectivesfortheenvironment.Sometextconcerningsecurityobjectives.
OE.PLACEHOLDERplaceholder
4.3SecurityObjectivesRationaleThissectiondescribeshowtheassumptions,threats,andorganizationsecuritypoliciesmaptothesecurityobjectives.
Table1:SecurityObjectivesRationaleThreat,Assumption,orOSP SecurityObjectives Rationale
T.FLAWED_ADDON O.MANAGEMENT QQQQ
5SecurityRequirementsThischapterdescribesthesecurityrequirementswhichhavetobefulfilledbytheproductunderevaluation.ThoserequirementscomprisefunctionalcomponentsfromPart2andassurancecomponentsfromPart3of[CC].Thefollowingconventionsareusedforthecompletionofoperations:
Refinementoperation(denotedbyboldtextorstrikethroughtext):isusedtoadddetailstoarequirement(includingreplacinganassignmentwithamorerestrictiveselection)ortoremovepartoftherequirementthatismadeirrelevantthroughthecompletionofanotheroperation,andthusfurtherrestrictsarequirement.Selection(denotedbyitalicizedtext):isusedtoselectoneormoreoptionsprovidedbythe[CC]instatingarequirement.Assignmentoperation(denotedbyitalicizedtext):isusedtoassignaspecificvaluetoanunspecifiedparameter,suchasthelengthofapassword.Showingthevalueinsquarebracketsindicatesassignment.Iterationoperation:isindicatedbyappendingtheSFRnamewithaslashanduniqueidentifiersuggestingthepurposeoftheoperation,e.g."/EXAMPLE1."
5.1ApplicationSoftwarePPSecurityFunctionalRequirementsDirectionInaPP-ConfigurationthatincludesApplicationSoftwarePP,theTOEisexpectedtorelyonsomeofthesecurityfunctionsimplementedbytheasawholeandevaluatedagainsttheApplicationSoftwarePP.ThefollowingsectionsdescribeanymodificationsthattheSTauthormustmaketotheSFRsdefinedintheApplicationSoftwarePPinadditiontowhatismandatedbySection5.2TOESecurityFunctionalRequirements.
5.1.1ModifiedSFRsThisPP-ModuledoesnotmodifyanySFRsdefinedbytheApplicationSoftwarePP.
5.2TOESecurityFunctionalRequirementsThefollowingsectiondescribestheSFRsthatmustbesatisfiedbyanyTOEthatclaimsconformancetothisPP-Module.TheseSFRsmustbeclaimedregardlessofwhichPP-ConfigurationisusedtodefinetheTOE.
5.2.1CryptographicSupport(FCS)
FCS_SMIME_EXT.1Secure/MultipurposeInternetMailExtensions(S/MIME)FCS_SMIME_EXT.1.1
TheemailclientshallimplementbothasendingandreceivingS/MIMEv3.2AgentasdefinedinRFC5751,usingCMSasdefinedinRFCs5652,5754,and3565.
ApplicationNote:TheRFCsallowforanagenttobeeithersendingorreceiving,ortoincludebothcapabilities.TheintentofthisrequirementistoensurethattheemailclientiscapableofbothsendingandreceivingS/MIMEv3.2messages.
FCS_SMIME_EXT.1.2TheemailclientshalltransmittheContentEncryptionAlgorithmIdentifierforAES-128CBCandAES-256CBCaspartoftheS/MIMEprotocol.
ApplicationNote:AESwasaddedtoCMSasdefinedinRFC3565.
FCS_SMIME_EXT.1.3TheemailclientshallpresentthedigestAlgorithmfieldwiththefollowingMessageDigestAlgorithmidentifiers[selection:id-sha256,id-sha384,id-sha512]andnoothersaspartoftheS/MIMEprotocol.
FCS_SMIME_EXT.1.4TheemailclientshallpresenttheAlgorithmIdentifierfieldwiththefollowingsha256withRSAEncryptionand[selection:
sha384WithRSAEncryption,sha512WithRSAEncryption,ecdsa-with-SHA256,ecdsa-with-sha384,ecdsa-with-sha512
]andnootheralgorithmsaspartoftheS/MIMEprotocol.
ApplicationNote:RFC5751mandatesthatreceivingandsendingagentssupportRSAwithSHA256.ThealgorithmstobetestedintheevaluatedconfigurationarelimitedtothealgorithmsspecifiedintheFCS_SMIME_EXT.1.4selection.Anyotheralgorithmsimplementedthatdonotcomplywiththeserequirementsshouldnotbeincludedinanevaluatedemailclient.
FCS_SMIME_EXT.1.5Theemailclientshallsupportuseofdifferentprivatekeys(andassociatedcertificates)forsignatureandforencryptionaspartoftheS/MIMEprotocol.
FCS_SMIME_EXT.1.6TheemailclientshallonlyacceptasignaturefromacertificatewiththedigitalSignaturebitsetaspartoftheS/MIMEprotocol.
ApplicationNote:ItisacceptabletoassumethatthedigitalSignaturebitissetincaseswherethereisnokeyUsageextension.
FCS_SMIME_EXT.1.7Theemailclientshallimplementmechanismstoretrievecertificatesandcertificaterevocationinformation[selection:foreachsigned/encryptedmessagesent/received,[assignment:frequency]]aspartoftheS/MIMEprotocol.
ApplicationNote:InaccordancewithFIA_X509_EXT.1.1[AppPP],certificaterevocationmayuseCertificateRevocationList(CRL)orOnlineCertificateStatusProtocol(OCSP).Theemailclientcandefinehowthismechanismbehaves,includingwhetheritutilizestheunderlyingOS,butitisrequiredthata
mechanismexistsuchthatrevocationstatusissupportedandsothatcertificatescanberetrievedforsending/receivingmessages.FrequencyisconfigurableinFMT_MOF_EXT.1.1.Inthisrequirement,frequencycanbeinterpretedasaone-timefunctionwithlocalstorage,asaregularlyscheduledretrieval,orasamechanismthatrequiresmanualintervention.Iftheretrievalmechanismisperiodicinnature,thentheSTauthorwillneedtoincludeaniterationofFCSforstorageofrevocationinformation;storageofcertificatesiscoveredinFCS_CKM.Theimportofcertificatesandcertificatechainsisnotincludedinthisrequirement,butiscoveredinFIA_X509andFMT_MOF.
EvaluationActivities
FCS_SMIME_EXT.1:TSSTheevaluatorverifiesthattheversionofS/MIMEimplementedbytheemailclientispresentintheTSS.Theevaluatoralsoverifiesthatthealgorithmssupportedarespecified,andthatthealgorithmsspecifiedarethoselistedforthiscomponent.TheevaluatorverifiesthattheTSSdescribestheContentEncryptionAlgorithmIdentifierandwhethertherequiredbehaviorisperformedbydefaultormaybeconfigured.TheevaluatorverifiesthattheTSSdescribesthedigestAlgorithmandwhethertherequiredbehaviorisperformedbydefaultormaybeconfigured.TheevaluatorverifiesthattheTSSdescribestheAlgorithmIdentifierandwhethertherequiredbehaviorisperformedbydefaultormaybeconfigured.TheevaluatorverifiesthattheTSSdescribestheretrievalmechanismsforbothcertificatesandcertificaterevocationaswellasthefrequencyatwhichthesemechanismsareimplemented.
GuidanceTheevaluatoralsoreviewstheOperationalGuidancetoensurethatitcontainsinstructionsonconfiguringtheemailclientsuchthatitcomplieswiththedescriptionintheTSS.IftheTSSindicatesthatthealgorithmsinFCS_SMIME_EXT.1.2mustbeconfiguredtomeettherequirement,theevaluatorverifiesthattheAGDguidanceincludestheconfigurationofthisID.IftheTSSindicatesthatthealgorithmsinFCS_SMIME_EXT.1.3mustbeconfiguredtomeettherequirement,theevaluatorverifiesthattheAGDguidanceincludestheconfiguration.IftheTSSindicatesthatthealgorithmsinFCS_SMIME_EXT.1.4mustbeconfiguredtomeettherequirement,theevaluatorverifiesthattheAGDguidanceincludestheconfigurationofthisID.IftheTSSindicatesthatthemechanismsinFCS_SMIME_EXT.1.7areconfigurable,theevaluatorverifiesthattheAGDguidanceincludestheconfigurationofthesemechanisms.
TestsTheevaluatorshallperformthetestslistedbelow.ThesetestscanbeperformedinconjunctionwiththetestsspecifiedinFIA_X509_EXT.1(definedintheBase-PP)forcertificate/certificatechainverificationandinFDP_NOT_EXT.1.
Test1:Test1:Theevaluatorbothsendsandreceivesamessagewithnoprotection(nosignatureorencryption)andverifythatthemessageistransmittedproperlyandcanbeviewedatthereceivingagent.Thistransmissioncanbeperformedaspartofanumberofmechanisms;itissufficienttoobservethatthemessagearrivesattheintendedrecipientwiththesamecontentaswhensent.Test2:Test2:TheevaluatorbothsendsandreceivesasignedmessageusingeachofthealgorithmsspecifiedintheSTcorrespondingtotherequirementandverifythatthesignatureisvalidforbothreceivedandsentmessages.Afterverifyingthesignaturesarevalid,theevaluatorsendsasignedmessageusingeachofthealgorithmsspecifiedintheSTanduseamaninthemiddletooltomodifyatleastonebyteofthemessagesuchthatthesignatureisnolongervalid.Thiscanbedonebymodifyingthecontentofthemessageoverwhichthesignatureiscalculatedorbymodifyingthesignatureitself.Theevaluatorverifiesthatthereceivedmessagefailsthesignaturevalidationcheck.Test3:Test3:TheevaluatorbothsendsandreceivesanencryptedmessageusingeachofthealgorithmsspecifiedintheST.Test4:Theevaluatorverifiesthatthecontentsareencryptedintransitandthatthereceivedmessagedecrypts.Test5:Afterverifyingthemessagedecrypts,theevaluatorsendsanencryptedmessageusingeachofthealgorithmsspecifiedintheSTanduseamaninthemiddletooltomodifyatleastonebyteofthemessagesuchthattheencryptionisnolongervalid.Theevaluatorverifiesthatthereceivedmessagefailstodecrypt.Test6:Test4:Theevaluatorbothsendsandreceivesamessagethatisbothsignedandencrypted.Inaddition,theevaluatorusesaman-in-the-middletooltomodifyatleastonebyteofthemessagesuchthattheencryptionandsignaturearenolongervalid.Theevaluatorverifiesthatthereceivedmessagefailstodecrypt,failsthesignaturevalidationcheck,and/orboth.Test7:Test5:TheevaluatorsendsasignedmessagetotheemailclientusingasignaturealgorithmnotsupportedaccordingtothedigestAlgorithmID(e.g.,SHA1).Theevaluatorverifiesthattheemailclientprovidesanotificationthatthecontentscannotbeverifiedbecausethesignaturealgorithmisnotsupported.Test8:Test6:TheevaluatorsendsanencryptedmessagetotheemailclientusinganencryptionalgorithmnotsupportedaccordingtotheAlgorithmIdentifierfield.Theevaluatorverifiesthattheemailclientdoesnotdisplay/decryptthecontentsofthemessage.Test9:Test7:TheevaluatorsendstheemailclientamessagesignedbyacertificatewithoutthedigitalSignaturebitset.Theevaluatorverifiesthattheemailclientnotifiestheuserthatthesignatureisinvalid.Test10:Test8:TheevaluatorsendstheemailclientamessagesignedbyacertificatewithouttheEmailProtectionpurposeintheextendedKeyUsage.Theevaluatorverifiesthattheemailclientnotifiestheuserthatthesignatureisinvalid.Test11:Test9:TheevaluatorverifiesthattheemailclientusesOCSPordownloadstheCRLattheassignedfrequency.
FCS_CKM_EXT.3ProtectionofKeyandKeyMaterialFCS_CKM_EXT.3.1
Theemailclientshall[selection:
notstorekeysinnon-volatilememory,onlystorekeysinnon-volatilememorywhenwrappedasspecifiedinFCS_COP_EXT.2unlessthekeymeetsanyoneoffollowingcriteria:[selection:
TheplaintextkeyisnotpartofthekeychainasspecifiedinFCS_KYC_EXT.1.,Theplaintextkeywillnolongerprovideaccesstotheencrypteddataafterinitialprovisioning,TheplaintextkeyisakeysplitthatiscombinedasspecifiedinFCS_SMC_EXT.1,andtheotherhalfofthekeysplitiseither[selection:wrappedasspecifiedinFCS_COP_EXT.2,derivedandnotstoredinnon-volatilememory],Theplaintextkeyisstoredonanexternalstoragedeviceforuseasanauthorizationfactor,TheplaintextkeyisusedtowrapakeyasspecifiedinFCS_COP_EXT.2thatisalreadywrappedasspecifiedinFCS_COP_EXT.2,Theplaintextkeyisthepublicportionofthekeypair
]].
ApplicationNote:Theplaintextkeystorageinnon-volatilememoryisallowedforseveralreasons.Ifthekeysexistwithinprotectedmemorythatisnotuseraccessibleontheemailclientoroperationalenvironment,theonlymethodsthatallowittoplayasecurityrelevantroleisifitisakeysplitorprovidingadditionallayersofwrappingorencryptiononkeysthathavealreadybeenprotected.
EvaluationActivities
FCS_CKM_EXT.3:TSSTheevaluatorverifiestheTSSforahighleveldescriptionofmethodusedtoprotectkeysstoredinnonvolatilememory.TheevaluatorverifiestheTSStoensureitdescribesthestoragelocationofallkeysandtheprotectionofallkeysstoredinnonvolatilememory.ThedescriptionofthekeychainshallbereviewedtoensureFCS_COP_EXT.2isfollowedforthestorageofwrappedorencryptedkeysinnonvolatilememoryandplaintextkeysinnonvolatilememorymeetoneofthecriteriaforstorage.
GuidanceTherearenoguidanceEAsforthiscomponent.
TestsTherearenotestEAsforthiscomponent.
FCS_CKM_EXT.4CryptographicKeyDestructionFCS_CKM_EXT.4.1
Theemailclientshall[selection:invokeplatform-providedkeydestruction,implementkeydestructionusing[selection:
Forvolatilememory,theerasureshallbeexecutedbyasingledirectoverwrite[selection:
consistingofapseudo-randompatternusingtheemailclient'sRBG,consistingofapseudo-randompatternusingthehostplatform'sRBG,consistingofzeroes
].,Fornon-volatilestorage,theerasureshallbeexecutedby[selection:
single,threeormoretimes
]overwriteofkeydatastoragelocationconsistingof[selection:apseudorandompatternusingtheemailclient'sRBG(asspecifiedinFCS_RBG_EXT.1of[AppPP],apseudo-randompatternusingthehostplatform'sRBG,astaticpattern
]]
]thatmeetthefollowing:[selection:NISTSP800-88,nostandard
]fordestroyingallkeyingmaterialandcryptographicsecurityparameterswhennolongerneeded.
ApplicationNote:Forthepurposesofthisrequirement,keyingmaterialreferstoauthenticationdata,passwords,symmetrickeys,datausedtoderivekeys,etc.Thedestructionindicatedaboveappliestoeachintermediatestorageareaforkey/cryptographiccriticalsecurityparameters(i.e.,anystorage,suchasmemorybuffers,thatisincludedinthepathofsuchdata)uponthetransferofthekey/cryptographiccriticalsecurityparametertoanothermemorylocation.
EvaluationActivities
FCS_CKM_EXT.4:TSSIftheplatformprovidesthekeydestruction,thentheevaluatorexaminestheTSStoverifythatitdescribeshowthekeydestructionfunctionalityisinvoked.
Iftheapplicationinvokeskeydestruction,theevaluatorcheckstoensuretheTSSdescribeseachofthesecretkeys(keysusedforsymmetricencryptionand/ordataauthentication),privatekeys,andCSPsusedtogeneratekey;whentheyarezeroized(forexample,immediatelyafteruse,onsystemshutdown,etc.);andthetypeofzeroizationprocedurethatisperformed(overwritewithzeros,overwritethreetimeswithrandompattern,etc.).Ifdifferenttypesofmemoryareusedtostorethematerialstobeprotected,theevaluatorcheckstoensurethattheTSSdescribesthezeroizationprocedureintermsofthememoryinwhichthedataarestored(forexample,"secretkeysstoredonadrivearezeroizedbyoverwritingoncewithzeros,whilesecretkeysstoredontheinternalharddrivearezeroizedbyoverwritingthreetimeswitharandompatternthatischangedbeforeeachwrite").GuidanceTherearenoguidanceEAsforthiscomponent.
TestsTest1:[conditional:theTSFperformsitsownkeydestruction]Foreachtypeofauthorizationservice,encryptionmodeandencryptionoperation,aknownauthorizationfactor,andchainofkeysmustbeprovidedtotheevaluatorwithanassociatedciphertextdataset(e.g.ifapassphraseisusedtocreateaintermediatekey,thentheciphertextcontainingtheencryptedkeyaswellastheintermediatekeyitselfmustbeprovidedtotheevaluator.)Theevaluatorshallusetheemailclientinconjunctionwithadebuggingorforensicsutilitytoattempttoauthorizethemselves,resultinginthegenerationofakeyordecryptionofakey.TheevaluatorshallascertainfromtheTSSwhatthevendordefinesas"nolongerneeded"andexecutethesequenceofactionsviatheemailclienttoinvokethisstate.Atthispoint,theevaluatorshouldtakeadumpofvolatilememoryandsearchtheretrieveddumpfortheprovidedauthorizationcredentialsorkeys(e.g.ifthepasswordwas"PaSSw0rd",performastringsearchoftheforensicsdumpfor"PaSSw0rd").Theevaluatormustdocumenteachcommand,programoractiontakenduringthisprocess,andmustconfirmthatnoplaintextkeyingmaterialresidesinvolatilememory.Theevaluatormustperformthistestthreetimestoensurerepeatability.Ifduringthecourseofthistestingtheevaluatorfindsthatkeyingmaterialremainsinvolatilememory,theyshouldbeabletoidentifythecause(i.e.executionofthegrepcommandfor"PaSSw0rd"causedafalsepositive)anddocumentthereasonforfailuretocomplywiththisrequirement.Theevaluatorshallrepeatthissametest,butlookingforkeyingmaterialinnonvolatilememory.
FCS_KYC_EXT.1KeyChainingFCS_KYC_EXT.1.1
Theemailclientshallmaintainakeychainof:[selection:one,akeystoredinplatformkeystorage,intermediatekeysoriginatingfrom:[selection:
apasswordasspecifiedinFCS_CKM_EXT.5.1,oneormoreotherauthorizationfactor(s),credentialsstoredinplatformkeystorage
]]tothedataencryption/decryptionkey(s)usingthefollowingmethod(s):[selection:
utilizationoftheplatformkeystorage,utilizationofplatformkeystoragethatperformskeywrapwithaTSFprovidedkey,implementkeywrappingasspecifiedinFCS_COP_EXT.2,implementkeycombiningasspecifiedinFCS_SMC_EXT.1
]whilemaintaininganeffectivestrengthof[selection:128bits,256bits
]
ApplicationNote:KeyChainingisthemethodofusingmultiplelayersofencryptionkeystoultimatelysecurethedataencryptionkey.Thenumberofintermediatekeyswillvary.Thisappliestoallkeysthatcontributetotheultimatewrappingorderivationofthedataencryptionkey;includingthoseinprotectedareas.Thisrequirementalsodescribeshowkeysarestored.
EvaluationActivities
FCS_KYC_EXT.1:TSSTheevaluatorverifiestheTSS*describesahighleveldescriptionofthekeyhierarchyforallauthorizationsmethodsthatareusedtoprotecttheencryptionkeys.TheevaluatorshallexaminetheTSStoensureitdescribesthekeychainindetail.ThedescriptionofthekeychainshallbereviewedtoensureitmaintainsachainofkeysusingkeywrapthatmeetsFCS_COP_EXT.2.TheevaluatorverifiestheTSS*toensurethatitdescribeshowthekeychainprocessfunctions,suchthatitdoesnotexposeanymaterialthatmightcompromiseanykeyinthechain.Ahigh-leveldescriptionshouldincludeadiagramillustratingthekeyhierarchyimplementedanddetailwhereallkeysandkeyingmaterialisstoredorwhatitisderivedfrom.Theevaluatorshallexaminethekeyhierarchytoensurethatatnopointthechaincouldbebrokenwithoutacryptographicexhaustorknowledgeofthekeywithinthechainandtheeffectivestrengthofthedataencryptionkeyismaintainedthroughoutthekeychain.*Ifnecessary,thisinformationcouldbecontainedinaproprietarydocumentandnotappearintheTSS.GuidanceTherearenoguidanceEAsforthiscomponent.
TestsTherearenotestEAsforthiscomponent.
5.2.2UserDataProtection(FDP)
FDP_NOT_EXT.1NotificationofS/MIMEStatusFDP_NOT_EXT.1.1
TheemailclientshalldisplayanotificationoftheS/MIMEstatusofreceivedemailsuponviewing.
ApplicationNote:S/MIMEstatusiswhethertheemailhasbeensignedorencryptedandwhetherthesignatureverifiesandtheassociatedcertificatevalidates.Thisnotificationmustatleastdisplaywhentheemailcontentisviewed.ManyimplementationsalsodisplaytheS/MIMEstatusofeachemailwhenallemailsareviewedasalist.
EvaluationActivities
FDP_NOT_EXT.1:TSSTheevaluatorshallensurethattheTSSdescribesnotificationsofS/MIMEstatus,includingwhetherS/MIMEstatusisalsoindicateduponviewingalistofemails.
GuidanceTheevaluatorverifiesthattheAGDguidanceprovidesadescription(withappropriatevisualfigures)oftheS/MIMEstatusnotification(s),includinghoweachofthefollowingareindicated:encryption,verifiedandvalidatedsignature,andunverifiedandunvalidatedsignature.
TestsTheevaluatorshallperformthefollowingtestsandmayperformtheminconjunctionwiththetestsforFCS_SMIME_EXT.1:
Test1:Test1:Theevaluatorshallsendtheclientanunencryptedandunsignedemailandverifythatnonotificationsarepresentuponviewing.Test2:Test2:Theevaluatorshallsendtheclientanencryptedemailandverifythattheencryptednotificationispresentuponviewing.
Test3:Test3:Theevaluatorshallsendtheclientavalidsignedemailandverifythatthesignednotificationispresentuponviewing.
Test4:Test4:Theevaluatorshallsendtheclientaninvalidsignedemail(forexample,usingacertificatethatdoesnotcontainthecorrectemailaddressoracertificatethatdoesnotchaintotherootstore)andverifythattheinvalidsignaturenotificationispresentuponviewing.
FDP_SMIME_EXT.1S/MIMEFDP_SMIME_EXT.1.1
TheemailclientshalluseS/MIMEtosign,verify,encrypt,anddecryptmail.
ApplicationNote:NotethatthisrequirementdoesnotmandatethatS/MIMEbeusedforallincoming/outgoingmessages,orthattheemailclientautomaticallyencryptand/orsign/verifyallsentorreceivedmessages.ThisrequirementonlyspecifiesthatthemechanismfordigitalsignatureandencryptionmustbeS/MIME.
EvaluationActivities
FDP_SMIME_EXT.1:TSSTheevaluatorshallverifythattheTSScontainsadescriptionoftheS/MIMEimplementationanditsusetoprotectmailfromundetectedmodificationusingdigitalsignaturesandunauthorizeddisclosureusingencryption.TheevaluatorverifiesthattheTSSdescribeswhethersignatureverificationanddecryptionoccuratreceiptorviewingofthemessagecontents,andwhethermessagesarestoredwiththeirS/MIMEenvelopes.
GuidanceTheevaluatorshallensurethattheAGDguidanceincludesinstructionsforconfiguringacertificateforS/MIMEuseandinstructionsforsigningandencryptingemail.
TestsTestsforthiscomponentareperformedinconjunctionwithtestsforFCS_SMIME_EXT.1andFDP_NOT_EXT.1.
5.2.3IdentificationandAuthentication(FIA)
FIA_X509_EXT.3X509AuthenticationandEncryptionFIA_X509_EXT.3.1
TheemailclientshalluseX.509v3certificatesasdefinedbyRFC5280tosupportencryptionandauthenticationforS/MIME.
FIA_X509_EXT.3.2Theemailclientshallpreventtheestablishmentofatrustedcommunicationchannelwhenthepeercertificateisdeemedinvalid.
ApplicationNote:TrustedcommunicationchannelsincludeanyofTLSperformedbytheemailclient.Validityisdeterminedbythecertificatepath,theexpirationdate,andtherevocationstatusinaccordancewithRFC5280.
FIA_X509_EXT.3.3Theemailclientshallpreventtheinstallationofcodeifthecodesigningcertificateisdeemedinvalid.
FIA_X509_EXT.3.4Theemailclientshallpreventtheencryptionofemailiftheemailprotectioncertificateisdeemedinvalid.
FIA_X509_EXT.3.5Theemailclientshallpreventthesigningofemailiftheemailprotectioncertificateisdeemedinvalid.
EvaluationActivities
FIA_X509_EXT.3:TSSTheevaluatorshallchecktheTSStoensurethatitdescribeshowtheemailclientchooseswhichcertificatestousesothattheemailclientcanusethecertificates.TheevaluatorshallexaminetheTSStoconfirmthatitdescribesthebehavioroftheemailclientwhenaconnectioncannotbeestablishedduringthevaliditycheckofacertificateusedinestablishingatrustedchannelandprotectingemail.
GuidanceTheevaluatorshallverifythattheadministrativeguidancecontainsanynecessaryinstructionsforconfiguringtheoperatingenvironmentsothattheemailclientcanusethecertificates.
TestsTheevaluatorshallperformthefollowingtests:
Test1:Test1:TheevaluatorshallperformTest1foreachfunctionlistedinFIA_X509_EXT.2.1inthatrequirestheuseofcertificates.Theevaluatorshalldemonstratethatusingacertificatewithoutavalidcertificationpathresultsinthefunctionfailing.Theevaluatorshallthenloadintotheplatform'srootstoreanycertificatesneededtovalidatethecertificatetobeusedinthefunction,anddemonstratethatthefunctionsucceeds.Test2:Test2:TheevaluatorshalldemonstratethatusingavalidcertificatethatrequirescertificatevalidationcheckingtobeperformedinatleastsomepartbycommunicatingwithanonTOEITentity.Theevaluatorshallthenmanipulatetheenvironmentsothattheemailclientisunabletoverifythevalidityofthecertificate,andobservethattheactionselectedinFIA_X509_EXT.2.2inisperformed.Iftheselectedactionisadministratorconfigurable,thenTheevaluatorshallfollowtheoperationalguidancetodeterminethatallsupportedadministratorconfigurableoptionsbehaveintheirdocumentedmanner.
5.2.4SecurityManagement(FMT)
FMT_MOF_EXT.1ManagementofFunctionsBehaviorFMT_MOF_EXT.1.1
Theemailclientshallbecapableofperformingthefollowingmanagementfunctions,controlledbytheuseroradministratorasshown:
X:MandatoryO:Optional
# ManagementFunction Administrator User
1 Enable/disabledownloadingembeddedobjectsgloballyandby[selection:domain,sender,no
othermethod]
2 Enable/disableplaintextonlymodegloballyandby[selection:domain,sender,noothermethod]
3 Enable/disablerenderingandexecutionofattachmentsgloballyandby[selection:domain,
sender,noothermethod]
4 Enable/disableemailnotifications
5 Configureacertificaterepositoryforencryption
6 Configurewhethertoestablishatrustedchannelordisallowestablishmentiftheemailclient
cannotestablishaconnectiontodeterminethevalidityofacertificate
7 Configuremessagesending/receivingtoonlyusecryptographicalgorithmsdefinedin
FCS_SMIME_EXT.1
8 ConfigureCRLretrievalfrequency
9 Enable/disablesupportforadd-ons
10 Changepassword/passphraseauthenticationcredential
11 Disablekeyrecoveryfunctionality
12 Configurecryptographicfunctionality
13 [assignment:Othermanagementfunctions]
ApplicationNote:Forthesemanagementfunctions,theterm"Administrator"referstotheadministratorofanon-mobiledeviceorthedeviceownerofamobiledevice.TheAdministratorisresponsibleformanagementactivities,includingsettingthepolicythatisappliedbytheenterpriseontheemailclient.TheAdministratorcouldbeactingremotelyandcouldbetheMTAadministratoractingthroughacentralizedmanagementconsoleordashboard.Applicationsusedtoconfigureenterprisepolicyshouldhavetheirownidentificationandauthorizationandadditionalsecurityrequirementstoensurethattheremoteadministrationistrusted.TheintentofthisrequirementistoallowtheAdministratortoconfiguretheemailclientwithapolicythatmaynotbeover-riddenbytheuser.IftheAdministratorhasnotsetapolicyforaparticularfunction,theusermaystill
O O
O O
O O
O O
O O
O O
O O
O O
O O
O O
O O
O O
O O
performthatfunction.Enforcementofthepolicyisdonebytheemailclientitself,ortheemailclientandtheemailclientplatformincoordinationwitheachother.ThefunctiontoconfigurewhethertoestablishatrustedchannelcorrespondstothefunctionalitydescribedinFIA_X509_EXT.2.2([AppPP]).TheAdministratorhastheoptionofacceptingorrejectingallcertificatesthatcannotbevalidated,acceptingagivencertificatethatcannotbevalidated,ornotacceptingagivencertificatethatcannotbevalidated.DependingonthechoicethattheAdministratorhasmadeinFIA_X509_EXT.2.2([AppPP]),thetrustedconnectionwilleitherbeallowedforallcertificatesthatcannotbevalidated,disallowedforallcertificatesthatcannotbevalidated,allowedforagivencertificatethatcannotbevalidated,ordisallowedforagivencertificatethatcannotbevalidated.Ifpasswordorpassphraseauthorizationfactorsareimplementedbytheemailclient,thentheappropriate"change"selectionmustbeincluded.Iftheemailclientprovidesconfigurabilityofthecryptographicfunctions(forexample,keysize),eveniftheconfigurationistheformofparametersthatmaybepassedtocryptographicfunctionalityimplementontheemailclientplatform,then"configurecryptographicfunctionality"willbeincluded,andthespecificsofthefunctionalityofferedcaneitherbewritteninthisrequirementasbulletpoints,orincludedintheTSS.Iftheemailclientdoesincludeakeyrecoveryfunction,theemailclientmustprovidethecapabilityfortheusertoturnthisfunctionalityoffsothatnorecoverykeyisgeneratedandnokeysarepermittedtobeexported.
EvaluationActivities
FMT_MOF_EXT.1:TheevaluationactivitiesforthiscomponentwillbedrivenbytheselectionsmadebytheSTauthor.IfacapabilityisnotselectedintheST,thenotedevaluationactivitydoesnotneedtobeperformed.TSSTheevaluatorshallverifythattheTSSdescribesthosemanagementfunctionswhichmayonlybeconfiguredbytheemailclientplatformadministratorandcannotbeoverriddenbytheuserwhensetaccordingtopolicy.ChangePassword:TheevaluatorshallexaminetheOperationalGuidancetoensurethatitdescribeshowthepassword/passphrase-basedauthorizationfactoristobechanged.DisableKeyRecovery:Iftheemailclientsupportskeyrecovery,thismustbestatedintheTSS.TheTSSshallalsodescribehowtodisablethisfunctionality.Thisincludesadescriptionofhowtherecoverymaterialisprovidedtotherecoveryholder.CryptographicConfiguration:TheevaluatorshalldeterminefromtheTSSforotherrequirements(FCS_*)whatportionsofthecryptographicfunctionalityareconfigurable.
GuidanceTheevaluatorshallexaminetheoperationalguidancetoverifythatitincludesinstructionsforanemailclientplatformadministratortoconfigurethefunctionslistedinFMT_MOF_EXT.1.1.DisableKeyRecovery:Iftheemailclientsupportskeyrecovery,theguidancefordisablingthiscapabilityshallbedescribedintheAGDdocumentation.CryptographicConfiguration:TheevaluatorshallreviewtheAGDdocumentationtodeterminethatthereareinstructionsformanipulatingalloftheclaimedmechanisms.
TestsTheevaluatorshallperformthefollowingtests:
Test1:Theevaluatorverifiesthatfunctionsperformasintendedbyenabling,disabling,andconfiguringthefunctions.Test2:Theevaluatorshallsetmanagementfunctionswhicharecontrolledbythe(enterprise)administratorandcannotbeoverriddenbytheuser.Theevaluatorshallapplythesefunctionstotheclient,attempttooverrideeachsettingastheuser,andensurethattheemailclientdoesnotpermitit.Test3:[Conditional:theTSFhasakeyrecoverycapability]Theevaluatorshalldeviseatestthatensuresthatthekeyrecoverycapabilityhasbeenorcanbedisabledfollowingtheguidanceprovidedbythevendor
5.2.5ProtectionoftheTSF(FPT)
FPT_AON_EXT.1SupportforOnlyTrustedAdd-onsFPT_AON_EXT.1.1
Theemailclientshallincludethecapabilitytoload[selection:trustedadd-ons,noadd-ons].
ApplicationNote:FPT_AON_EXT.2dependsupontheselectionmadehere.Iftheemailclientdoesnotincludesupportforinstallingonlytrustedadd-ons,thisrequirementcanbemetbydemonstratingtheabilitytodisableallsupportforadd-onsasspecifiedinFMT_MOF_EXT.1.Cryptographicverification(i.e.,trust)ofadd-onsistestedinFPT_AON_EXT.2.1.
EvaluationActivities
FPT_AON_EXT.1:TSSTheevaluatorshallverifythattheTSSdescribeswhethertheemailclientiscapableofloadingtrustedadd-ons.GuidanceTheevaluatorshallexaminetheoperationalguidancetoverifythatitincludesinstructionsonloadingtrustedadd-onsources.TestsTheevaluatorshallcreateorobtainanuntrustedadd-onandattempttoloadit.Theevaluator
verifiesthattheuntrustedadd-onisrejectedandcannotbeloaded.
5.2.6TrustedPath/Channels(FTP)
FTP_ITC_EXT.1Inter-TSFTrustedChannelFTP_ITC_EXT.1.1
Theemailclientshallinitiateorreceivecommunicationviathetrustedchannel.
FTP_ITC_EXT.1.2Theemailclientshallcommunicateviathetrustedchannelfor[selection:
IMAP,SMTP,POP,MAPIExtensionsforHTTP,MAPI/RPC,ActiveSync,[assignment:otherprotocol(referenceRFCorspecification)]
].
ApplicationNote:FIA_SASL_EXT.1dependsupontheselection(s)madehere.Forexample,ifPOPischosen,thenFIA_SASL_EXT.1mustbeincludedintheST.Selectionsmustincludeatleastonesendingandonereceivingprotocol.Iftheassignmentisused,theSTauthormustalsoincludeareferencefortheprotocol(e.g.,anRFCnumber).
EvaluationActivities
FTP_ITC_EXT.1:TSSTheevaluatorshallexaminetheTSStodeterminethatitdescribesthedetailsoftheemailclientconnectingtoaMailTransferAgentintermsofthetrustedconnection(i.e.,TLS)accordingtoFTP_DIT_EXT.1in,alongwithemailclient-specificoptionsorproceduresthatmightnotbereflectedinthespecification.
GuidanceTheevaluatorshallconfirmthattheoperationalguidancecontainsinstructionsforestablishingtheconnectiontotheMailTransferAgent.
TestsTheevaluatorshallperformthefollowingtests:
Test1:TheevaluatorshallensurethattheemailclientisabletoinitiatecommunicationsusinganyselectedorassignedprotocolsspecifiedintherequirementoverTLS,settinguptheconnectionsasdescribedintheoperationalguidanceandensuringthatcommunicationissuccessful.Test2:TheevaluatorshallensurethattheemailclientisabletoinitiatecommunicationswithaMailTransferAgentusingSMTPandanyassignedprotocolsspecifiedintherequirementoverTLS,settinguptheconnectionsasdescribedintheoperationalguidanceandensuringthatcommunicationissuccessful.Test3:Theevaluatorshallensure,foreachcommunicationchannelwithanauthorizedITentityintests1and2,thechanneldataisnotsentinplaintext.Toperformthistest,Theevaluatorshalluseasnifferandapacketanalyzer.ThepacketanalyzermustindicatethattheprotocolinuseisTLS.
5.3TOESecurityFunctionalRequirementsRationaleThefollowingrationaleprovidesjustificationforeachsecurityobjectivefortheTOE,showingthattheSFRsaresuitabletomeetandachievethesecurityobjectives:
Table2:SFRRationaleOBJECTIVE ADDRESSEDBY RATIONALE
O.MANAGEMENT FDP_NOT_EXT.1,FDP_NOT_EXT.2,FMT_MOF_EXT.1 QQQQ
O.PROTECTED_STORAGE FCS_CKM_EXT.3,FCS_CKM_EXT.4,FCS_CKM_EXT.5,FCS_COP_EXT.2,FCS_IVG_EXT.1,FCS_KYC_EXT.1,FCS_NOG_EXT.1,FCS_SAG_EXT.1,FCS_SMC_EXT.1
QQQQ
O.PROTECTED_COMMS FCS_SMIME_EXT.1,FDP_SMIME_EXT.1,FIA_SASL_EXT.1,FIA_X509_EXT.3,FTP_ITC_EXT.1
QQQQ
O.ADDON_INTEGRITY FPT_AON_EXT.1,FPT_AON_EXT.2 QQQQ
6ConsistencyRationale
6.1ProtectionProfileforApplicationSoftware
6.1.1ConsistencyofTOETypeIfthisPP-ModuleisusedtoextendtheApSoPP,theTOEtypefortheoverallTOEisstillanSoftware-basedApplication.TheTOEboundaryissimplyextendedtoincludetheEmailClientfunctionalitythatisbuiltintotheApplicationsothatadditionalsecurityfunctionalityisclaimedwithinthescopeoftheTOE.
6.1.2ConsistencyofSecurityProblemDefinition
PP-ModuleThreat,Assumption,OSP ConsistencyRationale
T.FLAWED_ADDON Thethreatofauserinstallingaflawedaddonisconsistentwith.
6.1.3ConsistencyofObjectivesTheobjectivesfortheTOEsareconsistentwiththeApplicationSoftwarePPbasedonthefollowingrationale:
PP-ModuleTOEObjective ConsistencyRationale
O.MANAGEMENT QQQQ
O.PROTECTED_STORAGE QQQQ
O.PROTECTED_COMMS QQQQ
O.ADDON_INTEGRITY QQQQ
ThisPP-ModuledoesnotdefineanyobjectivesfortheTOE'soperationalenvironment.TheobjectivesfortheTOE'sOperationalEnvironmentareconsistentwiththeApplicationSoftwarePPbasedonthefollowingrationale:
PP-ModuleOperationalEnvironmentObjective ConsistencyRationale
OE.PLACEHOLDER
6.1.4ConsistencyofRequirementsThisPP-ModuleidentifiesseveralSFRsfromtheApplicationSoftwarePPthatareneededtosupportEmailClientsfunctionality.ThisisconsideredtobeconsistentbecausethefunctionalityprovidedbytheApplicationSoftwarePPisbeingusedforitsintendedpurpose.TherationaleforwhythisdoesnotconflictwiththeclaimsdefinedbytheApplicationSoftwarePPareasfollows:
PP-ModuleRequirement ConsistencyRationale
ModifiedSFRs
ThisPP-ModuledoesnotmodifyanyrequirementswhentheApplicationSoftwarePPisthebase.
MandatorySFRs
FCS_SMIME_EXT.1 ThisSFRdefineshowemailmessagesareformattedwhensentandreceivedbytheclient.ItdoesnotimpacttheApSoPPfunctionality.
FCS_CKM_EXT.3 ThisSFRdefineshowkeysandkeymaterialaresavedbytheemailclient.ItdoesnotimpacttheApSoPPfunctionality.
FCS_CKM_EXT.4 ThisSFRdefineshowemailmessagesareformatedwhensentandreceivedbytheclient.ItdoesnotimpacttheApSoPPfunctionality.
FCS_KYC_EXT.1 ThisSFRdefineshowemailclientsmaintainkeychains.ItdoesnotimpacttheApSoPPfunctionality.
FDP_NOT_EXT.1 ThisSFRdefinesthebehavioranemailclientexhibitswhenamessageisreceived.ItdoesnotimpacttheApSoPPfunctionality.
FDP_SMIME_EXT.1 ThisSFRdefinestheformatanemailclientshalluseasoutputforcryptographicoperations.ItdoesnotimpacttheApSoPPfunctionality.
FIA_X509_EXT.3 ThisSFRdefinestheformatanemailclientshalluseforcertificatestoperformencryptionandauthentication.ItdoesnotimpacttheApSoPPfunctionality.
FMT_MOF_EXT.1 ThisSFRdefinesaspecificsetofmanagementfunctionsforanemailclient.ItdoesnotimpacttheApSoPPfunctionality.
FPT_AON_EXT.1 ThisSFRdefineswhattypesofpluginsanemailclientmayuse.ItdoesnotimpacttheApSoPPfunctionality.
FTP_ITC_EXT.1 ThisSFRdefineswhichchannelsforanemailclientmustbeconsideredtrusted.ItdoesnotimpacttheApSoPPfunctionality.
OptionalSFRs
FCS_CKM_EXT.5
FCS_SAG_EXT.1 ThisSFRdefineshowclientsgeneratesaltsforcryptographicoperations.ItdoesnotimpactfunctionalitydescribedbytheBase-PP.
FCS_NOG_EXT.1 ThisSFRdefineshowclientsgeneratenoncesforcryptographicoperations.ItdoesnotimpactfunctionalitydescribedbytheBase-PP.
FCS_IVG_EXT.1 ThisSFRdefineshowclientsgenerateIVsforcryptographicoperations.ItdoesnotimpactfunctionalitydescribedbytheBase-PP.
FDP_NOT_EXT.2 ThisSFRdefineshowclientsdisplayURIsinembeddedlinksItdoesnotimpactfunctionalitydescribedbytheBase-PP.
FDP_PST_EXT.1 ThisSFRdefineshowclientsdisplayURIsinembeddedlinksItdoesnotimpact
functionalitydescribedbytheBase-PP.
FDP_REN_EXT.1 ThisSFRdefinesfunctionalitytodisplaymessagecontent.ItdoesnotimpactfunctionalitydescribedbytheBase-PP.
Selection-basedSFRs
FCS_COP_EXT.2 ThisSFRdefineshowclientswrapkeys.ItdoesnotimpactfunctionalitydescribedbytheBase-PP.
FCS_SMC_EXT.1 ThisSFRdefineshowclientscombinekeys.ItdoesnotimpactfunctionalitydescribedbytheBase-PP.
FIA_SASL_EXT.1 ThisSFRdefinesanalternatemethodoftransmittingmessagess.ItdoesnotimpactfunctionalitydescribedbytheBase-PP.
FPT_AON_EXT.2 ThisSFRdefineshowemailclientstoverifyAdd-Ons.ItdoesnotimpactfunctionalitydescribedbytheBase-PP.
ObjectiveSFRs
ThisPP-ModuledoesnotdefineanyObjectiverequirements.
Implementation-DependentSFRs
ThisPP-ModuledoesnotdefineanyImplementation-Dependentrequirements.
AppendixA-OptionalSFRs
A.1StrictlyOptionalRequirements
A.1.1CryptographicSupport(FCS)
FCS_CKM_EXT.5CryptographicKeyDerivation(Password/PassphraseConditioning)FCS_CKM_EXT.5.1
Apassword/passphraseusedtogenerateapasswordauthorizationfactorshallenableupto[assignment:positiveintegerof64ormore]charactersinthesetof[selection:
uppercasecharacters,lowercasecharacters,numbers,specialcharacters:!,@,#,$,%,^,&,*,(,),[assignment:othersupportedspecialcharacters]
]andshallperform[Password-basedKeyDerivationFunctions]inaccordancewithaspecifiedcryptographicalgorithm[selection:
HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512
]with[assignment:positiveintegerof4096ormore]iterations,andoutputcryptographickeysizesof[selection:
128bits,256bits
]thatmeetNISTSP800-132.
ApplicationNote:Thepassword/passphraseisrepresentedonthehostmachineasasequenceofcharacterswhoseencodingdependsontheemailclientandtheunderlyingOS.Thissequencemustbeconditionedintoastringofbitsthatistobeusedasakeyofequivalentsizetotherestofthekeychain.Thispassword/passphrasemustbeconditionedintoastringofbitsthatformsthesubmasktobeusedasinputintoakey.ConditioningcanbeperformedusingoneoftheidentifiedhashfunctionsortheprocessdescribedinNISTSP800-132;themethodusedisselectedbytheSTauthor.SP800-132requirestheuseofapseudo-randomfunction(PRF)consistingofHMACwithanapprovedhashfunction.TheSTauthorselectsthehashfunctionused,alsoincludestheappropriaterequirementsforHMACandthehashfunction.AppendixAofNISTSP800-132recommendssettingtheiterationcountinordertoincreasethecomputationneededtoderiveakeyfromapasswordand,therefore,increasetheworkloadofperformingapasswordrecoveryattack.However,forthisPP-Module,aminimumiterationcountof4096isrequiredinordertoensurethattwelvebitsofsecurityisaddedtothepassword/passphrasevalue.Asignificantlyhighervalueisrecommendedtoensureoptimalsecurity.Therearetwoaspectsofthiscomponentthatrequireevaluation:passwords/passphrasesofthelengthspecifiedintherequirement(atleast64characters)aresupported,andthatthecharactersthatareinputaresubjecttotheselectedconditioningfunction.Theseactivitiesareseparatelyaddressedinthetestsbelow.
EvaluationActivities
FCS_CKM_EXT.5:TSSTheevaluatorshallverifythattheTSSspecifiesthecapabilitythatexiststoacceptpasswords/passphraseswiththeminimumnumberofcharactersspecifiedintheSTinthisassignmentstatement.TheevaluatorshallexaminethepasswordhierarchyTSStoensurethattheformationofallkeysisdescribedandthatthekeysizesmatchthatdescribedbytheSTauthor.TheevaluatorshallcheckthattheTSSdescribesthemethodbywhichthepassword/passphraseisfirstencodedandthenfedtotheSHAalgorithm.Theevaluatorverifiesthatthesettingsforthealgorithm(padding,blocking,etc.)aredescribedandthatthisdescriptionisconsistentwiththecorrespondingselectionsmadeintheSFR.TheevaluatorshallverifythattheTSScontainsadescriptionofhowtheoutputofthehashfunctionisusedtoformthesubmaskthatwillbeinputintothefunction.FortheNISTSP800-132-basedconditioningofthepassword/passphrase,therequiredevaluationactivitieswillbeperformedwhendoingtheEAfortheappropriaterequirements(e.g.FCS_COP.1.1(4)in).Ifanymanipulationofthekeyisperformedinformingthesubmaskthatwillbeusedtoformthekey,theevaluatorshallensurethattheTSSdescribesthisprocess.Noexplicittestingoftheformationofthesubmaskfromtheinputpasswordisrequired.
TheevaluatorshallverifythattheiterationcountforPBKDFsperformedbytheemailclientcomplywithNISTSP800-132byensuringthattheTSScontainsadescriptionoftheestimatedtimerequiredtoderivekeymaterialfrompasswordsandhowtheemailclientincreasesthecomputationtimeforpassword-basedkeyderivation(includingbutnotlimitedtoincreasingtheiterationcount).
GuidanceTheevaluatorshallchecktheoperationalguidancetodeterminethatitincludesguidanceonhowtogeneratelargepasswords/passphrasesexternaltotheemailclientandinstructionsforhowtoconfigurethepassword/passphraselengthandoptionalcomplexitysettings(notetoManagementsection).Thisisimportantbecausemanydefaultsettingsforpasswords/passphraseswillnotmeetthenecessaryentropyneededasspecifiedinthisPP-Module.
TestsTheevaluatorshallperformthefollowingtests:
Test1:Theevaluatorshallensurethattheemailclientsupportspasswords/passphrasesof
exactly64characters.Test2:Theevaluatorshallensurethattheemailclientsupportsapassword/passphrasewithlessthan64characters.Test3:[Conditional:theemailclientsupportsamaximumcharacterlengthgreaterthan64characters]Theevaluatorshallensurethattheemailclientacceptspassword/passphrasesuptothemaximumcharacterlengthandnolarger.
Noexplicittestingoftheformationoftheauthorizationfactorfromtheinputpassword/passphraseisrequired.
FCS_SAG_EXT.1CryptographicSaltGenerationFCS_SAG_EXT.1.1
Theemailclientshallonlyusesaltsthataregeneratedbya[selection:RNGasspecifiedinFCS_RBG_EXT.1,RNGprovidedbythehostplatform
]
ApplicationNote:Thesaltmustberandom.
EvaluationActivities
FCS_SAG_EXT.1:TSSTheevaluatorshallensuretheTSSdescribeshowsaltsaregenerated.TheevaluatorshallconfirmthatthesaltisgeneratedusingandescribedinFCS_RBG_EXT.1inorbytheOperationalEnvironment.Ifanexternalfunctionisusedforthispurpose,theevaluatorshallensurethatheTSSreferencesthespecificAPIthatiscalledwithinputs.Iftheemailclientisrelyingonrandombitgenerationfromthehostplatform,theevaluatorshallverifythattheTSSincludesthename/manufactureroftheexternalRBGanddescribesthefunctioncallandparametersusedwhencallingtheexternalDRBGfunction.IfdifferentexternalRBGsareusedfordifferentplatforms,theevaluatorshallensurethattheTSSidentifieseachRBGforeachplatform.ForallcaseswheretheTSFreliesonanexternalDRBG,theevaluatorshallensurethattheTSSincludesashortdescriptionoftheTOEdeveloper'sassumptionfortheamountofentropythatisusedtoseedtheexternalDRBG.
GuidanceTherearenoguidanceEAsforthiscomponent.
TestsTherearenotestEAsforthiscomponent.
FCS_NOG_EXT.1CryptographicNonceGenerationFCS_NOG_EXT.1.1
Theemailclientshallonlyuseuniquenonceswithaminimumsizeof[64]bits.
ApplicationNote:Noncesmustbeunique.
EvaluationActivities
FCS_NOG_EXT.1:TSSTheevaluatorshallverifythattheTSSdescribeshowuniquenoncesarecreated.GuidanceTherearenoguidanceEAsforthiscomponent.
TestsTherearenotestEAsforthiscomponent.
FCS_IVG_EXT.1InitializationVectorGenerationFCS_IVG_EXT.1.1
TheemailclientshallcreateIVsinthefollowingmanner:[selection:CBC:IVsshallbenon-repeating,CCM:IVshallbenon-repeating,XTS:NoIV.Tweakvaluesshallbenon-negativeintegers,assignedconsecutively,andstartingatanarbitrarynon-negativeinteger,GCM:IVshallbenon-repeating.ThenumberofinvocationsofGCMshallnotexceed2^32foragivensecretkey.
]
ApplicationNote:FCS_IVG_EXT.1.1specifieshowtheIVshouldbehandledforeachencryptionmode.CBC,XTS,andGCMareallowedforAESencryptionofthedata.AES-CCMisanallowedmodeforKeyWrapping.
EvaluationActivities
FCS_IVG_EXT.1:TSSTheevaluatorshallensuretheTSSdescribeshowIVsandtweaksarehandled(basedontheAESmode).TheevaluatorshallconfirmthattheIVsandtweaksmeetthestatedrequirements.IftheplatformprovidestheIVgeneration,thenTheevaluatorshallexaminetheTSStoverifythatitdescribeshowtheIVgenerationisinvoked.Guidance
TherearenoguidanceEAsforthiscomponent.
TestsTherearenotestEAsforthiscomponent.
A.1.2UserDataProtection(FDP)
FDP_NOT_EXT.2NotificationofURIFDP_NOT_EXT.2.1
TheemailclientshalldisplaythefullUniformResourceIdentifier(URI)ofanyembeddedlinks.
ApplicationNote:EmbeddedlinksareHTMLURIobjectswhichmayhaveatag(suchasaword,phrase,icon,orpicture)thatobfuscatestheURIofthelink.Theintentofthisrequirementistode-obfuscatethelink.TheURImaybedisplayedasa"mouse-over"eventormayberenderednexttothetag.
EvaluationActivities
FDP_NOT_EXT.2:TSSTheevaluatorshallveriftthattheTSSincludesadescriptionofhowembeddedlinksarerenderedandthemethodbywhichtheURIofthelinkisdisplayed.
GuidanceTheevaluatorshallensurethattheoperationalguidanceincludesinstructions(withanyappropriatevisualfigures)forviewingtheURIofanembeddedlink.
TestsTheevaluatorshallsendtheclientanHTMLmessagewithanembeddedlinkwhosetagisnottheURIitself(forexample,"clickhere").Theevaluatorshallviewthemessageand,followingtheinstructionsintheAGDguidance,verifythatthefullURIoftheembeddedlinkisdisplayed.
FDP_PST_EXT.1StorageofPersistentInformationFDP_PST_EXT.1.1
Theemailclientshallbecapableofoperatingwithoutstoringpersistentinformationtotheclientplatformwiththefollowingexceptions:[selection:credentialinformation,administratorprovidedconfigurationinformation,certificaterevocationinformation,noexceptions].
ApplicationNote:Anydatathatpersistsaftertheemailclientcloses,includingtemporaryfiles,isconsideredtobepersistentdata.SatisfyingthisrequirementwouldrequiretheuseofaprotocolsuchasIMAPorMAPI.ItisnotcompatiblewithPOP.
EvaluationActivities
FDP_PST_EXT.1:TSSTheevaluatorshallexaminetheTSStodeterminethatitdescribesallpersistentinformationstoredontheplatform,andthelocationsontheplatformwherethesedataarestored.Theevaluatorshallconfirmthatthepersistentdatadescribedislimitedtothedataidentifiedintheselection.
GuidanceTherearenoguidanceEAsforthiscomponent.
TestsTheevaluatorshalloperatetheemailclientsothatseveralmessages,signed,encrypted,andunsigned,areprocessed.Theevaluatorshallalsoexercisefunctionalitysuchasmovingmessagestofolders,writingunsentdraftsofmessages,etc.,asprovidedbytheclient.TheevaluatorshallthenexaminetheclientplatformtodeterminethattheonlypersistentinformationstoredisthatwhichisidentifiedintheTSS.
FDP_REN_EXT.1RenderingofMessageContentFDP_REN_EXT.1.1
Theemailclientshallhaveaplaintext-onlymodewhichdisablestherenderingandexecutionof[selection:
HTML,JavaScript,[assignment:otherembeddedcontenttypes],noembeddedcontenttypes
].
ApplicationNote:Plaintextonlymodepreventstheautomaticdownloading,renderingandexecutionofimages,externalresourcesandembeddedobjectssuchasHTMLorJavaScriptobjects.FMT_MOF_EXT.1.1addressesconfigurationofthismode.TheSTauthormustidentifyallcontenttypessupportedbytheemailclientthroughselectionsand/orassignments.Iftheemailclientonlysupportsplaintextonlymode,noembeddedcontenttypesshouldbeselected.
EvaluationActivities
FDP_REN_EXT.1:
TSSTheevaluatorshallensurethattheTSSdescribesplaintextonlymodeforsendingandreceivingmessages.TheevaluatorshallverifythattheTSSdescribeswhethertheemailclientiscapableofrenderingandexecutingHTMLorJavaScript.IftheemailclientcanrenderorexecuteHTMLorJavaScript,thisdescriptionshallindicatehowtheemailclienthandlesreceivedmessagesthatcontainHTMLorJavaScriptwhileinplaintextonlymode,andtheevaluatorshallensurethatthedescriptionindicatesthatembeddedobjectsofthesetypesarenotrenderedorexecutedandimages/externalresourcesarenotautomaticallydownloaded.
GuidanceTheevaluatorshallexaminetheoperationalguidanceandverifythatitcontainsinstructionsforenablingplaintextonlymode.TestsTheevaluatorshallperformthefollowingtests:
Test1:[Conditional:HTMLisselectedinFDP_REN_EXT.1.1]TheevaluatorshallsendamessagetotheclientcontainingHTMLembeddedobjectsandshallverifythattheHTMLrenders.TheevaluatorshallthenenableplaintextonlymodeandverifythattheHTMLdoesnotrender.Test2:[Conditional:JavaScriptisselectedinFDP_REN_EXT.1.1]TheevaluatorshallsendamessagetotheclientcontainingJavaScriptembeddedobjectsandshallverifythattheJavaScriptrendersandexecutes.TheevaluatorshallthenenableplaintextonlymodeandverifythattheJavaScriptdoesnotrenderorexecute.
A.2ObjectiveRequirementsThisPP-ModuledoesnotdefineanyObjectiveSFRs.
A.3Implementation-basedRequirementsThisPP-ModuledoesnotdefineanyImplementation-basedSFRs.
AppendixB-Selection-basedRequirementsB.1CryptographicSupport(FCS)
FCS_COP_EXT.2KeyWrappingFCS_COP_EXT.2.1
Theemailclientshall[selection:useplatform-providedfunctionalitytoperformKeyWrapping,implementfunctionalitytoperformKeyWrapping
]inaccordancewithaspecifiedcryptographicalgorithm[selection:AESKeyWrap,AESKeyWrapwithPadding,RSAusingtheKTS-OAEP-basicscheme,RSAusingtheKTS-OAEP-receiver-confirmationscheme,ECCCDH
]andthecryptographickeysize[selection:128bits(AES),256bits(AES),2048(RSA),4096(RSA),256-bitprime,modulus(ECCCDH),384-bitprimemodulus(ECCCDH)
]thatmeetthefollowing:[selection:"NISTSP800-38F"forKeyWrap(section6.2)andKeyWrapwithPadding(section6.3),"NISTSP800-56B"forRSAusingtheKTS-OAEP-basic(section9.2.3)andKTS-OAEP-receiver-confirmation(section9.2.4)scheme,"NISTSP800-56Arev2"forECCCDH(sections5.6.1.2and6.2.2.2)
].
ApplicationNote:Inthefirstselection,theSTauthorchoosestheentitythatperformsthedecryption/encryption.Inthesecondselection,theSTauthorchoosesthemethodusedforencryption:
UsingoneofthetwoAES-basedKeyWrapmethodsspecifiedinNISTSP800-38F;UsingoneofthetwotheKTS-OAEPschemesforRSAasdescribedinNISTSP800-56B(KTSOAEP-basicdescribedinsection9.2.3UsingECCCDHasdescribedinNISTSP800-56Asection6.2.2.2.
Thethirdselectionshouldbemadetoreflectthekeysize.2048/4096isusedfortheRSA-basedschemes,whilethesizeoftheprimemodulusisusedforECC-basedschemes.Supportfor256-bitAESkeysizeswillberequiredforproductsenteringevaluationafterQuarter3,2015.Basedonthemethod(s)selected,thelastselectionshouldbeusedtoselecttheappropriatereference(s).
EvaluationActivities
FCS_COP_EXT.2:TSSTheevaluatorshallexaminetheTSStoensurethatithasahigh-leveldescriptionofhowthekeyisprotectedandmeetstheappropriatespecification.
FCS_SMC_EXT.1KeyCombiningFCS_SMC_EXT.1.1
Theemailclientshallcombinesubmasksusingthefollowingmethod[selection:exclusiveOR(XOR),SHA-256,SHA-512
]togenerateanotherkey.
ApplicationNote:ThisrequirementspecifiesthewaythataproductmaycombinethevarioussubmasksbyusingeitheranXORoranapprovedSHA-hash.
EvaluationActivities
FCS_SMC_EXT.1:TSSIfkeysareXORedtogethertoformanintermediatekey,theevaluatorshallverifythattheTSSdescribeshowthisisperformed(e.g.,ifthereareorderingrequirements,checksperformed,etc.).TheevaluatorshallalsoconfirmthattheTSSdescribeshowthelengthoftheoutputproducedisatleastthesameasthatofthedataencryptionkey.
GuidanceTherearenoguidanceEAsforthiscomponent.
TestsTherearenotestEAsforthiscomponent.
B.2IdentificationandAuthentication(FIA)
FIA_SASL_EXT.1SimpleAuthenticationandSecurityLayer(SASL)FIA_SASL_EXT.1.1
TheemailclientshallimplementsupportforSimpleAuthenticationandSecurity
Layer(SASL)thatcomplieswithRFC4422.
ApplicationNote:SASLisneedediftheemailimplementsSMTPtosendmessages.ClientsthatdonotuseSMTP(e.g.,ActiveSyncorMAPI)wouldnotneedtoimplementsupportforSASL.
FIA_SASL_EXT.1.2TheemailclientshallsupportthePOP3CAPAandAUTHextensionsfortheSASLmechanism.
FIA_SASL_EXT.1.3TheemailclientshallsupporttheIMAPCAPABILITYandAUTHENTICATEextensionsfortheSASLmechanism.
FIA_SASL_EXT.1.4TheemailclientshallsupporttheSMTPAUTHextensionfortheSASLmechanism.
ApplicationNote:InorderforanemailclienttosupportPKIX.509CertificatesforPOP3,IMAPandSMTPasrequiredinthisdocument,theclientmustsupporttheSimpleAuthenticationandSecurityLayer(SASL)authenticationmethodasdescribedinRFC4422,theAUTHandCAPAextensionsforPOP3,asdescribedinRFC5034,theAUTHENTICATIONandCAPABILITYextensionsforIMAP,asdescribedinRFC4959andtheAUTHextensionforSMTP,asdescribedinRFC4954.
EvaluationActivities
FIA_SASL_EXT.1:TSSTheevaluatorshallexaminetheTSStoverifythatitdescribesthedetailsoftheemailclientconnectingtoaMailTransferAgentintermsoftheSASLconnection,alongwithemailclient-specificoptionsorproceduresthatmightnotbereflectedinthespecification.
GuidanceTheevaluatorshallconfirmthattheoperationalguidancecontainsinstructionsforestablishingtheconnectiontotheMailTransferAgent.
TestsTheevaluatorshallalsoperformthefollowingtests:
Test1:Test1:TheevaluatorsshallensurethattheemailclientisabletoinitiatecommunicationsusingPOP,IMAPandSMTPandrequiringSASL,settinguptheconnectionsasdescribedintheoperationalguidanceandensuringthatcommunicationissuccessful.Test2:Test2:Theevaluatorshallensure,foreachcommunicationchannelwithanauthorizedITentityintests1,thatavalidSASLhandshakeisperformed.Toperformthistest,Theevaluatorshalluseasnifferandapacketanalyzer.ThepacketanalyzermustindicatethattheprotocolinuseisSASL.
B.3ProtectionoftheTSF(FPT)
FPT_AON_EXT.2TrustedInstallationandUpdateforAdd-onsFPT_AON_EXT.2.1
Theemailclientshall[selection:providetheability,leveragetheplatform]toprovideameanstocryptographicallyverifyadd-onsusingadigitalsignaturemechanismand[selection:publishedhash,nootherfunctions]priortoinstallationandupdate.
FPT_AON_EXT.2.2Theemailclientshall[selection:providetheability,leveragetheplatform]toquerythecurrentversionoftheadd-on.
FPT_AON_EXT.2.3Theemailclientshallpreventtheautomaticinstallationofadd-ons.
EvaluationActivities
FPT_AON_EXT.2:TSSTheevaluatorshallexaminetheTSStoverifythatitstatesthattheemailclientwillrejectadd-onsfromuntrustedsources.
GuidanceTheevaluatorshallexaminetheoperationalguidancetoverifythatitincludesinstructionsonhowtoconfiguretheemailclientwithtrustedadd-onsources.
TestsTheevaluatorshallperformthefollowingtests:
Test1:Test1:Theevaluatorshallcreateorobtainanadd-onsignedbyatrustedsourceandattempttoinstallit.Theevaluatorverifiesthatthesignatureontheaddonisvalidandthattheadd-oncanbeinstalled.Test2:Test2:Theevaluatorshallcreateorobtainanadd-onsignedwithaninvalidcertificateandattempttoinstallit.Theevaluatorverifiesthatthesignedaddonisrejectedandcannotbeinstalled.Test3:Test3:Theevaluatorshallcreateorobtainanadd-onsignedbyatrustedsource,modifytheaddonwithoutresigningit,andattempttoinstallit.Theevaluatorverifiesthatthesignedadd-onisrejectedandcannotbeinstalled.
AppendixC-Acronyms
Acronym Meaning
AES AdvancedEncryptionStandard
Base-PP BaseProtectionProfile
CBC CipherBlockChaining
CC CommonCriteria
CEM CommonEvaluationMethodology
CMS CryptographicMessageSyntax
CRL CertificateRevocationList
CSP CriticalSecurityParameter
DRBG DeterministicRandomBitGenerator
ECDSA EllipticCurveDigitalSignatureAlgorithm
IETF InternetEngineeringTaskForce
IMAP InternetMessageAccessProtocol
IV InitializationVector
MAPI MessagingApplicationProgrammingInterface
MTA MailTransferAgent
NIST NationalInstituteofStandardsandTechnology
OE OperationalEnvironment
PBKDF Password-BasedKeyDerivationFunction
PDF PortableDocumentFormat
POP PostOfficeProtocol
PP ProtectionProfile
PP-Configuration ProtectionProfileConfiguration
PP-Module ProtectionProfileModule
PRF Pseudo-RandomFunction
RBG RandomBitGenerator
RPC RemoteProcedureCall
S/MIME Secure/MultipurposeInternetMailExtensions
SAR SecurityAssuranceRequirement
SFR SecurityFunctionalRequirement
SMTP SimpleMailTransferProtocol
ST SecurityTarget
TOE TargetofEvaluation
TSF TOESecurityFunctionality
TSFI TSFInterface
TSS TOESummarySpecification
AppendixD-Bibliography
Identifier Title
[CC] CommonCriteriaforInformationTechnologySecurityEvaluation-Part1:IntroductionandGeneralModel,CCMB-2017-04-001,Version3.1Revision5,April2017.Part2:SecurityFunctionalComponents,CCMB-2017-04-002,Version3.1Revision5,April2017.Part3:SecurityAssuranceComponents,CCMB-2017-04-003,Version3.1Revision5,April2017.
[AppPP] ProtectionProfileforApplicationSoftware,Version1.3,March1,2019
[MS-OXCMAPIHTTP]
MessagingApplicationProgrammingInterface(MAPI)ExtensionsforHTTP
[MS-OXCRPC] WireFormatProtocol