NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0697:  Alignment with App PP V1.4 for required NIST curves in FCS_CKM.1/AK

Publication Date

Protection Profiles

Other References

Issue Description

TD0659 modified FCS_CKM.1/AK in the App1.4 PP.  

MODVPNC2.4 modifies the same SFR in Section, but it has not been updated to align with the SFR changes made in TD0659.


The following change is made to FCS_CKM.1/AK in Section in PP_VPNC_V2.4, with strikethrough denoting deletion and underline denoting addition:


The application shall [selection, choose one of:

  • invoke platform-provided functionality,
  • implement functionality

] to generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm 

[ECC schemes] using [“NIST curves” P-256, P-384 and [selection: P-256, P-521, no other curves]] that meet the following:[FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4], and,


  • [FFC schemes] using cryptographic key sizes of [2048-bit or greater] that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS),” Appendix B.1,
  • [FFC schemes] using Diffie-Hellman group 14 that meet the following: RFC 3526, Section 3,
  • [FFC Schemes using “safe-prime” groups] that meet the following: ‘NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography” and [selection: RFC 3526, RFC 7919],
  • [RSA schemes] using cryptographic key sizes of [2048-bit or greater] that meet the following: [FIPS PUB 186-4, “Digital Signature Standard (DSS),” Appendix B.3],
  • no other key generation methods



See issue description.

Site Map              Contact Us              Home