Several SFRs were updated in the CPP_ND_V3.0E that must be updated in MOD_VPNGW_V1.3 to maintain compatibility.

The following is added to the bulleted list of Base-PPs in Section 1.1 Overview of MOD_VPNGW_V1.3:

• collaborative Protection Profile for Network Devices, Version 3.0E (NDcPP or CPP_ND_V3.0E)

The following is added to the bulleted list of Base-PPs in Section 1.1 Technology Area and Scope of Supporting Document of MOD_VPNGW_V1.3-SD:

• Network Device, version 3.0e

The Application Note for FCS_IPSEC_EXT.1.5 in Section 5.1.1.1 of MOD_VPNGW_V1.3 is modified as follows, with green highlighted underlines denoting additions:

Application Note: This element is unchanged from its definition in the Base-PP when CPP_ND_V2.2E is used. When CPP_ND_V3.0E is the Base-PP, the element in Section 5.1.2.1 should be used, instead.

FCS_IPSEC_EXT.1.13 in Section 5.1.1.1 of MOD_VPNGW_V1.3 is modified as follows, with green highlighted underlines denoting that the text has been bolded:

FCS_IPSEC_EXT.1.13

The TSF shall ensure that [selection: IKEv1, IKEv2] protocols perform peer authentication using [selection: RSA, ECDSA] that use X.509v3 certificates that conform to RFC 4945 and [selection: Pre-shared Keys that conform to RFC 8784, Pre-shared Keys transmitted via EAP-TTLS, EAP-TLS, no other method].

The Application Note for FPT_TST_EXT.1.1 in Section 5.1.1.4 of MOD_VPNGW_V1.3 is modified as follows, with green highlighted underlines denoting additions:

Application Note: This SFR is modified from its definition in the NDcPP by requiring noise source health tests to be performed regardless of what other testing is claimed. It is expected that the behavior of this testing will be described in the entropy documentation. Other self-tests may be defined at the ST author’s discretion; note that the Application Note in the NDcPP regarding what other self-tests are expected is still applicable here. When CPP_ND_V3.0E is the Base-PP, the element in Section 5.1.2.2 should be used, instead.

The Application Note for FPT_TUD_EXT.1.3 in Section 5.1.1.4 of MOD_VPNGW_V1.3 is modified as follows, with green highlighted underlines denoting additions:

Application Note: The NDcPP provides an option for how firmware/software updates can be verified but this PP-Module requires the digital signature method to be selected at minimum. Note that all other options specified in the NDcPP for this component are permitted so it is possible for the TSF to use code signing certificates to validate updates, in which case FPT_TUD_EXT.2 from the Base-PP is also included in the ST. When CPP_ND_V3.0E is the Base-PP, the element in Section 5.1.2.2 should be used, instead.

 Section 5.1.2 Further Modified SFRs and its associated subsections are added to MOD_VPNGW_V1.3 as follows:

5.1.2 Further Modified SFRs

The SFRs listed in this section are defined in the NDcPP V3.0E and relevant to the secure operation of the TOE. SFRs in this section must be used in lieu of their counterparts in Section 5.1.1 when CPP_ND_V3.0E is used as the Base PP. When not further refined in this section, SFRs listed in section 5.1.1 should be used as-is.

5.1.2.1 Cryptographic Support (FCS)

FCS_IPSEC_EXT.1 IPsec Protocol

FCS_IPSEC_EXT.1.5
The TSF shall implement the protocol: [selection:

• IKEv1, using Main Mode for Phase 1 exchanges, as defined in RFCs 2407, 2408, 2409, RFC 4109, [selection: no other RFCs for extended sequence numbers, RFC 4304 for extended sequence numbers ] and [selection: no other RFCs for hash functions, RFC 4868 for hash functions ]

• IKEv2 as defined in RFC 7296 [selection, choose one of: with no support for NAT traversal, with mandatory support for NAT traversal as specified in RFC 7296, section 2.23 ] and [selection: no other RFCs for hash functions, RFC 4868 for hash functions ]
].

5.1.2.2 Protection of the TSF (FPT)

FPT_TST_EXT.1 TSF Testing

FPT_TST_EXT.1.1
The TSF shall run a suite of the following self-tests:

• During initial start-up (on power on) to verify the integrity of the TOE firmware and software;
• Prior to providing any cryptographic service and [selection: at no other time, on-demand, continuously, [assignment: conditions under which self-tests should occur]] to verify correct operation of cryptographic implementation necessary to fulfil the TSF;
• [selection: no other, start-up, on-demand, continuous, at the conditions [assignment: conditions under which self-tests should occur]] self-tests [assignment: 'list an identifier for each self-test that is additional to those identified in the first two bullet points'].
to demonstrate the correct operation of the TSF: noise source health tests.

FPT_TST_EXT.1.2

The TSF shall respond to [selection: all failures, [assignment: list of failures detected by self-tests]] by [selection: entering a maintenance mode, rebooting, [assignment: other methods to enter a secure state]].

FPT_TUD_EXT.1 Trusted Update 

FPT_TUD_EXT.1.3
The TSF shall provide means to authenticate firmware/software updates to the TOE using a digital signature mechanism and [selection: X.509 certificate, no other mechanisms ] prior to installing those updates.

See Issue Description.