Security Testing and Evaluation Labs

NSA : PKI Certification Authority PP

The primary goal of this document is to map as directly as possible the US Department of Defense X.509 Certificate Policy requirements [USDOD_CP] to the latest version of the Common Criteria (CC). Hence, the primary source documents for this Protection Profile are the US Department of Defense X.509 Certificate Policy, draft, Version 0.9.1 [USDOD_CP], and the Certification Practices Statement for the Certificate Management Infrastructure of the Defense Information Infrastructure, draft, Version 0.2 [CPS].

The TOE is a Certification Authority (CA) that complies with US DOD CP. The general term CA refers to the following entities:

• Policy Approving Authority (PAA)
• Policy Creation Authority (PCA)
• Certification Authority (CA)
• Indirect Certification Revocation List Authority (ICRLA)

The TOE is a CA software application (with a database) that depends on an OS for performing Identification & Authentication (and access control) and a cryptomodule for performing cryptographic services. Although the PP is written for the CA system, it only includes the functional/assurance components of the CA software application because assumptions were made to reflect that the CA application relies on the OS and cryptomodule to perform other services.

The CA will be of any MISSI CMI assurance level, and the differing requirements for the different assurance levels will be specified. The MISSI CMI assurance level defined here for the CA is associated with the US DOD Certificate Policy and is different from the Common Criteria notion of assurance. To distinguish the two notions of assurance, this document hereafter refers to the assurance level associated with the US DOD Certificate Policy as "MISSI CMI assurance level". For more information on MISSI CMI assurance levels, see Section 2.3.