Security Testing and Evaluation Labs

Security Evaluation Laboratory (SEL)

NSA : PKI Registration Authority PP

Sponsor:National Security Agency
Assurance Level:EAL2
Status:Completed
This Protection Profile describes a minimum set of Information Technology (IT) security requirements that must be implemented by any Registration Authority operating in the MISSI Certificate Management Infrastructure.

This Protection Profile is a member of a group of Protection Profiles that cover all the objects that comprise the MISSI Certificate Management Infrastructure. The complete set of Protection Profiles will be for the following objects:

  • Certification Authority, including the Policy Creation Authority (PCA), the Policy Approving Authority (PAA), and the Indirect Certificate Revocation List (CRL) Authority, as defined in the CA PP.
  • Registration Authority, as defined in this document.
  • Clients, including the Relying party end entity and the Subscriber end entity.
  • Repository.
The primary goal of this document is to map as directly as possible the US Department of Defense X.509 Certificate Policy requirements [USDOD_CP] for Registration Authorities to the latest version of the Common Criteria (CC). The primary source documents for this Protection Profile are as follows:
  • the US Department of Defense X.509 Certificate Policy, draft, Version 2.0 [USDOD_CP], and
  • Certification Practices Statement for the Certificate Management Infrastructure of the Defense Information Infrastructure, draft, Version 0.2 [CPS].
The MISSI Key, Privilege and Certificate Management Plan [MISSI MP], Volumes 1 and 2, draft, Version 4.15 has also been used as a source for functional requirements. The TOE is a Registration Authority (RA) that supports a Certification Authority complying with the CA PP, and which complies with US DOD CP.

The TOE is the RA software application (with a database) that depends on an OS for performing Identification & Authentication (and access control) and a crypto-module for performing cryptographic services. Although the PP is written for the RA system, it only includes the functional/assurance components of the RA software application. This is because assumptions were made to reflect that the RA application relies on the OS and crypto-module to perform other services. This approach follows the approach taken for the CA PP.

The RA workstation is trusted only to assemble user information (made unique by the addition of a UID) and forward that information securely to the CA. While the RA may have simpler functionality than the CA, as a MISSI CMI component it must meet the MISSI CMI assurance requirements. The assurance levels for the RA are as follows:

  • For BASIC MISSI CMI assurance level, EAL1
  • For MEDIUM MISSI CMI assurance level, EAL2
  • For HIGH MISSI CMI assurance level, EAL3

Back to SEL Main Page