PP-Module for Virtual Private Network (VPN) Clients Version: 2.3 10 August 2021 National Information Assurance Partnership 1 Table of Contents 1 Introduction .......................................................................................................................................... 4 1.1 Overview ....................................................................................................................................... 4 1.2 Terms ............................................................................................................................................ 4 1.2.1 Common Criteria Terms ........................................................................................................ 4 1.2.2 Technology Terms ................................................................................................................. 5 1.3 Compliant Targets of Evaluation ................................................................................................... 5 1.3.1 TOE Boundary ....................................................................................................................... 6 1.4 Use Cases ...................................................................................................................................... 8 2 Conformance Claims ........................................................................................................................... 11 2.1 CC Conformance ......................................................................................................................... 11 3 Security Problem Description ............................................................................................................. 12 3.1 Threats ........................................................................................................................................ 12 3.2 Assumptions ................................................................................................................................ 13 3.3 Organizational Security Policies .................................................................................................. 14 4 Security Objectives ............................................................................................................................. 15 4.1 Security Objectives for the TOE .................................................................................................. 15 4.2 Security Objectives for the Operational Environment ................................................................ 16 4.3 Security Objectives Rationale ..................................................................................................... 16 5 Security Requirements ........................................................................................................................ 18 5.1 GPOS PP Security Functional Requirements Direction ............................................................... 18 5.1.1 Modified SFRs...................................................................................................................... 18 5.1.2 Additional SFRs .................................................................................................................... 21 5.2 MDF PP Security Functional Requirements Direction................................................................. 22 5.2.1 Modified SFRs...................................................................................................................... 22 5.2.2 Additional SFRs .................................................................................................................... 26 5.3 App PP Security Functional Requirements Direction .................................................................. 26 5.3.1 Modified SFRs...................................................................................................................... 26 5.3.2 Additional SFRs .................................................................................................................... 29 5.4 MDM PP Security Functional Requirements Direction ............................................................... 30 5.4.1 Modified SFRs...................................................................................................................... 30 5.4.2 Additional SFRs .................................................................................................................... 35 5.5 TOE Security Functional Requirements ...................................................................................... 35 5.5.1 Cryptographic Support (FCS) ............................................................................................... 35 5.5.2 User Data Protection (FDP) ................................................................................................. 40 5.5.3 Security Management (FMT) .............................................................................................. 41 5.5.4 Protection of the TSF (FPT) ................................................................................................. 41 5.6 TOE Security Functional Requirements Rationale ...................................................................... 42 5.7 TOE Security Assurance Requirements ....................................................................................... 45 6 Consistency Rationale ......................................................................................................................... 46 6.1 GPOS PP Base .............................................................................................................................. 46 6.1.1 Consistency of TOE Type ..................................................................................................... 46 6.1.2 Consistency of Security Problem Definition ........................................................................ 46 6.1.3 Consistency of Objectives ................................................................................................... 46 6.1.4 Consistency of Requirements ............................................................................................. 47 2 6.2 MDF PP Base ............................................................................................................................... 48 6.2.1 Consistency of TOE Type ..................................................................................................... 48 6.2.2 Consistency of Security Problem Definition ........................................................................ 48 6.2.3 Consistency of Objectives ................................................................................................... 49 6.2.4 Consistency of Requirements ............................................................................................. 50 6.3 App PP Base ................................................................................................................................ 51 6.3.1 Consistency of TOE Type ..................................................................................................... 51 6.3.2 Consistency of Security Problem Definition ........................................................................ 51 6.3.3 Consistency of Objectives ................................................................................................... 52 6.3.4 Consistency of Requirements ............................................................................................. 52 6.4 MDM PP Base .............................................................................................................................. 54 6.4.1 Consistency of TOE Type ..................................................................................................... 54 6.4.2 Consistency of Security Problem Definition ........................................................................ 54 6.4.3 Consistency of Objectives ................................................................................................... 55 6.4.4 Consistency of Requirements ............................................................................................. 55 A. Optional Requirements ....................................................................................................................... 58 A.1 Strictly Optional Requirements ................................................................................................... 58 A.2 Objective Requirements ............................................................................................................. 58 A.2.1 Security Audit (FAU) ............................................................................................................ 58 A.3 Implementation-Dependent Requirements ............................................................................... 60 A.3.1 User Data Protection (FDP) ................................................................................................. 60 B. Selection-Based Requirements ........................................................................................................... 61 B.1 Identification and Authentication (FIA) ...................................................................................... 61 C. Extended Component Definitions ....................................................................................................... 63 C.1 Background and Scope ...............................................................................................................