PP-ModuleforEmailClients

Version:2.02015-06-18

NationalInformationAssurancePartnership

RevisionHistory

Version Date Comment

v1.0 2014-04-01 Release-EmailClientProtectionProfile

v2.0 2021-05-28 UpdateasPP-ModulethatextendstheProtectionProfileforApplicationSoftware

v2.0 2015-06-18 ApplicationSoftwareModuleforEmailClients

Contents

1 Introduction1.1 Overview1.2 Terms1.2.1 CommonCriteriaTerms1.2.2 TechnicalTerms1.3 CompliantTargetsofEvaluation1.4 UseCases2 ConformanceClaims3 SecurityProblemDescription3.1 Threats3.2 Assumptions3.3 OrganizationalSecurityPolicies4 SecurityObjectives4.1 SecurityObjectivesfortheTOE4.2 SecurityObjectivesfortheOperationalEnvironment4.3 SecurityObjectivesRationale5 SecurityRequirements5.1 ApplicationSoftwarePPSecurityFunctionalRequirementsDirection5.1.1 ModifiedSFRs5.2 TOESecurityFunctionalRequirements5.2.1 CryptographicSupport(FCS)5.2.2 UserDataProtection(FDP)5.2.3 IdentificationandAuthentication(FIA)5.2.4 SecurityManagement(FMT)5.2.5 ProtectionoftheTSF(FPT)5.2.6 TrustedPath/Channels(FTP)5.3 TOESecurityFunctionalRequirementsRationale6 ConsistencyRationale6.1 ProtectionProfileforApplicationSoftware6.1.1 ConsistencyofTOEType6.1.2 ConsistencyofSecurityProblemDefinition6.1.3 ConsistencyofObjectives6.1.4 ConsistencyofRequirements

AppendixA- OptionalSFRsA.1 StrictlyOptionalRequirementsA.1.1 CryptographicSupport(FCS)A.1.2 UserDataProtection(FDP)A.2 ObjectiveRequirementsA.3 Implementation-basedRequirementsAppendixB- Selection-basedRequirementsB.1 CryptographicSupport(FCS)B.2 IdentificationandAuthentication(FIA)B.3 ProtectionoftheTSF(FPT)AppendixC- AcronymsAppendixD- Bibliography

1Introduction

1.1OverviewEmailclientsareuserapplicationsthatprovidefunctionalitytosend,receive,accessandmanageemail.Thecomplexityofemailcontentandemailclientshasgrownovertime.ModernemailclientscanrenderHTMLaswellasplaintext,andmayincludefunctionalitytodisplaycommonattachmentformats,suchasAdobePDFandMicrosoftWorddocuments.Someemailclientsallowtheirfunctionalitytobemodifiedbyusersthroughtheadditionofadd-ons.Protocolshavealsobeendefinedforcommunicatingbetweenemailclientsandservers.Someclientssupportmultipleprotocolsfordoingthesametask,allowingthemtobeconfiguredaccordingtoemailserverspecifications.Thecomplexityandrichfeaturesetofmodernemailclientsmakethematargetforattackers,introducingsecurityconcerns.Thisdocumentisintendedtofacilitatetheimprovementofemailclientsecuritybyrequiringuseofoperatingsystemsecurityservices,cryptographicstandards,andenvironmentalmitigations.Additionally,therequirementsinthisdocumentdefineacceptablebehaviorforemailclientsregardlessofthesecurityfeaturesprovidedbytheoperatingsystem.ThisModulealongwiththeProtectionProfileforApplicationSoftware([AppPP])provideabaselinesetofSecurityFunctionalRequirements(SFRs)foremailclientsrunningonanyoperatingsystemregardlessofthecompositionoftheunderlyingplatform.ThetermsemailclientandTOEareinterchangeableinthisdocument.

Figure1:SendingandDeliveringEmailoverTLS

1.2TermsThefollowingsectionslistCommonCriteriaandtechnologytermsusedinthisdocument.

1.2.1CommonCriteriaTerms

Assurance GroundsforconfidencethataTOEmeetstheSFRs[CC].

BaseProtectionProfile(Base-PP)

ProtectionProfileusedasabasistobuildaPP-Configuration.

CommonCriteria(CC)

CommonCriteriaforInformationTechnologySecurityEvaluation(InternationalStandardISO/IEC15408).

CommonCriteriaTestingLaboratory

WithinthecontextoftheCommonCriteriaEvaluationandValidationScheme(CCEVS),anITsecurityevaluationfacility,accreditedbytheNationalVoluntaryLaboratoryAccreditationProgram(NVLAP)andapprovedbytheNIAPValidationBodytoconductCommonCriteria-basedevaluations.

CommonEvaluationMethodology(CEM)

CommonEvaluationMethodologyforInformationTechnologySecurityEvaluation.

DistributedTOE

ATOEcomposedofmultiplecomponentsoperatingasalogicalwhole.

OperationalEnvironment(OE)

HardwareandsoftwarethatareoutsidetheTOEboundarythatsupporttheTOEfunctionalityandsecuritypolicy.

ProtectionProfile(PP)

Animplementation-independentsetofsecurityrequirementsforacategoryofproducts.

ProtectionProfileConfiguration(PP-Configuration)

AcomprehensivesetofsecurityrequirementsforaproducttypethatconsistsofatleastoneBase-PPandatleastonePP-Module.

ProtectionProfileModule(PP-Module)

Animplementation-independentstatementofsecurityneedsforaTOEtypecomplementarytooneormoreBaseProtectionProfiles.

SecurityAssuranceRequirement(SAR)

ArequirementtoassurethesecurityoftheTOE.

SecurityFunctionalRequirement(SFR)

ArequirementforsecurityenforcementbytheTOE.

SecurityTarget(ST)

Asetofimplementation-dependentsecurityrequirementsforaspecificproduct.

TOESecurityFunctionality(TSF)

Thesecurityfunctionalityoftheproductunderevaluation.

TOESummarySpecification(TSS)

AdescriptionofhowaTOEsatisfiestheSFRsinanST.

TargetofEvaluation(TOE)

Theproductunderevaluation.

1.2.2TechnicalTerms

ActiveSync Microsoftprotocolforsynchronizingmessagingandcalendardatabetweenmobileclientsandemailservers.

Add-on Capabilityorfunctionalityaddedtoanapplicationincludingplug-ins,extensionsorothercontrols.

EmailClient Applicationusedtosend,receive,accessandmanageemailprovidedbyanemailserver.ThetermsemailclientandTOEareinterchangeableinthis

document.

InternetMessageAccessProtocol(IMAP)

InternetMessageAccessProtocol-ProtocolforanemailclienttoretrieveemailfromanemailserveroverTCP/IP;IMAP4definedinRFC3501.

MessagingApplicationProgrammingInterface(MAPI)

MessagingApplicationProgrammingInterface-openspecificationusedbyemailclientssuchasMicrosoftOutlookandThunderbird;definedin[MS-OXCMAPIHTTP].

PostOfficeProtocol(POP) ProtocolforanemailclienttoretrieveemailfromanemailserveroverTCP/IP;POP3definedinRFC1939.

RemoteProcedureCall(RPC)

ProtocolusedbyMicrosoftExchangetosend/receiveMAPIcommands;definedin[MS-OXCRPC]MS-OXCRPC.

Secure/MultipurposeInternetMailExtensions(S/MIME)

Usedtosignand/orencryptmessagesattherequestoftheuseruponsendingemailandtoverifydigitalsignatureonasignedmessageuponreceipt.

SimpleMailTransferProtocol(SMTP)

ProtocolforanemailclienttosendemailtoanemailserveroverTCP/IP;SMTPdefinedinRFC5321.

1.3CompliantTargetsofEvaluationTheTargetofEvaluation(TOE)inthisPP-Moduleisanemailclientapplicationrunningonadesktopormobileoperatingsystem.ThisPP-Moduledescribestheextendedsecurityfunctionalityofemailclientsintermsof[CC].AsanextensionoftheApSoPP,itisexpectedthatthecontentofthisPP-ModulewillbeappropriatelycombinedwiththeApSoPPtoincludeselection-basedrequirementsinaccordancewiththeselectionsand/orassignmentsmade,andanyoptionaland/orobjectivecomponentstoincludethefollowingcomponentsatminimum:

FCS_CKM.1(1)FCS_CKM_EXT.1FCS_CKM.2FCS_COP.1(1)FCS_COP.1(2)FCS_COP.1(3)FCS_COP.1(4)FCS_TLSC_EXT.1FIA_X509_EXT.1FIA_X509_EXT.2

AnSTmustidentifytheapplicableversionoftheApSoPPandthisPP-Moduleinitsconformanceclaims.

1.4UseCasesEmailclientsperformtasksassociatedprimarilywiththefollowingusecase.

[USECASE1]Sending,receiving,accessing,managinganddisplayingemailEmailclientsareusedforsending,receiving,viewing,accessing,managingemailincoordinationwithamailserver.EmailclientscanrenderHTMLaswellasplaintext,andcandisplaycommonattachmentformats.

2ConformanceClaimsConformanceStatement

ThisPP-ModuleinheritsexactconformanceasrequiredfromthespecifiedBase-PPandasdefinedintheCCandCEMaddendaforExactConformance,Selection-BasedSFRs,andOptionalSFRs(datedMay2017).ThefollowingPPsandPP-ModulesareallowedtobespecifiedinaPP-ConfigurationwiththisPP-Module.

ProtectionProfileforApplicationSoftware,version1.3

CCConformanceClaimsThisisconformanttoParts2(extended)and3(conformant)ofCommonCriteriaVersion3.1,Revision5.

PPClaimThisdoesnotclaimconformancetoanyProtectionProfile.

PackageClaimThisdoesnotclaimconformancetoanypackages.

ConformanceStatementThisPP-ModuleinheritsexactconformanceasrequiredfromthespecifiedBase-PPandasdefinedintheCCandaddendaforExactConformance,Selection-BasedSFRs,andOptionalSFRs(datedMay2017).

CCConformanceClaimsThisPP-ModuleisconformanttoParts2(extended)and3(extended)ofCommonCriteriaVersion3.1,Release5[CC].

PackageClaimsTherearenopackageclaimsforthisPP-Module.

3SecurityProblemDescriptionThesecurityproblemisdescribedintermsofthethreatsthattheemailclientisexpectedtoaddress,assumptionsabouttheoperationalenvironment,andanyorganizationalsecuritypoliciesthatitisexpectedtoenforce.ThisPP-Moduledoesnotrepeatthethreats,assumptions,andorganizationalsecuritypoliciesidentifiedintheApSoPP,thoughtheyallapplygiventheconformanceandhencedependenceofthisPP-Moduleonit.Togetherthethreats,assumptionsandorganizationalsecuritypoliciesoftheApSoPPandthosedefinedinthisPP-ModuledescribethoseaddressedbyanemailclientastheTargetofEvaluation.Notably,emailclientsareparticularlyatriskfromtheNetworkAttackthreatidentifiedintheAppPP.Attackerscansendmaliciousemailmessagesdirectlytousers,andtheemailclientwillrenderorotherwiseprocessthisuntrustedcontent.

3.1ThreatsThefollowingthreatisspecifictoemailclients,andrepresentsanadditiontothoseidentifiedintheBase-PP.

T.FLAWED_ADDONEmailclientfunctionalitycanbeextendedwithintegrationofthird-partyutilitiesandtools.This

expandedsetofcapabilitiesismadepossibleviatheuseofadd-ons.Thetightintegrationbetweenthebasicemailclientcodeandthenewcapabilitiesthatadd-onsprovideincreasestheriskthatmalefactorscouldinjectseriousflawsintotheemailclientapplication,eithermaliciouslybyanattacker,oraccidentallybyadeveloper.Theseflawsenableundesirablebehaviorsincluding,butnotlimitedto,allowingunauthorizedaccesstosensitiveinformationintheemailclient,unauthorizedaccesstothedevice'sfilesystem,orevenprivilegeescalationthatenablesunauthorizedaccesstootherapplicationsortheoperatingsystem.

3.2AssumptionsThisdocumentdoesnotdefineanyadditionalassumptions.

3.3OrganizationalSecurityPoliciesAnorganizationdeployingtheTOEisexpectedtosatisfytheorganizationalsecuritypolicylistedbelowinadditiontoallorganizationalsecuritypoliciesdefinedbytheclaimedbasePP.ThisdocumentdoesnotdefineanyadditionalOSPs.

4SecurityObjectivesThisPP-ModuleaddsSFRstoobjectivesidentifiedintheBase-PPanddescribesanadditionalobjectivespecifictothisPP-Module.

4.1SecurityObjectivesfortheTOEO.MANAGEMENT

QQQQ

O.PROTECTED_STORAGEQQQQ

O.PROTECTED_COMMSQQQQ

O.ADDON_INTEGRITYToaddressissuesassociatedwithmaliciousorflawedplug-insorextensions,conformantemailclientsimplementmechanismstoensuretheirintegrity.Thisincludesverificationatinstallationtimeandupdate.

4.2SecurityObjectivesfortheOperationalEnvironmentTheOperationalEnvironmentoftheTOEimplementstechnicalandproceduralmeasurestoassisttheTOEincorrectlyprovidingitssecurityfunctionality(whichisdefinedbythesecurityobjectivesfortheTOE).ThesecurityobjectivesfortheOperationalEnvironmentconsistofasetofstatementsdescribingthegoalsthattheOperationalEnvironmentshouldachieve.ThissectiondefinesthesecurityobjectivesthataretobeaddressedbytheITdomainorbynon-technicalorproceduralmeans.TheassumptionsidentifiedinSection3areincorporatedassecurityobjectivesfortheenvironment.Sometextconcerningsecurityobjectives.

OE.PLACEHOLDERplaceholder

4.3SecurityObjectivesRationaleThissectiondescribeshowtheassumptions,threats,andorganizationsecuritypoliciesmaptothesecurityobjectives.

Table1:SecurityObjectivesRationaleThreat,Assumption,orOSP SecurityObjectives Rationale

T.FLAWED_ADDON O.MANAGEMENT QQQQ

5SecurityRequirementsThischapterdescribesthesecurityrequirementswhichhavetobefulfilledbytheproductunderevaluation.ThoserequirementscomprisefunctionalcomponentsfromPart2andassurancecomponentsfromPart3of[CC].Thefollowingconventionsareusedforthecompletionofoperations:

Refinementoperation(denotedbyboldtextorstrikethroughtext):isusedtoadddetailstoarequirement(includingreplacinganassignmentwithamorerestrictiveselection)ortoremovepartoftherequirementthatismadeirrelevantthroughthecompletionofanotheroperation,andthusfurtherrestrictsarequirement.Selection(denotedbyitalicizedtext):isusedtoselectoneormoreoptionsprovidedbythe[CC]instatingarequirement.Assignmentoperation(denotedbyitalicizedtext):isusedtoassignaspecificvaluetoanunspecifiedparameter,suchasthelengthofapassword.Showingthevalueinsquarebracketsindicatesassignment.Iterationoperation:isindicatedbyappendingtheSFRnamewithaslashanduniqueidentifiersuggestingthepurposeoftheoperation,e.g."/EXAMPLE1."

5.1ApplicationSoftwarePPSecurityFunctionalRequirementsDirectionInaPP-ConfigurationthatincludesApplicationSoftwarePP,theTOEisexpectedtorelyonsomeofthesecurityfunctionsimplementedbytheasawholeandevaluatedagainsttheApplicationSoftwarePP.ThefollowingsectionsdescribeanymodificationsthattheSTauthormustmaketotheSFRsdefinedintheApplicationSoftwarePPinadditiontowhatismandatedbySection5.2TOESecurityFunctionalRequirements.

5.1.1ModifiedSFRsThisPP-ModuledoesnotmodifyanySFRsdefinedbytheApplicationSoftwarePP.

5.2TOESecurityFunctionalRequirementsThefollowingsectiondescribestheSFRsthatmustbesatisfiedbyanyTOEthatclaimsconformancetothisPP-Module.TheseSFRsmustbeclaimedregardlessofwhichPP-ConfigurationisusedtodefinetheTOE.

5.2.1CryptographicSupport(FCS)

FCS_SMIME_EXT.1Secure/MultipurposeInternetMailExtensions(S/MIME)FCS_SMIME_EXT.1.1

TheemailclientshallimplementbothasendingandreceivingS/MIMEv3.2AgentasdefinedinRFC5751,usingCMSasdefinedinRFCs5652,5754,and3565.

ApplicationNote:TheRFCsallowforanagenttobeeithersendingorreceiving,ortoincludebothcapabilities.TheintentofthisrequirementistoensurethattheemailclientiscapableofbothsendingandreceivingS/MIMEv3.2messages.

FCS_SMIME_EXT.1.2TheemailclientshalltransmittheContentEncryptionAlgorithmIdentifierforAES-128CBCandAES-256CBCaspartoftheS/MIMEprotocol.

ApplicationNote:AESwasaddedtoCMSasdefinedinRFC3565.

FCS_SMIME_EXT.1.3TheemailclientshallpresentthedigestAlgorithmfieldwiththefollowingMessageDigestAlgorithmidentifiers[selection:id-sha256,id-sha384,id-sha512]andnoothersaspartoftheS/MIMEprotocol.

FCS_SMIME_EXT.1.4TheemailclientshallpresenttheAlgorithmIdentifierfieldwiththefollowingsha256withRSAEncryptionand[selection:

sha384WithRSAEncryption,sha512WithRSAEncryption,ecdsa-with-SHA256,ecdsa-with-sha384,ecdsa-with-sha512

]andnootheralgorithmsaspartoftheS/MIMEprotocol.

ApplicationNote:RFC5751mandatesthatreceivingandsendingagentssupportRSAwithSHA256.ThealgorithmstobetestedintheevaluatedconfigurationarelimitedtothealgorithmsspecifiedintheFCS_SMIME_EXT.1.4selection.Anyotheralgorithmsimplementedthatdonotcomplywiththeserequirementsshouldnotbeincludedinanevaluatedemailclient.

FCS_SMIME_EXT.1.5Theemailclientshallsupportuseofdifferentprivatekeys(andassociatedcertificates)forsignatureandforencryptionaspartoftheS/MIMEprotocol.

FCS_SMIME_EXT.1.6TheemailclientshallonlyacceptasignaturefromacertificatewiththedigitalSignaturebitsetaspartoftheS/MIMEprotocol.

ApplicationNote:ItisacceptabletoassumethatthedigitalSignaturebitissetincaseswherethereisnokeyUsageextension.

FCS_SMIME_EXT.1.7Theemailclientshallimplementmechanismstoretrievecertificatesandcertificaterevocationinformation[selection:foreachsigned/encryptedmessagesent/received,[assignment:frequency]]aspartoftheS/MIMEprotocol.

ApplicationNote:InaccordancewithFIA_X509_EXT.1.1[AppPP],certificaterevocationmayuseCertificateRevocationList(CRL)orOnlineCertificateStatusProtocol(OCSP).Theemailclientcandefinehowthismechanismbehaves,includingwhetheritutilizestheunderlyingOS,butitisrequiredthata

mechanismexistsuchthatrevocationstatusissupportedandsothatcertificatescanberetrievedforsending/receivingmessages.FrequencyisconfigurableinFMT_MOF_EXT.1.1.Inthisrequirement,frequencycanbeinterpretedasaone-timefunctionwithlocalstorage,asaregularlyscheduledretrieval,orasamechanismthatrequiresmanualintervention.Iftheretrievalmechanismisperiodicinnature,thentheSTauthorwillneedtoincludeaniterationofFCSforstorageofrevocationinformation;storageofcertificatesiscoveredinFCS_CKM.Theimportofcertificatesandcertificatechainsisnotincludedinthisrequirement,butiscoveredinFIA_X509andFMT_MOF.

EvaluationActivities

FCS_SMIME_EXT.1:TSSTheevaluatorverifiesthattheversionofS/MIMEimplementedbytheemailclientispresentintheTSS.Theevaluatoralsoverifiesthatthealgorithmssupportedarespecified,andthatthealgorithmsspecifiedarethoselistedforthiscomponent.TheevaluatorverifiesthattheTSSdescribestheContentEncryptionAlgorithmIdentifierandwhethertherequiredbehaviorisperformedbydefaultormaybeconfigured.TheevaluatorverifiesthattheTSSdescribesthedigestAlgorithmandwhethertherequiredbehaviorisperformedbydefaultormaybeconfigured.TheevaluatorverifiesthattheTSSdescribestheAlgorithmIdentifierandwhethertherequiredbehaviorisperformedbydefaultormaybeconfigured.TheevaluatorverifiesthattheTSSdescribestheretrievalmechanismsforbothcertificatesandcertificaterevocationaswellasthefrequencyatwhichthesemechanismsareimplemented.

GuidanceTheevaluatoralsoreviewstheOperationalGuidancetoensurethatitcontainsinstructionsonconfiguringtheemailclientsuchthatitcomplieswiththedescriptionintheTSS.IftheTSSindicatesthatthealgorithmsinFCS_SMIME_EXT.1.2mustbeconfiguredtomeettherequirement,theevaluatorverifiesthattheAGDguidanceincludestheconfigurationofthisID.IftheTSSindicatesthatthealgorithmsinFCS_SMIME_EXT.1.3mustbeconfiguredtomeettherequirement,theevaluatorverifiesthattheAGDguidanceincludestheconfiguration.IftheTSSindicatesthatthealgorithmsinFCS_SMIME_EXT.1.4mustbeconfiguredtomeettherequirement,theevaluatorverifiesthattheAGDguidanceincludestheconfigurationofthisID.IftheTSSindicatesthatthemechanismsinFCS_SMIME_EXT.1.7areconfigurable,theevaluatorverifiesthattheAGDguidanceincludestheconfigurationofthesemechanisms.

TestsTheevaluatorshallperformthetestslistedbelow.ThesetestscanbeperformedinconjunctionwiththetestsspecifiedinFIA_X509_EXT.1(definedintheBase-PP)forcertificate/certificatechainverificationandinFDP_NOT_EXT.1.

Test1:Test1:Theevaluatorbothsendsandreceivesamessagewithnoprotection(nosignatureorencryption)andverifythatthemessageistransmittedproperlyandcanbeviewedatthereceivingagent.Thistransmissioncanbeperformedaspartofanumberofmechanisms;itissufficienttoobservethatthemessagearrivesattheintendedrecipientwiththesamecontentaswhensent.Test2:Test2:TheevaluatorbothsendsandreceivesasignedmessageusingeachofthealgorithmsspecifiedintheSTcorrespondingtotherequirementandverifythatthesignatureisvalidforbothreceivedandsentmessages.Afterverifyingthesignaturesarevalid,theevaluatorsendsasignedmessageusingeachofthealgorithmsspecifiedintheSTanduseamaninthemiddletooltomodifyatleastonebyteofthemessagesuchthatthesignatureisnolongervalid.Thiscanbedonebymodifyingthecontentofthemessageoverwhichthesignatureiscalculatedorbymodifyingthesignatureitself.Theevaluatorverifiesthatthereceivedmessagefailsthesignaturevalidationcheck.Test3:Test3:TheevaluatorbothsendsandreceivesanencryptedmessageusingeachofthealgorithmsspecifiedintheST.Test4:Theevaluatorverifiesthatthecontentsareencryptedintransitandthatthereceivedmessagedecrypts.Test5:Afterverifyingthemessagedecrypts,theevaluatorsendsanencryptedmessageusingeachofthealgorithmsspecifiedintheSTanduseamaninthemiddletooltomodifyatleastonebyteofthemessagesuchthattheencryptionisnolongervalid.Theevaluatorverifiesthatthereceivedmessagefailstodecrypt.Test6:Test4:Theevaluatorbothsendsandreceivesamessagethatisbothsignedandencrypted.Inaddition,theevaluatorusesaman-in-the-middletooltomodifyatleastonebyteofthemessagesuchthattheencryptionandsignaturearenolongervalid.Theevaluatorverifiesthatthereceivedmessagefailstodecrypt,failsthesignaturevalidationcheck,and/orboth.Test7:Test5:TheevaluatorsendsasignedmessagetotheemailclientusingasignaturealgorithmnotsupportedaccordingtothedigestAlgorithmID(e.g.,SHA1).Theevaluatorverifiesthattheemailclientprovidesanotificationthatthecontentscannotbeverifiedbecausethesignaturealgorithmisnotsupported.Test8:Test6:TheevaluatorsendsanencryptedmessagetotheemailclientusinganencryptionalgorithmnotsupportedaccordingtotheAlgorithmIdentifierfield.Theevaluatorverifiesthattheemailclientdoesnotdisplay/decryptthecontentsofthemessage.Test9:Test7:TheevaluatorsendstheemailclientamessagesignedbyacertificatewithoutthedigitalSignaturebitset.Theevaluatorverifiesthattheemailclientnotifiestheuserthatthesignatureisinvalid.Test10:Test8:TheevaluatorsendstheemailclientamessagesignedbyacertificatewithouttheEmailProtectionpurposeintheextendedKeyUsage.Theevaluatorverifiesthattheemailclientnotifiestheuserthatthesignatureisinvalid.Test11:Test9:TheevaluatorverifiesthattheemailclientusesOCSPordownloadstheCRLattheassignedfrequency.

FCS_CKM_EXT.3ProtectionofKeyandKeyMaterialFCS_CKM_EXT.3.1

Theemailclientshall[selection:

notstorekeysinnon-volatilememory,onlystorekeysinnon-volatilememorywhenwrappedasspecifiedinFCS_COP_EXT.2unlessthekeymeetsanyoneoffollowingcriteria:[selection:

TheplaintextkeyisnotpartofthekeychainasspecifiedinFCS_KYC_EXT.1.,Theplaintextkeywillnolongerprovideaccesstotheencrypteddataafterinitialprovisioning,TheplaintextkeyisakeysplitthatiscombinedasspecifiedinFCS_SMC_EXT.1,andtheotherhalfofthekeysplitiseither[selection:wrappedasspecifiedinFCS_COP_EXT.2,derivedandnotstoredinnon-volatilememory],Theplaintextkeyisstoredonanexternalstoragedeviceforuseasanauthorizationfactor,TheplaintextkeyisusedtowrapakeyasspecifiedinFCS_COP_EXT.2thatisalreadywrappedasspecifiedinFCS_COP_EXT.2,Theplaintextkeyisthepublicportionofthekeypair

]].

ApplicationNote:Theplaintextkeystorageinnon-volatilememoryisallowedforseveralreasons.Ifthekeysexistwithinprotectedmemorythatisnotuseraccessibleontheemailclientoroperationalenvironment,theonlymethodsthatallowittoplayasecurityrelevantroleisifitisakeysplitorprovidingadditionallayersofwrappingorencryptiononkeysthathavealreadybeenprotected.

EvaluationActivities

FCS_CKM_EXT.3:TSSTheevaluatorverifiestheTSSforahighleveldescriptionofmethodusedtoprotectkeysstoredinnonvolatilememory.TheevaluatorverifiestheTSStoensureitdescribesthestoragelocationofallkeysandtheprotectionofallkeysstoredinnonvolatilememory.ThedescriptionofthekeychainshallbereviewedtoensureFCS_COP_EXT.2isfollowedforthestorageofwrappedorencryptedkeysinnonvolatilememoryandplaintextkeysinnonvolatilememorymeetoneofthecriteriaforstorage.

GuidanceTherearenoguidanceEAsforthiscomponent.

TestsTherearenotestEAsforthiscomponent.

FCS_CKM_EXT.4CryptographicKeyDestructionFCS_CKM_EXT.4.1

Theemailclientshall[selection:invokeplatform-providedkeydestruction,implementkeydestructionusing[selection:

Forvolatilememory,theerasureshallbeexecutedbyasingledirectoverwrite[selection:

consistingofapseudo-randompatternusingtheemailclient'sRBG,consistingofapseudo-randompatternusingthehostplatform'sRBG,consistingofzeroes

].,Fornon-volatilestorage,theerasureshallbeexecutedby[selection:

single,threeormoretimes

]overwriteofkeydatastoragelocationconsistingof[selection:apseudorandompatternusingtheemailclient'sRBG(asspecifiedinFCS_RBG_EXT.1of[AppPP],apseudo-randompatternusingthehostplatform'sRBG,astaticpattern

]]

]thatmeetthefollowing:[selection:NISTSP800-88,nostandard

]fordestroyingallkeyingmaterialandcryptographicsecurityparameterswhennolongerneeded.

ApplicationNote:Forthepurposesofthisrequirement,keyingmaterialreferstoauthenticationdata,passwords,symmetrickeys,datausedtoderivekeys,etc.Thedestructionindicatedaboveappliestoeachintermediatestorageareaforkey/cryptographiccriticalsecurityparameters(i.e.,anystorage,suchasmemorybuffers,thatisincludedinthepathofsuchdata)uponthetransferofthekey/cryptographiccriticalsecurityparametertoanothermemorylocation.

EvaluationActivities

FCS_CKM_EXT.4:TSSIftheplatformprovidesthekeydestruction,thentheevaluatorexaminestheTSStoverifythatitdescribeshowthekeydestructionfunctionalityisinvoked.

Iftheapplicationinvokeskeydestruction,theevaluatorcheckstoensuretheTSSdescribeseachofthesecretkeys(keysusedforsymmetricencryptionand/ordataauthentication),privatekeys,andCSPsusedtogeneratekey;whentheyarezeroized(forexample,immediatelyafteruse,onsystemshutdown,etc.);andthetypeofzeroizationprocedurethatisperformed(overwritewithzeros,overwritethreetimeswithrandompattern,etc.).Ifdifferenttypesofmemoryareusedtostorethematerialstobeprotected,theevaluatorcheckstoensurethattheTSSdescribesthezeroizationprocedureintermsofthememoryinwhichthedataarestored(forexample,"secretkeysstoredonadrivearezeroizedbyoverwritingoncewithzeros,whilesecretkeysstoredontheinternalharddrivearezeroizedbyoverwritingthreetimeswitharandompatternthatischangedbeforeeachwrite").GuidanceTherearenoguidanceEAsforthiscomponent.

TestsTest1:[conditional:theTSFperformsitsownkeydestruction]Foreachtypeofauthorizationservice,encryptionmodeandencryptionoperation,aknownauthorizationfactor,andchainofkeysmustbeprovidedtotheevaluatorwithanassociatedciphertextdataset(e.g.ifapassphraseisusedtocreateaintermediatekey,thentheciphertextcontainingtheencryptedkeyaswellastheintermediatekeyitselfmustbeprovidedtotheevaluator.)Theevaluatorshallusetheemailclientinconjunctionwithadebuggingorforensicsutilitytoattempttoauthorizethemselves,resultinginthegenerationofakeyordecryptionofakey.TheevaluatorshallascertainfromtheTSSwhatthevendordefinesas"nolongerneeded"andexecutethesequenceofactionsviatheemailclienttoinvokethisstate.Atthispoint,theevaluatorshouldtakeadumpofvolatilememoryandsearchtheretrieveddumpfortheprovidedauthorizationcredentialsorkeys(e.g.ifthepasswordwas"PaSSw0rd",performastringsearchoftheforensicsdumpfor"PaSSw0rd").Theevaluatormustdocumenteachcommand,programoractiontakenduringthisprocess,andmustconfirmthatnoplaintextkeyingmaterialresidesinvolatilememory.Theevaluatormustperformthistestthreetimestoensurerepeatability.Ifduringthecourseofthistestingtheevaluatorfindsthatkeyingmaterialremainsinvolatilememory,theyshouldbeabletoidentifythecause(i.e.executionofthegrepcommandfor"PaSSw0rd"causedafalsepositive)anddocumentthereasonforfailuretocomplywiththisrequirement.Theevaluatorshallrepeatthissametest,butlookingforkeyingmaterialinnonvolatilememory.

FCS_KYC_EXT.1KeyChainingFCS_KYC_EXT.1.1

Theemailclientshallmaintainakeychainof:[selection:one,akeystoredinplatformkeystorage,intermediatekeysoriginatingfrom:[selection:

apasswordasspecifiedinFCS_CKM_EXT.5.1,oneormoreotherauthorizationfactor(s),credentialsstoredinplatformkeystorage

]]tothedataencryption/decryptionkey(s)usingthefollowingmethod(s):[selection:

utilizationoftheplatformkeystorage,utilizationofplatformkeystoragethatperformskeywrapwithaTSFprovidedkey,implementkeywrappingasspecifiedinFCS_COP_EXT.2,implementkeycombiningasspecifiedinFCS_SMC_EXT.1

]whilemaintaininganeffectivestrengthof[selection:128bits,256bits

]

ApplicationNote:KeyChainingisthemethodofusingmultiplelayersofencryptionkeystoultimatelysecurethedataencryptionkey.Thenumberofintermediatekeyswillvary.Thisappliestoallkeysthatcontributetotheultimatewrappingorderivationofthedataencryptionkey;includingthoseinprotectedareas.Thisrequirementalsodescribeshowkeysarestored.

EvaluationActivities

FCS_KYC_EXT.1:TSSTheevaluatorverifiestheTSS*describesahighleveldescriptionofthekeyhierarchyforallauthorizationsmethodsthatareusedtoprotecttheencryptionkeys.TheevaluatorshallexaminetheTSStoensureitdescribesthekeychainindetail.ThedescriptionofthekeychainshallbereviewedtoensureitmaintainsachainofkeysusingkeywrapthatmeetsFCS_COP_EXT.2.TheevaluatorverifiestheTSS*toensurethatitdescribeshowthekeychainprocessfunctions,suchthatitdoesnotexposeanymaterialthatmightcompromiseanykeyinthechain.Ahigh-leveldescriptionshouldincludeadiagramillustratingthekeyhierarchyimplementedanddetailwhereallkeysandkeyingmaterialisstoredorwhatitisderivedfrom.Theevaluatorshallexaminethekeyhierarchytoensurethatatnopointthechaincouldbebrokenwithoutacryptographicexhaustorknowledgeofthekeywithinthechainandtheeffectivestrengthofthedataencryptionkeyismaintainedthroughoutthekeychain.*Ifnecessary,thisinformationcouldbecontainedinaproprietarydocumentandnotappearintheTSS.GuidanceTherearenoguidanceEAsforthiscomponent.

TestsTherearenotestEAsforthiscomponent.

5.2.2UserDataProtection(FDP)

FDP_NOT_EXT.1NotificationofS/MIMEStatusFDP_NOT_EXT.1.1

TheemailclientshalldisplayanotificationoftheS/MIMEstatusofreceivedemailsuponviewing.

ApplicationNote:S/MIMEstatusiswhethertheemailhasbeensignedorencryptedandwhetherthesignatureverifiesandtheassociatedcertificatevalidates.Thisnotificationmustatleastdisplaywhentheemailcontentisviewed.ManyimplementationsalsodisplaytheS/MIMEstatusofeachemailwhenallemailsareviewedasalist.

EvaluationActivities

FDP_NOT_EXT.1:TSSTheevaluatorshallensurethattheTSSdescribesnotificationsofS/MIMEstatus,includingwhetherS/MIMEstatusisalsoindicateduponviewingalistofemails.

GuidanceTheevaluatorverifiesthattheAGDguidanceprovidesadescription(withappropriatevisualfigures)oftheS/MIMEstatusnotification(s),includinghoweachofthefollowingareindicated:encryption,verifiedandvalidatedsignature,andunverifiedandunvalidatedsignature.

TestsTheevaluatorshallperformthefollowingtestsandmayperformtheminconjunctionwiththetestsforFCS_SMIME_EXT.1:

Test1:Test1:Theevaluatorshallsendtheclientanunencryptedandunsignedemailandverifythatnonotificationsarepresentuponviewing.Test2:Test2:Theevaluatorshallsendtheclientanencryptedemailandverifythattheencryptednotificationispresentuponviewing.

Test3:Test3:Theevaluatorshallsendtheclientavalidsignedemailandverifythatthesignednotificationispresentuponviewing.

Test4:Test4:Theevaluatorshallsendtheclientaninvalidsignedemail(forexample,usingacertificatethatdoesnotcontainthecorrectemailaddressoracertificatethatdoesnotchaintotherootstore)andverifythattheinvalidsignaturenotificationispresentuponviewing.

FDP_SMIME_EXT.1S/MIMEFDP_SMIME_EXT.1.1

TheemailclientshalluseS/MIMEtosign,verify,encrypt,anddecryptmail.

ApplicationNote:NotethatthisrequirementdoesnotmandatethatS/MIMEbeusedforallincoming/outgoingmessages,orthattheemailclientautomaticallyencryptand/orsign/verifyallsentorreceivedmessages.ThisrequirementonlyspecifiesthatthemechanismfordigitalsignatureandencryptionmustbeS/MIME.

EvaluationActivities

FDP_SMIME_EXT.1:TSSTheevaluatorshallverifythattheTSScontainsadescriptionoftheS/MIMEimplementationanditsusetoprotectmailfromundetectedmodificationusingdigitalsignaturesandunauthorizeddisclosureusingencryption.TheevaluatorverifiesthattheTSSdescribeswhethersignatureverificationanddecryptionoccuratreceiptorviewingofthemessagecontents,andwhethermessagesarestoredwiththeirS/MIMEenvelopes.

GuidanceTheevaluatorshallensurethattheAGDguidanceincludesinstructionsforconfiguringacertificateforS/MIMEuseandinstructionsforsigningandencryptingemail.

TestsTestsforthiscomponentareperformedinconjunctionwithtestsforFCS_SMIME_EXT.1andFDP_NOT_EXT.1.

5.2.3IdentificationandAuthentication(FIA)

FIA_X509_EXT.3X509AuthenticationandEncryptionFIA_X509_EXT.3.1

TheemailclientshalluseX.509v3certificatesasdefinedbyRFC5280tosupportencryptionandauthenticationforS/MIME.

FIA_X509_EXT.3.2Theemailclientshallpreventtheestablishmentofatrustedcommunicationchannelwhenthepeercertificateisdeemedinvalid.

ApplicationNote:TrustedcommunicationchannelsincludeanyofTLSperformedbytheemailclient.Validityisdeterminedbythecertificatepath,theexpirationdate,andtherevocationstatusinaccordancewithRFC5280.

FIA_X509_EXT.3.3Theemailclientshallpreventtheinstallationofcodeifthecodesigningcertificateisdeemedinvalid.

FIA_X509_EXT.3.4Theemailclientshallpreventtheencryptionofemailiftheemailprotectioncertificateisdeemedinvalid.

FIA_X509_EXT.3.5Theemailclientshallpreventthesigningofemailiftheemailprotectioncertificateisdeemedinvalid.

EvaluationActivities

FIA_X509_EXT.3:TSSTheevaluatorshallchecktheTSStoensurethatitdescribeshowtheemailclientchooseswhichcertificatestousesothattheemailclientcanusethecertificates.TheevaluatorshallexaminetheTSStoconfirmthatitdescribesthebehavioroftheemailclientwhenaconnectioncannotbeestablishedduringthevaliditycheckofacertificateusedinestablishingatrustedchannelandprotectingemail.

GuidanceTheevaluatorshallverifythattheadministrativeguidancecontainsanynecessaryinstructionsforconfiguringtheoperatingenvironmentsothattheemailclientcanusethecertificates.

TestsTheevaluatorshallperformthefollowingtests:

Test1:Test1:TheevaluatorshallperformTest1foreachfunctionlistedinFIA_X509_EXT.2.1inthatrequirestheuseofcertificates.Theevaluatorshalldemonstratethatusingacertificatewithoutavalidcertificationpathresultsinthefunctionfailing.Theevaluatorshallthenloadintotheplatform'srootstoreanycertificatesneededtovalidatethecertificatetobeusedinthefunction,anddemonstratethatthefunctionsucceeds.Test2:Test2:TheevaluatorshalldemonstratethatusingavalidcertificatethatrequirescertificatevalidationcheckingtobeperformedinatleastsomepartbycommunicatingwithanonTOEITentity.Theevaluatorshallthenmanipulatetheenvironmentsothattheemailclientisunabletoverifythevalidityofthecertificate,andobservethattheactionselectedinFIA_X509_EXT.2.2inisperformed.Iftheselectedactionisadministratorconfigurable,thenTheevaluatorshallfollowtheoperationalguidancetodeterminethatallsupportedadministratorconfigurableoptionsbehaveintheirdocumentedmanner.

5.2.4SecurityManagement(FMT)

FMT_MOF_EXT.1ManagementofFunctionsBehaviorFMT_MOF_EXT.1.1

Theemailclientshallbecapableofperformingthefollowingmanagementfunctions,controlledbytheuseroradministratorasshown:

X:MandatoryO:Optional

# ManagementFunction Administrator User

1 Enable/disabledownloadingembeddedobjectsgloballyandby[selection:domain,sender,no

othermethod]

2 Enable/disableplaintextonlymodegloballyandby[selection:domain,sender,noothermethod]

3 Enable/disablerenderingandexecutionofattachmentsgloballyandby[selection:domain,

sender,noothermethod]

4 Enable/disableemailnotifications

5 Configureacertificaterepositoryforencryption

6 Configurewhethertoestablishatrustedchannelordisallowestablishmentiftheemailclient

cannotestablishaconnectiontodeterminethevalidityofacertificate

7 Configuremessagesending/receivingtoonlyusecryptographicalgorithmsdefinedin

FCS_SMIME_EXT.1

8 ConfigureCRLretrievalfrequency

9 Enable/disablesupportforadd-ons

10 Changepassword/passphraseauthenticationcredential

11 Disablekeyrecoveryfunctionality

12 Configurecryptographicfunctionality

13 [assignment:Othermanagementfunctions]

ApplicationNote:Forthesemanagementfunctions,theterm"Administrator"referstotheadministratorofanon-mobiledeviceorthedeviceownerofamobiledevice.TheAdministratorisresponsibleformanagementactivities,includingsettingthepolicythatisappliedbytheenterpriseontheemailclient.TheAdministratorcouldbeactingremotelyandcouldbetheMTAadministratoractingthroughacentralizedmanagementconsoleordashboard.Applicationsusedtoconfigureenterprisepolicyshouldhavetheirownidentificationandauthorizationandadditionalsecurityrequirementstoensurethattheremoteadministrationistrusted.TheintentofthisrequirementistoallowtheAdministratortoconfiguretheemailclientwithapolicythatmaynotbeover-riddenbytheuser.IftheAdministratorhasnotsetapolicyforaparticularfunction,theusermaystill

O O

O O

O O

O O

O O

O O

O O

O O

O O

O O

O O

O O

O O

performthatfunction.Enforcementofthepolicyisdonebytheemailclientitself,ortheemailclientandtheemailclientplatformincoordinationwitheachother.ThefunctiontoconfigurewhethertoestablishatrustedchannelcorrespondstothefunctionalitydescribedinFIA_X509_EXT.2.2([AppPP]).TheAdministratorhastheoptionofacceptingorrejectingallcertificatesthatcannotbevalidated,acceptingagivencertificatethatcannotbevalidated,ornotacceptingagivencertificatethatcannotbevalidated.DependingonthechoicethattheAdministratorhasmadeinFIA_X509_EXT.2.2([AppPP]),thetrustedconnectionwilleitherbeallowedforallcertificatesthatcannotbevalidated,disallowedforallcertificatesthatcannotbevalidated,allowedforagivencertificatethatcannotbevalidated,ordisallowedforagivencertificatethatcannotbevalidated.Ifpasswordorpassphraseauthorizationfactorsareimplementedbytheemailclient,thentheappropriate"change"selectionmustbeincluded.Iftheemailclientprovidesconfigurabilityofthecryptographicfunctions(forexample,keysize),eveniftheconfigurationistheformofparametersthatmaybepassedtocryptographicfunctionalityimplementontheemailclientplatform,then"configurecryptographicfunctionality"willbeincluded,andthespecificsofthefunctionalityofferedcaneitherbewritteninthisrequirementasbulletpoints,orincludedintheTSS.Iftheemailclientdoesincludeakeyrecoveryfunction,theemailclientmustprovidethecapabilityfortheusertoturnthisfunctionalityoffsothatnorecoverykeyisgeneratedandnokeysarepermittedtobeexported.

EvaluationActivities

FMT_MOF_EXT.1:TheevaluationactivitiesforthiscomponentwillbedrivenbytheselectionsmadebytheSTauthor.IfacapabilityisnotselectedintheST,thenotedevaluationactivitydoesnotneedtobeperformed.TSSTheevaluatorshallverifythattheTSSdescribesthosemanagementfunctionswhichmayonlybeconfiguredbytheemailclientplatformadministratorandcannotbeoverriddenbytheuserwhensetaccordingtopolicy.ChangePassword:TheevaluatorshallexaminetheOperationalGuidancetoensurethatitdescribeshowthepassword/passphrase-basedauthorizationfactoristobechanged.DisableKeyRecovery:Iftheemailclientsupportskeyrecovery,thismustbestatedintheTSS.TheTSSshallalsodescribehowtodisablethisfunctionality.Thisincludesadescriptionofhowtherecoverymaterialisprovidedtotherecoveryholder.CryptographicConfiguration:TheevaluatorshalldeterminefromtheTSSforotherrequirements(FCS_*)whatportionsofthecryptographicfunctionalityareconfigurable.

GuidanceTheevaluatorshallexaminetheoperationalguidancetoverifythatitincludesinstructionsforanemailclientplatformadministratortoconfigurethefunctionslistedinFMT_MOF_EXT.1.1.DisableKeyRecovery:Iftheemailclientsupportskeyrecovery,theguidancefordisablingthiscapabilityshallbedescribedintheAGDdocumentation.CryptographicConfiguration:TheevaluatorshallreviewtheAGDdocumentationtodeterminethatthereareinstructionsformanipulatingalloftheclaimedmechanisms.

TestsTheevaluatorshallperformthefollowingtests:

Test1:Theevaluatorverifiesthatfunctionsperformasintendedbyenabling,disabling,andconfiguringthefunctions.Test2:Theevaluatorshallsetmanagementfunctionswhicharecontrolledbythe(enterprise)administratorandcannotbeoverriddenbytheuser.Theevaluatorshallapplythesefunctionstotheclient,attempttooverrideeachsettingastheuser,andensurethattheemailclientdoesnotpermitit.Test3:[Conditional:theTSFhasakeyrecoverycapability]Theevaluatorshalldeviseatestthatensuresthatthekeyrecoverycapabilityhasbeenorcanbedisabledfollowingtheguidanceprovidedbythevendor

5.2.5ProtectionoftheTSF(FPT)

FPT_AON_EXT.1SupportforOnlyTrustedAdd-onsFPT_AON_EXT.1.1

Theemailclientshallincludethecapabilitytoload[selection:trustedadd-ons,noadd-ons].

ApplicationNote:FPT_AON_EXT.2dependsupontheselectionmadehere.Iftheemailclientdoesnotincludesupportforinstallingonlytrustedadd-ons,thisrequirementcanbemetbydemonstratingtheabilitytodisableallsupportforadd-onsasspecifiedinFMT_MOF_EXT.1.Cryptographicverification(i.e.,trust)ofadd-onsistestedinFPT_AON_EXT.2.1.

EvaluationActivities

FPT_AON_EXT.1:TSSTheevaluatorshallverifythattheTSSdescribeswhethertheemailclientiscapableofloadingtrustedadd-ons.GuidanceTheevaluatorshallexaminetheoperationalguidancetoverifythatitincludesinstructionsonloadingtrustedadd-onsources.TestsTheevaluatorshallcreateorobtainanuntrustedadd-onandattempttoloadit.Theevaluator

verifiesthattheuntrustedadd-onisrejectedandcannotbeloaded.

5.2.6TrustedPath/Channels(FTP)

FTP_ITC_EXT.1Inter-TSFTrustedChannelFTP_ITC_EXT.1.1

Theemailclientshallinitiateorreceivecommunicationviathetrustedchannel.

FTP_ITC_EXT.1.2Theemailclientshallcommunicateviathetrustedchannelfor[selection:

IMAP,SMTP,POP,MAPIExtensionsforHTTP,MAPI/RPC,ActiveSync,[assignment:otherprotocol(referenceRFCorspecification)]

].

ApplicationNote:FIA_SASL_EXT.1dependsupontheselection(s)madehere.Forexample,ifPOPischosen,thenFIA_SASL_EXT.1mustbeincludedintheST.Selectionsmustincludeatleastonesendingandonereceivingprotocol.Iftheassignmentisused,theSTauthormustalsoincludeareferencefortheprotocol(e.g.,anRFCnumber).

EvaluationActivities

FTP_ITC_EXT.1:TSSTheevaluatorshallexaminetheTSStodeterminethatitdescribesthedetailsoftheemailclientconnectingtoaMailTransferAgentintermsofthetrustedconnection(i.e.,TLS)accordingtoFTP_DIT_EXT.1in,alongwithemailclient-specificoptionsorproceduresthatmightnotbereflectedinthespecification.

GuidanceTheevaluatorshallconfirmthattheoperationalguidancecontainsinstructionsforestablishingtheconnectiontotheMailTransferAgent.

TestsTheevaluatorshallperformthefollowingtests:

Test1:TheevaluatorshallensurethattheemailclientisabletoinitiatecommunicationsusinganyselectedorassignedprotocolsspecifiedintherequirementoverTLS,settinguptheconnectionsasdescribedintheoperationalguidanceandensuringthatcommunicationissuccessful.Test2:TheevaluatorshallensurethattheemailclientisabletoinitiatecommunicationswithaMailTransferAgentusingSMTPandanyassignedprotocolsspecifiedintherequirementoverTLS,settinguptheconnectionsasdescribedintheoperationalguidanceandensuringthatcommunicationissuccessful.Test3:Theevaluatorshallensure,foreachcommunicationchannelwithanauthorizedITentityintests1and2,thechanneldataisnotsentinplaintext.Toperformthistest,Theevaluatorshalluseasnifferandapacketanalyzer.ThepacketanalyzermustindicatethattheprotocolinuseisTLS.

5.3TOESecurityFunctionalRequirementsRationaleThefollowingrationaleprovidesjustificationforeachsecurityobjectivefortheTOE,showingthattheSFRsaresuitabletomeetandachievethesecurityobjectives:

Table2:SFRRationaleOBJECTIVE ADDRESSEDBY RATIONALE

O.MANAGEMENT FDP_NOT_EXT.1,FDP_NOT_EXT.2,FMT_MOF_EXT.1 QQQQ

O.PROTECTED_STORAGE FCS_CKM_EXT.3,FCS_CKM_EXT.4,FCS_CKM_EXT.5,FCS_COP_EXT.2,FCS_IVG_EXT.1,FCS_KYC_EXT.1,FCS_NOG_EXT.1,FCS_SAG_EXT.1,FCS_SMC_EXT.1

QQQQ

O.PROTECTED_COMMS FCS_SMIME_EXT.1,FDP_SMIME_EXT.1,FIA_SASL_EXT.1,FIA_X509_EXT.3,FTP_ITC_EXT.1

QQQQ

O.ADDON_INTEGRITY FPT_AON_EXT.1,FPT_AON_EXT.2 QQQQ

6ConsistencyRationale

6.1ProtectionProfileforApplicationSoftware

6.1.1ConsistencyofTOETypeIfthisPP-ModuleisusedtoextendtheApSoPP,theTOEtypefortheoverallTOEisstillanSoftware-basedApplication.TheTOEboundaryissimplyextendedtoincludetheEmailClientfunctionalitythatisbuiltintotheApplicationsothatadditionalsecurityfunctionalityisclaimedwithinthescopeoftheTOE.

6.1.2ConsistencyofSecurityProblemDefinition

PP-ModuleThreat,Assumption,OSP ConsistencyRationale

T.FLAWED_ADDON Thethreatofauserinstallingaflawedaddonisconsistentwith.

6.1.3ConsistencyofObjectivesTheobjectivesfortheTOEsareconsistentwiththeApplicationSoftwarePPbasedonthefollowingrationale:

PP-ModuleTOEObjective ConsistencyRationale

O.MANAGEMENT QQQQ

O.PROTECTED_STORAGE QQQQ

O.PROTECTED_COMMS QQQQ

O.ADDON_INTEGRITY QQQQ

ThisPP-ModuledoesnotdefineanyobjectivesfortheTOE'soperationalenvironment.TheobjectivesfortheTOE'sOperationalEnvironmentareconsistentwiththeApplicationSoftwarePPbasedonthefollowingrationale:

PP-ModuleOperationalEnvironmentObjective ConsistencyRationale

OE.PLACEHOLDER

6.1.4ConsistencyofRequirementsThisPP-ModuleidentifiesseveralSFRsfromtheApplicationSoftwarePPthatareneededtosupportEmailClientsfunctionality.ThisisconsideredtobeconsistentbecausethefunctionalityprovidedbytheApplicationSoftwarePPisbeingusedforitsintendedpurpose.TherationaleforwhythisdoesnotconflictwiththeclaimsdefinedbytheApplicationSoftwarePPareasfollows:

PP-ModuleRequirement ConsistencyRationale

ModifiedSFRs

ThisPP-ModuledoesnotmodifyanyrequirementswhentheApplicationSoftwarePPisthebase.

MandatorySFRs

FCS_SMIME_EXT.1 ThisSFRdefineshowemailmessagesareformattedwhensentandreceivedbytheclient.ItdoesnotimpacttheApSoPPfunctionality.

FCS_CKM_EXT.3 ThisSFRdefineshowkeysandkeymaterialaresavedbytheemailclient.ItdoesnotimpacttheApSoPPfunctionality.

FCS_CKM_EXT.4 ThisSFRdefineshowemailmessagesareformatedwhensentandreceivedbytheclient.ItdoesnotimpacttheApSoPPfunctionality.

FCS_KYC_EXT.1 ThisSFRdefineshowemailclientsmaintainkeychains.ItdoesnotimpacttheApSoPPfunctionality.

FDP_NOT_EXT.1 ThisSFRdefinesthebehavioranemailclientexhibitswhenamessageisreceived.ItdoesnotimpacttheApSoPPfunctionality.

FDP_SMIME_EXT.1 ThisSFRdefinestheformatanemailclientshalluseasoutputforcryptographicoperations.ItdoesnotimpacttheApSoPPfunctionality.

FIA_X509_EXT.3 ThisSFRdefinestheformatanemailclientshalluseforcertificatestoperformencryptionandauthentication.ItdoesnotimpacttheApSoPPfunctionality.

FMT_MOF_EXT.1 ThisSFRdefinesaspecificsetofmanagementfunctionsforanemailclient.ItdoesnotimpacttheApSoPPfunctionality.

FPT_AON_EXT.1 ThisSFRdefineswhattypesofpluginsanemailclientmayuse.ItdoesnotimpacttheApSoPPfunctionality.

FTP_ITC_EXT.1 ThisSFRdefineswhichchannelsforanemailclientmustbeconsideredtrusted.ItdoesnotimpacttheApSoPPfunctionality.

OptionalSFRs

FCS_CKM_EXT.5

FCS_SAG_EXT.1 ThisSFRdefineshowclientsgeneratesaltsforcryptographicoperations.ItdoesnotimpactfunctionalitydescribedbytheBase-PP.

FCS_NOG_EXT.1 ThisSFRdefineshowclientsgeneratenoncesforcryptographicoperations.ItdoesnotimpactfunctionalitydescribedbytheBase-PP.

FCS_IVG_EXT.1 ThisSFRdefineshowclientsgenerateIVsforcryptographicoperations.ItdoesnotimpactfunctionalitydescribedbytheBase-PP.

FDP_NOT_EXT.2 ThisSFRdefineshowclientsdisplayURIsinembeddedlinksItdoesnotimpactfunctionalitydescribedbytheBase-PP.

FDP_PST_EXT.1 ThisSFRdefineshowclientsdisplayURIsinembeddedlinksItdoesnotimpact

functionalitydescribedbytheBase-PP.

FDP_REN_EXT.1 ThisSFRdefinesfunctionalitytodisplaymessagecontent.ItdoesnotimpactfunctionalitydescribedbytheBase-PP.

Selection-basedSFRs

FCS_COP_EXT.2 ThisSFRdefineshowclientswrapkeys.ItdoesnotimpactfunctionalitydescribedbytheBase-PP.

FCS_SMC_EXT.1 ThisSFRdefineshowclientscombinekeys.ItdoesnotimpactfunctionalitydescribedbytheBase-PP.

FIA_SASL_EXT.1 ThisSFRdefinesanalternatemethodoftransmittingmessagess.ItdoesnotimpactfunctionalitydescribedbytheBase-PP.

FPT_AON_EXT.2 ThisSFRdefineshowemailclientstoverifyAdd-Ons.ItdoesnotimpactfunctionalitydescribedbytheBase-PP.

ObjectiveSFRs

ThisPP-ModuledoesnotdefineanyObjectiverequirements.

Implementation-DependentSFRs

ThisPP-ModuledoesnotdefineanyImplementation-Dependentrequirements.

AppendixA-OptionalSFRs

A.1StrictlyOptionalRequirements

A.1.1CryptographicSupport(FCS)

FCS_CKM_EXT.5CryptographicKeyDerivation(Password/PassphraseConditioning)FCS_CKM_EXT.5.1

Apassword/passphraseusedtogenerateapasswordauthorizationfactorshallenableupto[assignment:positiveintegerof64ormore]charactersinthesetof[selection:

uppercasecharacters,lowercasecharacters,numbers,specialcharacters:!,@,#,$,%,^,&,*,(,),[assignment:othersupportedspecialcharacters]

]andshallperform[Password-basedKeyDerivationFunctions]inaccordancewithaspecifiedcryptographicalgorithm[selection:

HMAC-SHA-256,HMAC-SHA-384,HMAC-SHA-512

]with[assignment:positiveintegerof4096ormore]iterations,andoutputcryptographickeysizesof[selection:

128bits,256bits

]thatmeetNISTSP800-132.

ApplicationNote:Thepassword/passphraseisrepresentedonthehostmachineasasequenceofcharacterswhoseencodingdependsontheemailclientandtheunderlyingOS.Thissequencemustbeconditionedintoastringofbitsthatistobeusedasakeyofequivalentsizetotherestofthekeychain.Thispassword/passphrasemustbeconditionedintoastringofbitsthatformsthesubmasktobeusedasinputintoakey.ConditioningcanbeperformedusingoneoftheidentifiedhashfunctionsortheprocessdescribedinNISTSP800-132;themethodusedisselectedbytheSTauthor.SP800-132requirestheuseofapseudo-randomfunction(PRF)consistingofHMACwithanapprovedhashfunction.TheSTauthorselectsthehashfunctionused,alsoincludestheappropriaterequirementsforHMACandthehashfunction.AppendixAofNISTSP800-132recommendssettingtheiterationcountinordertoincreasethecomputationneededtoderiveakeyfromapasswordand,therefore,increasetheworkloadofperformingapasswordrecoveryattack.However,forthisPP-Module,aminimumiterationcountof4096isrequiredinordertoensurethattwelvebitsofsecurityisaddedtothepassword/passphrasevalue.Asignificantlyhighervalueisrecommendedtoensureoptimalsecurity.Therearetwoaspectsofthiscomponentthatrequireevaluation:passwords/passphrasesofthelengthspecifiedintherequirement(atleast64characters)aresupported,andthatthecharactersthatareinputaresubjecttotheselectedconditioningfunction.Theseactivitiesareseparatelyaddressedinthetestsbelow.

EvaluationActivities

FCS_CKM_EXT.5:TSSTheevaluatorshallverifythattheTSSspecifiesthecapabilitythatexiststoacceptpasswords/passphraseswiththeminimumnumberofcharactersspecifiedintheSTinthisassignmentstatement.TheevaluatorshallexaminethepasswordhierarchyTSStoensurethattheformationofallkeysisdescribedandthatthekeysizesmatchthatdescribedbytheSTauthor.TheevaluatorshallcheckthattheTSSdescribesthemethodbywhichthepassword/passphraseisfirstencodedandthenfedtotheSHAalgorithm.Theevaluatorverifiesthatthesettingsforthealgorithm(padding,blocking,etc.)aredescribedandthatthisdescriptionisconsistentwiththecorrespondingselectionsmadeintheSFR.TheevaluatorshallverifythattheTSScontainsadescriptionofhowtheoutputofthehashfunctionisusedtoformthesubmaskthatwillbeinputintothefunction.FortheNISTSP800-132-basedconditioningofthepassword/passphrase,therequiredevaluationactivitieswillbeperformedwhendoingtheEAfortheappropriaterequirements(e.g.FCS_COP.1.1(4)in).Ifanymanipulationofthekeyisperformedinformingthesubmaskthatwillbeusedtoformthekey,theevaluatorshallensurethattheTSSdescribesthisprocess.Noexplicittestingoftheformationofthesubmaskfromtheinputpasswordisrequired.

TheevaluatorshallverifythattheiterationcountforPBKDFsperformedbytheemailclientcomplywithNISTSP800-132byensuringthattheTSScontainsadescriptionoftheestimatedtimerequiredtoderivekeymaterialfrompasswordsandhowtheemailclientincreasesthecomputationtimeforpassword-basedkeyderivation(includingbutnotlimitedtoincreasingtheiterationcount).

GuidanceTheevaluatorshallchecktheoperationalguidancetodeterminethatitincludesguidanceonhowtogeneratelargepasswords/passphrasesexternaltotheemailclientandinstructionsforhowtoconfigurethepassword/passphraselengthandoptionalcomplexitysettings(notetoManagementsection).Thisisimportantbecausemanydefaultsettingsforpasswords/passphraseswillnotmeetthenecessaryentropyneededasspecifiedinthisPP-Module.

TestsTheevaluatorshallperformthefollowingtests:

Test1:Theevaluatorshallensurethattheemailclientsupportspasswords/passphrasesof

exactly64characters.Test2:Theevaluatorshallensurethattheemailclientsupportsapassword/passphrasewithlessthan64characters.Test3:[Conditional:theemailclientsupportsamaximumcharacterlengthgreaterthan64characters]Theevaluatorshallensurethattheemailclientacceptspassword/passphrasesuptothemaximumcharacterlengthandnolarger.

Noexplicittestingoftheformationoftheauthorizationfactorfromtheinputpassword/passphraseisrequired.

FCS_SAG_EXT.1CryptographicSaltGenerationFCS_SAG_EXT.1.1

Theemailclientshallonlyusesaltsthataregeneratedbya[selection:RNGasspecifiedinFCS_RBG_EXT.1,RNGprovidedbythehostplatform

]

ApplicationNote:Thesaltmustberandom.

EvaluationActivities

FCS_SAG_EXT.1:TSSTheevaluatorshallensuretheTSSdescribeshowsaltsaregenerated.TheevaluatorshallconfirmthatthesaltisgeneratedusingandescribedinFCS_RBG_EXT.1inorbytheOperationalEnvironment.Ifanexternalfunctionisusedforthispurpose,theevaluatorshallensurethatheTSSreferencesthespecificAPIthatiscalledwithinputs.Iftheemailclientisrelyingonrandombitgenerationfromthehostplatform,theevaluatorshallverifythattheTSSincludesthename/manufactureroftheexternalRBGanddescribesthefunctioncallandparametersusedwhencallingtheexternalDRBGfunction.IfdifferentexternalRBGsareusedfordifferentplatforms,theevaluatorshallensurethattheTSSidentifieseachRBGforeachplatform.ForallcaseswheretheTSFreliesonanexternalDRBG,theevaluatorshallensurethattheTSSincludesashortdescriptionoftheTOEdeveloper'sassumptionfortheamountofentropythatisusedtoseedtheexternalDRBG.

GuidanceTherearenoguidanceEAsforthiscomponent.

TestsTherearenotestEAsforthiscomponent.

FCS_NOG_EXT.1CryptographicNonceGenerationFCS_NOG_EXT.1.1

Theemailclientshallonlyuseuniquenonceswithaminimumsizeof[64]bits.

ApplicationNote:Noncesmustbeunique.

EvaluationActivities

FCS_NOG_EXT.1:TSSTheevaluatorshallverifythattheTSSdescribeshowuniquenoncesarecreated.GuidanceTherearenoguidanceEAsforthiscomponent.

TestsTherearenotestEAsforthiscomponent.

FCS_IVG_EXT.1InitializationVectorGenerationFCS_IVG_EXT.1.1

TheemailclientshallcreateIVsinthefollowingmanner:[selection:CBC:IVsshallbenon-repeating,CCM:IVshallbenon-repeating,XTS:NoIV.Tweakvaluesshallbenon-negativeintegers,assignedconsecutively,andstartingatanarbitrarynon-negativeinteger,GCM:IVshallbenon-repeating.ThenumberofinvocationsofGCMshallnotexceed2^32foragivensecretkey.

]

ApplicationNote:FCS_IVG_EXT.1.1specifieshowtheIVshouldbehandledforeachencryptionmode.CBC,XTS,andGCMareallowedforAESencryptionofthedata.AES-CCMisanallowedmodeforKeyWrapping.

EvaluationActivities

FCS_IVG_EXT.1:TSSTheevaluatorshallensuretheTSSdescribeshowIVsandtweaksarehandled(basedontheAESmode).TheevaluatorshallconfirmthattheIVsandtweaksmeetthestatedrequirements.IftheplatformprovidestheIVgeneration,thenTheevaluatorshallexaminetheTSStoverifythatitdescribeshowtheIVgenerationisinvoked.Guidance

TherearenoguidanceEAsforthiscomponent.

TestsTherearenotestEAsforthiscomponent.

A.1.2UserDataProtection(FDP)

FDP_NOT_EXT.2NotificationofURIFDP_NOT_EXT.2.1

TheemailclientshalldisplaythefullUniformResourceIdentifier(URI)ofanyembeddedlinks.

ApplicationNote:EmbeddedlinksareHTMLURIobjectswhichmayhaveatag(suchasaword,phrase,icon,orpicture)thatobfuscatestheURIofthelink.Theintentofthisrequirementistode-obfuscatethelink.TheURImaybedisplayedasa"mouse-over"eventormayberenderednexttothetag.

EvaluationActivities

FDP_NOT_EXT.2:TSSTheevaluatorshallveriftthattheTSSincludesadescriptionofhowembeddedlinksarerenderedandthemethodbywhichtheURIofthelinkisdisplayed.

GuidanceTheevaluatorshallensurethattheoperationalguidanceincludesinstructions(withanyappropriatevisualfigures)forviewingtheURIofanembeddedlink.

TestsTheevaluatorshallsendtheclientanHTMLmessagewithanembeddedlinkwhosetagisnottheURIitself(forexample,"clickhere").Theevaluatorshallviewthemessageand,followingtheinstructionsintheAGDguidance,verifythatthefullURIoftheembeddedlinkisdisplayed.

FDP_PST_EXT.1StorageofPersistentInformationFDP_PST_EXT.1.1

Theemailclientshallbecapableofoperatingwithoutstoringpersistentinformationtotheclientplatformwiththefollowingexceptions:[selection:credentialinformation,administratorprovidedconfigurationinformation,certificaterevocationinformation,noexceptions].

ApplicationNote:Anydatathatpersistsaftertheemailclientcloses,includingtemporaryfiles,isconsideredtobepersistentdata.SatisfyingthisrequirementwouldrequiretheuseofaprotocolsuchasIMAPorMAPI.ItisnotcompatiblewithPOP.

EvaluationActivities

FDP_PST_EXT.1:TSSTheevaluatorshallexaminetheTSStodeterminethatitdescribesallpersistentinformationstoredontheplatform,andthelocationsontheplatformwherethesedataarestored.Theevaluatorshallconfirmthatthepersistentdatadescribedislimitedtothedataidentifiedintheselection.

GuidanceTherearenoguidanceEAsforthiscomponent.

TestsTheevaluatorshalloperatetheemailclientsothatseveralmessages,signed,encrypted,andunsigned,areprocessed.Theevaluatorshallalsoexercisefunctionalitysuchasmovingmessagestofolders,writingunsentdraftsofmessages,etc.,asprovidedbytheclient.TheevaluatorshallthenexaminetheclientplatformtodeterminethattheonlypersistentinformationstoredisthatwhichisidentifiedintheTSS.

FDP_REN_EXT.1RenderingofMessageContentFDP_REN_EXT.1.1

Theemailclientshallhaveaplaintext-onlymodewhichdisablestherenderingandexecutionof[selection:

HTML,JavaScript,[assignment:otherembeddedcontenttypes],noembeddedcontenttypes

].

ApplicationNote:Plaintextonlymodepreventstheautomaticdownloading,renderingandexecutionofimages,externalresourcesandembeddedobjectssuchasHTMLorJavaScriptobjects.FMT_MOF_EXT.1.1addressesconfigurationofthismode.TheSTauthormustidentifyallcontenttypessupportedbytheemailclientthroughselectionsand/orassignments.Iftheemailclientonlysupportsplaintextonlymode,noembeddedcontenttypesshouldbeselected.

EvaluationActivities

FDP_REN_EXT.1:

TSSTheevaluatorshallensurethattheTSSdescribesplaintextonlymodeforsendingandreceivingmessages.TheevaluatorshallverifythattheTSSdescribeswhethertheemailclientiscapableofrenderingandexecutingHTMLorJavaScript.IftheemailclientcanrenderorexecuteHTMLorJavaScript,thisdescriptionshallindicatehowtheemailclienthandlesreceivedmessagesthatcontainHTMLorJavaScriptwhileinplaintextonlymode,andtheevaluatorshallensurethatthedescriptionindicatesthatembeddedobjectsofthesetypesarenotrenderedorexecutedandimages/externalresourcesarenotautomaticallydownloaded.

GuidanceTheevaluatorshallexaminetheoperationalguidanceandverifythatitcontainsinstructionsforenablingplaintextonlymode.TestsTheevaluatorshallperformthefollowingtests:

Test1:[Conditional:HTMLisselectedinFDP_REN_EXT.1.1]TheevaluatorshallsendamessagetotheclientcontainingHTMLembeddedobjectsandshallverifythattheHTMLrenders.TheevaluatorshallthenenableplaintextonlymodeandverifythattheHTMLdoesnotrender.Test2:[Conditional:JavaScriptisselectedinFDP_REN_EXT.1.1]TheevaluatorshallsendamessagetotheclientcontainingJavaScriptembeddedobjectsandshallverifythattheJavaScriptrendersandexecutes.TheevaluatorshallthenenableplaintextonlymodeandverifythattheJavaScriptdoesnotrenderorexecute.

A.2ObjectiveRequirementsThisPP-ModuledoesnotdefineanyObjectiveSFRs.

A.3Implementation-basedRequirementsThisPP-ModuledoesnotdefineanyImplementation-basedSFRs.

AppendixB-Selection-basedRequirementsB.1CryptographicSupport(FCS)

FCS_COP_EXT.2KeyWrappingFCS_COP_EXT.2.1

Theemailclientshall[selection:useplatform-providedfunctionalitytoperformKeyWrapping,implementfunctionalitytoperformKeyWrapping

]inaccordancewithaspecifiedcryptographicalgorithm[selection:AESKeyWrap,AESKeyWrapwithPadding,RSAusingtheKTS-OAEP-basicscheme,RSAusingtheKTS-OAEP-receiver-confirmationscheme,ECCCDH

]andthecryptographickeysize[selection:128bits(AES),256bits(AES),2048(RSA),4096(RSA),256-bitprime,modulus(ECCCDH),384-bitprimemodulus(ECCCDH)

]thatmeetthefollowing:[selection:"NISTSP800-38F"forKeyWrap(section6.2)andKeyWrapwithPadding(section6.3),"NISTSP800-56B"forRSAusingtheKTS-OAEP-basic(section9.2.3)andKTS-OAEP-receiver-confirmation(section9.2.4)scheme,"NISTSP800-56Arev2"forECCCDH(sections5.6.1.2and6.2.2.2)

].

ApplicationNote:Inthefirstselection,theSTauthorchoosestheentitythatperformsthedecryption/encryption.Inthesecondselection,theSTauthorchoosesthemethodusedforencryption:

UsingoneofthetwoAES-basedKeyWrapmethodsspecifiedinNISTSP800-38F;UsingoneofthetwotheKTS-OAEPschemesforRSAasdescribedinNISTSP800-56B(KTSOAEP-basicdescribedinsection9.2.3UsingECCCDHasdescribedinNISTSP800-56Asection6.2.2.2.

Thethirdselectionshouldbemadetoreflectthekeysize.2048/4096isusedfortheRSA-basedschemes,whilethesizeoftheprimemodulusisusedforECC-basedschemes.Supportfor256-bitAESkeysizeswillberequiredforproductsenteringevaluationafterQuarter3,2015.Basedonthemethod(s)selected,thelastselectionshouldbeusedtoselecttheappropriatereference(s).

EvaluationActivities

FCS_COP_EXT.2:TSSTheevaluatorshallexaminetheTSStoensurethatithasahigh-leveldescriptionofhowthekeyisprotectedandmeetstheappropriatespecification.

FCS_SMC_EXT.1KeyCombiningFCS_SMC_EXT.1.1

Theemailclientshallcombinesubmasksusingthefollowingmethod[selection:exclusiveOR(XOR),SHA-256,SHA-512

]togenerateanotherkey.

ApplicationNote:ThisrequirementspecifiesthewaythataproductmaycombinethevarioussubmasksbyusingeitheranXORoranapprovedSHA-hash.

EvaluationActivities

FCS_SMC_EXT.1:TSSIfkeysareXORedtogethertoformanintermediatekey,theevaluatorshallverifythattheTSSdescribeshowthisisperformed(e.g.,ifthereareorderingrequirements,checksperformed,etc.).TheevaluatorshallalsoconfirmthattheTSSdescribeshowthelengthoftheoutputproducedisatleastthesameasthatofthedataencryptionkey.

GuidanceTherearenoguidanceEAsforthiscomponent.

TestsTherearenotestEAsforthiscomponent.

B.2IdentificationandAuthentication(FIA)

FIA_SASL_EXT.1SimpleAuthenticationandSecurityLayer(SASL)FIA_SASL_EXT.1.1

TheemailclientshallimplementsupportforSimpleAuthenticationandSecurity

Layer(SASL)thatcomplieswithRFC4422.

ApplicationNote:SASLisneedediftheemailimplementsSMTPtosendmessages.ClientsthatdonotuseSMTP(e.g.,ActiveSyncorMAPI)wouldnotneedtoimplementsupportforSASL.

FIA_SASL_EXT.1.2TheemailclientshallsupportthePOP3CAPAandAUTHextensionsfortheSASLmechanism.

FIA_SASL_EXT.1.3TheemailclientshallsupporttheIMAPCAPABILITYandAUTHENTICATEextensionsfortheSASLmechanism.

FIA_SASL_EXT.1.4TheemailclientshallsupporttheSMTPAUTHextensionfortheSASLmechanism.

ApplicationNote:InorderforanemailclienttosupportPKIX.509CertificatesforPOP3,IMAPandSMTPasrequiredinthisdocument,theclientmustsupporttheSimpleAuthenticationandSecurityLayer(SASL)authenticationmethodasdescribedinRFC4422,theAUTHandCAPAextensionsforPOP3,asdescribedinRFC5034,theAUTHENTICATIONandCAPABILITYextensionsforIMAP,asdescribedinRFC4959andtheAUTHextensionforSMTP,asdescribedinRFC4954.

EvaluationActivities

FIA_SASL_EXT.1:TSSTheevaluatorshallexaminetheTSStoverifythatitdescribesthedetailsoftheemailclientconnectingtoaMailTransferAgentintermsoftheSASLconnection,alongwithemailclient-specificoptionsorproceduresthatmightnotbereflectedinthespecification.

GuidanceTheevaluatorshallconfirmthattheoperationalguidancecontainsinstructionsforestablishingtheconnectiontotheMailTransferAgent.

TestsTheevaluatorshallalsoperformthefollowingtests:

Test1:Test1:TheevaluatorsshallensurethattheemailclientisabletoinitiatecommunicationsusingPOP,IMAPandSMTPandrequiringSASL,settinguptheconnectionsasdescribedintheoperationalguidanceandensuringthatcommunicationissuccessful.Test2:Test2:Theevaluatorshallensure,foreachcommunicationchannelwithanauthorizedITentityintests1,thatavalidSASLhandshakeisperformed.Toperformthistest,Theevaluatorshalluseasnifferandapacketanalyzer.ThepacketanalyzermustindicatethattheprotocolinuseisSASL.

B.3ProtectionoftheTSF(FPT)

FPT_AON_EXT.2TrustedInstallationandUpdateforAdd-onsFPT_AON_EXT.2.1

Theemailclientshall[selection:providetheability,leveragetheplatform]toprovideameanstocryptographicallyverifyadd-onsusingadigitalsignaturemechanismand[selection:publishedhash,nootherfunctions]priortoinstallationandupdate.

FPT_AON_EXT.2.2Theemailclientshall[selection:providetheability,leveragetheplatform]toquerythecurrentversionoftheadd-on.

FPT_AON_EXT.2.3Theemailclientshallpreventtheautomaticinstallationofadd-ons.

EvaluationActivities

FPT_AON_EXT.2:TSSTheevaluatorshallexaminetheTSStoverifythatitstatesthattheemailclientwillrejectadd-onsfromuntrustedsources.

GuidanceTheevaluatorshallexaminetheoperationalguidancetoverifythatitincludesinstructionsonhowtoconfiguretheemailclientwithtrustedadd-onsources.

TestsTheevaluatorshallperformthefollowingtests:

Test1:Test1:Theevaluatorshallcreateorobtainanadd-onsignedbyatrustedsourceandattempttoinstallit.Theevaluatorverifiesthatthesignatureontheaddonisvalidandthattheadd-oncanbeinstalled.Test2:Test2:Theevaluatorshallcreateorobtainanadd-onsignedwithaninvalidcertificateandattempttoinstallit.Theevaluatorverifiesthatthesignedaddonisrejectedandcannotbeinstalled.Test3:Test3:Theevaluatorshallcreateorobtainanadd-onsignedbyatrustedsource,modifytheaddonwithoutresigningit,andattempttoinstallit.Theevaluatorverifiesthatthesignedadd-onisrejectedandcannotbeinstalled.

AppendixC-Acronyms

Acronym Meaning

AES AdvancedEncryptionStandard

Base-PP BaseProtectionProfile

CBC CipherBlockChaining

CC CommonCriteria

CEM CommonEvaluationMethodology

CMS CryptographicMessageSyntax

CRL CertificateRevocationList

CSP CriticalSecurityParameter

DRBG DeterministicRandomBitGenerator

ECDSA EllipticCurveDigitalSignatureAlgorithm

IETF InternetEngineeringTaskForce

IMAP InternetMessageAccessProtocol

IV InitializationVector

MAPI MessagingApplicationProgrammingInterface

MTA MailTransferAgent

NIST NationalInstituteofStandardsandTechnology

OE OperationalEnvironment

PBKDF Password-BasedKeyDerivationFunction

PDF PortableDocumentFormat

POP PostOfficeProtocol

PP ProtectionProfile

PP-Configuration ProtectionProfileConfiguration

PP-Module ProtectionProfileModule

PRF Pseudo-RandomFunction

RBG RandomBitGenerator

RPC RemoteProcedureCall

S/MIME Secure/MultipurposeInternetMailExtensions

SAR SecurityAssuranceRequirement

SFR SecurityFunctionalRequirement

SMTP SimpleMailTransferProtocol

ST SecurityTarget

TOE TargetofEvaluation

TSF TOESecurityFunctionality

TSFI TSFInterface

TSS TOESummarySpecification

AppendixD-Bibliography

Identifier Title

[CC] CommonCriteriaforInformationTechnologySecurityEvaluation-Part1:IntroductionandGeneralModel,CCMB-2017-04-001,Version3.1Revision5,April2017.Part2:SecurityFunctionalComponents,CCMB-2017-04-002,Version3.1Revision5,April2017.Part3:SecurityAssuranceComponents,CCMB-2017-04-003,Version3.1Revision5,April2017.

[AppPP] ProtectionProfileforApplicationSoftware,Version1.3,March1,2019

[MS-OXCMAPIHTTP]

MessagingApplicationProgrammingInterface(MAPI)ExtensionsforHTTP

[MS-OXCRPC] WireFormatProtocol