Certification Maintenance and Updates

From time to time there are changes to the Certified Authenticator that can affect the FIDO Authenticator Security Requirements. These changes are classified as non-interfering, minor, or major, and relate directly to Derivative, Delta and Recertification.

The starting point for these processes is when a change is made to an existing certified Authenticator. This change might be a patch designed to correct a discovered flaw, an enhancement to a feature, the addition of a new feature, a clarification in the guidance documentation, or any other change to the Authenticator Hardware and/or Software.

FIDO Alliance has developed a process for when such changes occur. It is the FIDO Impact Analysis Report (FIAR) and is described below.

Description of Evaluation of Changes

The vendor submits the completed FIAR report to the FIDO Security Secretariat who analyzes the changes described in the report to determine their impact upon the FIDO Security Requirements coverage.

FIDO Impact Analysis Report Review Process

The FIAR review process is composed of 3 steps:

1. The FIAR submission step: The vendor submits a complete FIAR document based on the template provided in the link above.
2. The FIAR review step: FIDO security secretariat reviews the submitted FIAR report for completeness and analysis the changes to determine their impact on the FIDO Authenticator Security Requirements.
3. The FIAR conclusion step: FIDO security secretariat will provide a judgement based on the characteristics of the changes made to the Certified Authenticator. The outcome would be either that the changes are Non-INTERFERING or MINOR or MAJOR.

Derivative Certification Process

NON-INTERFERING Change

A non-interfering change has NO impact on the FIDO Security Requirements coverage. Typical changes could be features outside of the Authenticator Boundary or bug fixes related to functional features, performance optimization or an updated name or look.

A Derivative FIDO Authenticator Certification process is conducted on an Authenticator that has been already certified in earlier versions. In the case where the Security Secretariat concluded that changes reflected in the FIAR have NON-INTERFERING impacts on FIDO Security Requirements coverage after reviewing the FIAR provided by the Vendor, then an addendum to the existing certificate is created. It is made publicly available by the end of this process. Begin the Derivative Certification here.

Delta Certification Process

MINOR Change

A minor change has an impact that is sufficiently minimal to not affect the security assurance level provided by test procedures and calibration requirements to the extent that the Authenticator needs to be recertified. Changes to the FIDO Security Requirements that DO NOT require Calibration falls typically into this scope, but this is not a restricted case.  Typical changes could be bug fixes indirectly related to a security feature or ASPs, an additional feature interacting with the Authenticator boundary or a security strength optimization. Examples include, but not limited to: 1) FIDO certified applet installation on another platform and 2) FIDO certified applet with another transport mode.  Both of these examples, depending on changes, could potentially be recertification, so make certain to document correctly on the FIAR.

A Delta FIDO Authenticator Certification is conducted on an Authenticator that has been already certified in earlier versions. In the case where the Security Secretariat concluded that changes reflected in the FIAR have MINOR impacts to the FIDO Authenticator Security Requirements coverage, then the following must apply:

• For L1 Certifications: FIDO Security Secretariat will review only the updates made to the VQ and approves it, then an addendum to the existing certificate is created and made publicly available by the end of the process.
• For L1+ Certification and above: The Accredited Lab will review only the updates made to the VQ, conduct the delta tests and updates the relevant FER to reflect the new version. Then, an addendum to the existing certificate is created by FIDO Security Secretariat and made public by the end of the process.

Recertification Process

MAJOR Change

A major change has a potential impact on the security assurance level. Changes to the FIDO Security Requirements that DO require Calibration falls typically into this category. Typical changes could be the addition/remove/replacement of an ASP or a cryptographic algorithm, an implementation of a new countermeasure or a change to the Authenticator boundary security architecture. Note that in some cases, an update including several minor changes could lead to a major impact on security, in that case, the Security Secretariat might consider it as a major change.

A FIDO Authenticator Recertification is conducted on an Authenticator that has been already certified in earlier versions. In the case where the Security Secretariat concluded that changes reflected in the FIAR have MAJOR impacts to the FIDO Authenticator Security Requirements coverage, then the following must apply:

• For L1 Certifications: FIDO Security Secretariat will review completely the VQ while reusing previous certification results to the maximum extent possible to minimize duplication of effort. Then approves it, and issue a new certificate which will replace the existing one. This new certificate will be made publicly available by the end of the process.
• For L1+ Certification and above: The Accredited Lab will review completely the VQ and re-conduct testing while reusing previous certification results to the maximum extent possible to minimize duplication of effort. Then updates the FER to reflect the new results before submitting it to FIDO Security Secretariat. That latter will validate the FER and issue a new certificate which will replace the existing one. This new certificate will be made publicly available by the end of the process.