NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0807:  Corrections for WLAN AS CC Conformance

Publication Date

Protection Profiles

Other References
FAU_GEN.1/WLAN, FMT_SMF.1/AccessSystem, FTP_ITC.1/Client, Table 3, FCS_RADSEC_EXT.2.1

Issue Description

PP-Module for WLAN AS has several minor errors that need fixing to address CC conformance issues.


FAU_GEN.1/WLAN in Section 5.2.1 of MOD_WLAN_AS_V1.0 is modified as follows (italicize "not specified"), with green highlights indicating the modification:


The TSF shall be able to generate an audit record of the following auditable events:

a. Start-up and shutdown of the audit functions;

b. All auditable events for the [not specified] level of audit; and

c. [Auditable events listed in the Auditable Events table (Table 2)

d. Failure of wireless sensor communication]

FMT_SMF.1/AccessSystem in Section 5.2.4 of MOD_WLAN_AS_V1.0 is modified as follows (brackets added and all text italicized inside the brackets), with green highlights indicating the modification:


The TSF shall be capable of performing the following management functions:


- Configure the security policy for each wireless network, including:

- Security type

- Authentication protocol

- Client credentials to be used for authentication

- Service Set Identifier (SSID)

- If the SSID is broadcasted

- Frequency band set to [selection: 2.4 GHz, 5 GHz, 6 GHz]

- Transmit power level


FTP_ITC.1.1/Client and FTP_ITC.1.2/Client in Section 5.2.7 of MOD_WLAN_AS_V1.0 are modified as follows (adding bold text, brackets, and italics), with green highlighting indicating the modifications:


The TSF shall be capable of using WPA3-Enterprise, WPA2-Enterprise and

[selection: WPA3-SAE, WPA3-SAE-PK, WPA2-PSK, no other mode] as defined by

IEEE 802.11-2020 to provide a trusted communication channel between itself

and WLAN clients that is logically distinct from other communication channels

and provides assured identification of its end points and protection of the

channel data from disclosure and detection of modification of the channel data.


The TSF shall permit [the authorized IT entities] to initiate communication via the

trusted channel.

Table 3 in Section 5.3 of MOD_WLAN_AS_V1.0 is modified as follows:


Add the following row under FCS_CKM.2/DISTRIB:

Addressed by



FTP_ITC.1/Client supports the objective by requiring the TSF to implement WPA functionality to support communication using its other cryptographic functions.


Add the following row under FCS_RADSEC_EXT.2:


Addressed by




FCS_RADSEC_EXT.3 supports the objective by optionally requiring the TSF to implement RadSec using pre-shared keys with RSA if that method is chosen for peer authentication.

FCS_RADSEC_EXT.2.1 in Appendix B.1 of MOD_WLAN_AS_V1.0 is modified as follows (adding bold text), with green highlighting indicating the modifications:


The TSF shall implement [selection: TLS 1.2 (RFC 5246), TLS 1.1 (RFC 4346)]

and no earlier TLS versions when acting as a RADIUS over TLS client that

supports the following ciphersuites:



See issue description.

Site Map              Contact Us              Home