NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0807:  Corrections for WLAN AS CC Conformance

Publication Date
2024.01.10

Protection Profiles
MOD_WLAN_AS_v1.0

Other References
FAU_GEN.1/WLAN, FMT_SMF.1/AccessSystem, FTP_ITC.1/Client, Table 3, FCS_RADSEC_EXT.2.1

Issue Description

PP-Module for WLAN AS has several minor errors that need fixing to address CC conformance issues.

Resolution

FAU_GEN.1/WLAN in Section 5.2.1 of MOD_WLAN_AS_V1.0 is modified as follows (italicize "not specified"), with green highlights indicating the modification:

FAU_GEN.1.1/WLAN

The TSF shall be able to generate an audit record of the following auditable events:

a. Start-up and shutdown of the audit functions;

b. All auditable events for the [not specified] level of audit; and

c. [Auditable events listed in the Auditable Events table (Table 2)

d. Failure of wireless sensor communication]

FMT_SMF.1/AccessSystem in Section 5.2.4 of MOD_WLAN_AS_V1.0 is modified as follows (brackets added and all text italicized inside the brackets), with green highlights indicating the modification:

FMT_SMF.1.1/AccessSystem

The TSF shall be capable of performing the following management functions:

[

- Configure the security policy for each wireless network, including:

- Security type

- Authentication protocol

- Client credentials to be used for authentication

- Service Set Identifier (SSID)

- If the SSID is broadcasted

- Frequency band set to [selection: 2.4 GHz, 5 GHz, 6 GHz]

- Transmit power level

]

FTP_ITC.1.1/Client and FTP_ITC.1.2/Client in Section 5.2.7 of MOD_WLAN_AS_V1.0 are modified as follows (adding bold text, brackets, and italics), with green highlighting indicating the modifications:

FTP_ITC.1.1/Client

The TSF shall be capable of using WPA3-Enterprise, WPA2-Enterprise and

[selection: WPA3-SAE, WPA3-SAE-PK, WPA2-PSK, no other mode] as defined by

IEEE 802.11-2020 to provide a trusted communication channel between itself

and WLAN clients that is logically distinct from other communication channels

and provides assured identification of its end points and protection of the

channel data from disclosure and detection of modification of the channel data.

FTP_ITC.1.2/Client

The TSF shall permit [the authorized IT entities] to initiate communication via the

trusted channel.

Table 3 in Section 5.3 of MOD_WLAN_AS_V1.0 is modified as follows:

O.CRYPTOGRAPHIC_FUNCTIONS: 

Add the following row under FCS_CKM.2/DISTRIB:

Addressed by

Rationale

FTP_ITC.1/Client

FTP_ITC.1/Client supports the objective by requiring the TSF to implement WPA functionality to support communication using its other cryptographic functions.

O.AUTHENTICATION:

Add the following row under FCS_RADSEC_EXT.2:

 

Addressed by

Rationale

FCS_RADSEC_EXT.3

(selection-based)

FCS_RADSEC_EXT.3 supports the objective by optionally requiring the TSF to implement RadSec using pre-shared keys with RSA if that method is chosen for peer authentication.

FCS_RADSEC_EXT.2.1 in Appendix B.1 of MOD_WLAN_AS_V1.0 is modified as follows (adding bold text), with green highlighting indicating the modifications:

FCS_RADSEC_EXT.2.1

The TSF shall implement [selection: TLS 1.2 (RFC 5246), TLS 1.1 (RFC 4346)]

and no earlier TLS versions when acting as a RADIUS over TLS client that

supports the following ciphersuites:

 

Justification

See issue description.

 
 
Site Map              Contact Us              Home