Several SFRs were updated in the CPP_ND_V3.0E that must be updated in MOD_WLAN_AS_V1.0 to maintain compatibility.

The following is added to the bulleted list of Base-PPs in Section 1.1 Overview of MOD_WLAN_AS_V1.0 is modified as follows:

·      Network Device collaborative Protection Profile (NDcPP) Version 3.0e

The following is added to the bulleted list of Base-PPs in Section 1.1 Technology Area and Scope of Supporting Document of MOD_WLAN_AS_V1.0-SD:

·       Network Device, Version 3.0e

FTP_ITC.1/Client in MOD_WLAN_AS_V1.0-SD is modified as follows, with green-highlighted underlines denoting addition:

FTP_ITC.1/Client

This component is adequately evaluated when performing the evaluation activities for FTP_ITC.1 in the Network Device, version 2.2e or 3.0e base-PP.

 An Application Note for FAU_STG_EXT.1.3 in Section 5.1.1.1 of MOD_WLAN_AS_V1.0 is added as follows:

Application Note: When CPP_ND_V3.0E is the Base-PP, the element in Section 5.1.2.1 should be used, instead.

The Application Note for FPT_TST_EXT.1.1 in Section 5.1.1.4 of MOD_WLAN_AS_V1.0 is modified as follows, with green highlighted underlines denoting additions:

Application Note: This SFR is modified from its definition in the NDcPP by mandating that self-testing occur at power on and that the self-testing must include, at minimum, an integrity test using a digital signature. FCS_COP.1/SigGen is defined in the NDcPP. When CPP_ND_V3.0E is the Base-PP, the element in Section 5.1.2.2 should be used, instead.

An Application Note for FTP_ICT.1.2 in Section 5.1.1.5 of MOD_WLAN_AS_V1.0 is added as follows:

Application Note: When CPP_ND_V3.0E is the Base-PP, the element in Section 5.1.2.3 should be used, instead.

Section 5.1.2 Further Modified SFRs and its associated subsections are added to MOD_WLAN_AS_V1.0 as follows:

5.1.2 Further Modified SFRs

The SFRs listed in this section are defined in the NDcPP V3.0E and relevant to the secure operation of the TOE. SFRs in this section must be used in lieu of their counterparts in Section 5.1.1 when CPP_ND_V3.0E is used as the Base PP. When not further refined in this section, SFRs listed in section 5.1.1 should be used as-is.

5.1.2.1 Security Audit (FAU)

FAU_STG_EXT.1 Protected Audit Event Storage

FAU_STG_EXT.1.3

The TSF shall maintain a [selection: log file, database, buffer, [assignment: other local logging method]] of audit records in the event that an interruption of communication with the remote audit server occurs.

FAU_STG_EXT.1.4

The TSF shall be able to store [selection: persistent, nonpersistent] audit records locally with a minimum storage size of [assignment: number of records and/or file/buffer size(s)].

FAU_STG_EXT.1.5

The TSF shall [selection: drop new audit data, overwrite previous audit records according to the following rule: [assignment: rule for overwriting previous audit records], [assignment: other action]] when the local storage space for audit data is full.

FAU_STG_EXT.1.6

The TSF shall provide the following mechanisms for administrative access to locally stored audit records [selection: none, manual export, ability to view locally].

5.1.2.2 Protection of the TST (FPT)

FPT_TST_EXT.1 TSF Testing

FPT_TST_EXT.1.1

The TSF shall run a suite of the following self-tests:

·       During initial start-up (on power on) to verify the integrity of the TOE firmware and software;

·       Prior to providing any cryptographic service and [selection: at no other time, on-demand, continuously, [assignment: conditions under which self-tests should occur]] to verify correct operation of cryptographic implementation necessary to fulfil the TSF;

·       [selection: no other, start-up, on-demand, continuous, at the conditions [assignment: conditions under which self-tests should occur]] self-tests [assignment: 'list an identifier for each self-test that is additional to those identified in the first two bullet points']

to demonstrate the correct operation of the TSF: integrity verification of stored TSF executable code through the use of the TSF-provided cryptographic service specified in FCS_COP.1/SigGen.

FPT_TST_EXT.1.2

The TSF shall respond to [selection: all failures, [assignment: list of failures detected by self-tests]] by [selection: entering a maintenance mode, rebooting, [assignment: other methods to enter a secure state]].

5.1.2.3 Trusted Path/Channels (FTP)

FTP_ITC.1 Inter-TSF Trusted Channel

FTP_ITC.1.2

The TSF shall permit [selection: the TSF, the authorized IT entities] to initiate communication via the trusted channel.

See Issue Description.