![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0068: Specifying the "number of times" in FIA_AFL.1.1
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2002-08-13 |
| Last Modified | 2006-08-02 |
Issue
The FIA_AFL.1.1 element in CC v2.1 does not allow the number of times to be computable, settable by the ST writer, or other flexibility in the number of unsuccessful authentication attempts to occur before action is taken.
Resolution
The PP developer has the flexibility to leave to the ST writer(s) or the developer the ability to have the number of unsuccessful authentication attemps computed on context (for example, based on threat level or traffic history for that user) or specificied by the administrator.
This ability has been captured in I-0414.
Support
Providing such an ability increases the flexibility of the TOE and allows the TOE to adjust to changing security needs.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- ALFWPPv1.c
Related NIs:
- I-0369: Security Management Functions To Be Provided Must Be Enumerated
- I-0377: Settable Failure Limits Are Permitted
Related CCIMB-INTERPs:
- None
Source OD: 0115