![[Public Interpretations Database]](/assets/images/public-interps.jpg){kind=small}
I-0377: Settable Failure Limits Are Permitted
TYPE: NIAP Interpretation
NUMBER: I-0377
STATUS: Formally Superseded
TITLE: Settable Failure Limits Are Permitted
SUPERSEDED BY:
I-0425 Settable Failure Limits Are Permitted
EFFECTIVE: 2000-03-27
SUPERSEDED: 2000-12-05
SOURCE REFERENCE: CC v2.1 Part 2 Subclause 7.1 FIA_AFL
CC v2.1 Part 2 Subclause G.1 FIA_AFL
RELATED TO: <None>
CCIMB ENTRY: CCIMB-INTERP-0111
STATEMENT
The following interprets FIA_AFL.1.1:The number of unsuccessful authentication attempts is permitted to be specifiable by an administrator.
RECOMMENDED CRITERIA CHANGES
To address this interpretation, the following changes should be made to
FIA_AFL.1.1: (additions marked
thusly, deletions marked
thusly)
FIA_AFL.1.1 The TSF shall detect when [selection: [assignment: positive integernumber], "an authorized administrator configurable integer"] unsuccessful authentication attempts occur related to [assignment: list of authentication events].
Additionally, corresponding changes should be made in the Part 2 Annex for FIA_AFL to reflect the changes in the terms used in the assignment.
SUPPORT:
The Part 2 Annex for FIA_AFL says, for the assignment:In FIA_AFL.1.1, if the PP/ST author should specify the default number of unsuccessful authentication attempts that, when met or surpassed, will trigger the events. The PP/ST author may specify that the number is: "an authorised administrator configurable number".
This is reasonable; the PP/ST author may wish to allow the number to be adjusted dynamically by an authorised administrator. However, the wording used ("[assignment: number]") does not allow a phrase to be inserted. This interpretation permits the phrase.
This interpretation also addresses an ambiguity in the original words. "Number", as used in the element, could potentially be real or negative. That is inappropriate; it it more precise to call it a positive integer.