NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0275:  Corrections to FAU_WID_EXT.2.1 and FAU_WID_EXT.3.1

Publication Date
2017.12.20

Protection Profiles
EP_WIDS_V1.0

Other References
FAU_WID_EXT.2.1, FAU_WID_EXT.3.1

Issue Description

Some tests for FAU_WID_EXT.2.1 are dependent on selections and FAU_WID_EXT.3.1 was not formatted correctly.

 

Resolution

For FAU_WID_EXT.2.1 the app note and tests will be modifed as follows:

Application Note: The "802.11 monitoring SFP" is a security function policy and the SFRs that reference this policy describe what the policy does. The "802.11 monitoring SFP" is established in FDP_IFC.1.1 and defined through FAU_WID_EXT SFRs. A vendor does not have to formally define this policy, it only needs to comply with the SFRs. If channels outside regulatory domain or non-standard channel frequencies is selected, the corresponding additional test steps should be performed.

Tests

The evaluator shall perform the following tests:

Test 1: Channels on On 5GHz band

o   Step 1: Configure the TSF to monitor the channels as selected in the SFR.

o   Step 2: Deploy AP on at least 2 different channels within the regulatory domain on 5GHz band.

o   Step 3: If channels outside regulatory domain is selected, deploy AP on at least 2 different channels outside the regulatory domain on 5GHz band.

o   Step 4: Verify that the AP gets detected on each channel tested. 

         Test 2: Channels on 2.4GHz band

o   Step 1: Configure the TSF to monitor the channels as selected in the SFR.

o   Step 2: Deploy AP on at least 2 different channels within the regulatory domain on 2.4GHz band.

o   Step 3: If channels outside regulatory domain is selected, deploy AP on at least 2 different channels outside the regulatory domain on 2.4GHz band.

o   Step 4: Verify that the AP gets detected on each channel tested.

       Test 3: Non-standard channel frequencies (required only if non-standard channel frequencies is selected).

o   Step 1: Configure the TSF to monitor the channels as selected in the SFR.

o   Step 2: Deploy AP on at least 2 different channels on non-standard channel frequencies.

o   Step 3: Verify that the AP gets detected on each channel tested.

FAU_WID_EXT.3.1 is formatted as follows:

The TSF shall detect the following intrusions: [RF-based denial of service, deauthentication flooding, disassociation flooding, [selection: [assignment: other DoS methods], request-to-send/clear-to-send abuse, no other DoS methods]].

Justification

See issue description.

 
 
Site Map              Contact Us              Home