TD0409: NIT decision for Applicability of FIA_AFL.1 to key-based SSH authentication
FIA_AFL.1, ND SD v2.0e, ND SD v2.1
The NIT issued a technical decision for Applicability of FIA_AFL.1 to key-based SSH authentication
The NIT agrees that blocking due to authentication failures is intended to be applied to password-based authentication rather than key-based authentication.
Note that the TD for RfI#201818, related to how FIA_AFL.1 applies to local vs. remote administrator accounts, adds text to FIA_AFL.1.1 (and to the Application Note below FIA_AFL.1 – Application Note 16 in NDcPPv2.0e/17 in NDcPPv2.1) that clarifies that the element applies to password-based authentication.
This TD therefore confirms the interpretation that application of FIA_AFL.1 is only mandatory for password-based authentication, but no additional change is needed beyond that applied by RfI#201818.
For further information, please see the NIT interpretation at:
See issue description