Test 20 in FAU_SAA.1 allows for an alternative testing method to generate the required alert as it relates to "Detection of unauthorized authentication scheme use". An acceptable alternative method to satisfy the test is where the TOE detects the allowlist AP broadcasting the invalid authentication scheme and generates an alert.

Test 20 in FAU_SAA.1 is modified as follows: 

Test 20: Detection of unauthorized authentication scheme use:

The evaluator shall configure the TOE, per FMT_SMF.1/WIDS, with 802.1x authentication as the only mode of authorized WLAN authentication scheme.

Test 20.1:

Step 1: Deploy an allowlisted AP with open authentication.

Step 2: Verify that the TSF detects the AP broadcasting an unauthorized authentication schemes. If detected the test is satisfied. If not detected perform steps 3 and 4.

Step 3: Connect an allowlisted EUD to AP.

Step 4: Verify that the TSF detects the AP and the EUD using unauthorized authentication schemes.

Test 20.2:

Step 1: Deploy an allowlisted AP that uses pre-shared key authentication.

Step 2: Verify that the TSF detects the AP broadcasting an unauthorized authentication schemes. If detected the test is satisfied. If not detected perform steps 3 and 4.

Step 3: Connect an allowlisted EUD to AP.

Step 4: Verify that the TSF detects the AP and the EUD using unauthorized authentication schemes. 

See issue description