FIA_X509_EXT.2.2/WLAN was removed in the previous version, but the corresponding evaluation activities remained.

The Evaluation Activities for FIA_X509_EXT.2/WLAN in MOD_WLANC_V1.0-SD are modified as follows, with highlights indicating additions and strikethroughs indicating deletions:

TSS

The evaluator shall check the TSS to ensure that it describes how the TOE chooses which certificates to use, and any necessary instructions in the administrative guidance for configuring the operational environment so that the TOE can use the certificates.

The evaluator shall examine the TSS to confirm that it describes the behavior of the TOE when a connection cannot be established during the validity check of a certificate used in establishing a trusted channel. The evaluator shall verify that any distinctions between trusted channels are described.

Guidance

If not already present in the TSS, the evaluator shall check the administrative guidance to ensure that it describes how the TOE chooses which certificates to use, and any necessary instructions for configuring the operating environment so that the TOE can use the certificates.

If the administrator is able to specify the action to be performed in this situation, then the evaluator shall ensure that the operational guidance contains instructions on how this configuration action is performed.

Tests

None.

The evaluator shall perform the following test:

• Test 5.1: The evaluator shall demonstrate using a valid certificate that requires certificate validation checking to be performed in at least some part by communicating with a non-TOE IT entity. The evaluator shall then manipulate the environment so that the TOE is unable to verify the validity of the certificate, and observe that the action selected in FIA_X509_EXT.2.2 is performed. If the selected action is administrator-configurable, then the evaluator shall follow the operational guidance to determine that all supported administrator-configurable options behave in their documented manner.

Evaluation activities should not exist when the requirement does not exist.