NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0750:  Updates to FAU_SAA.1.2

Publication Date
2023.06.02

Protection Profiles
MOD_WIDS_V1.0

Other References
FAU_SAA.1.2, MOD_WIDS_V1.0-SD

Issue Description

FAU_SAA.1.2 in MOD_WIDS_V1.0 has several issues:

  • Item a. is "Accumulation or combination of [assignment: subset of defined auditable events] known to indicate a potential security violation". It is not clear how it is intended for a device to satisfy rule a) as there is no additional information provided in the way of an application note, and no corresponding test.
  • Item i. is "detection of traffic with excessive transmit power level". It is not possible to determine the transmit power level of a detected EUD/AP.
  • While FAU_INV_EXT.3.1 states "The TSF shall detect the physical location of APs and EUDs to within [assignment: value equal or less than 25] feet of their actual location.", the corresponding item ab in FAU_SAA.1.2 is "Detection of the physical location of an identified WLAN threat by using triangulation". This item has a corresponding Test 27 in the MOD_WIDS_V1.0 SD with a different distance measurement :

Test 27: Detection of the physical location of an identified WLAN threat by using triangulation:

 

Step 1: Deploy a non-allowlisted AP or EUD within range of the TSF.

 

Step 2: Verify that the TSF can track and locate the AP or EUD to within 5 meters.

Resolution

FAU_SAA.1.2 in MOD_WIDS_V1.0 is modified as follows, with red highlighted strikethrough denoting deletion and green highlighted underlines denoting additions:

item a:

a. Accumulation or combination of [selection: [assignment: subset of defined auditable events], no defined auditable events]

            known to indicate a potential security violation,

item i:

i. Detection of traffic with excessive transmit power level,

The following FAU_SAA.1 tests are modified in the MOD_WIDS_V1.0 SD, with red highlighted strikethrough denoting deletion and green highlighted underlines denoting additions:

Test 8 is deleted in its entirety

Test 27 is modified as follows:

Test 27: Detection of the physical location of an identified WLAN threat by using triangulation:

 

Step 1: Deploy a non-allowlisted AP or EUD within range of the TSF.

 

Step 2: Verify that the TSF can track and locate the AP or EUD to within 5 meters 25 feet.

Justification

See issue description.

 
 
Site Map              Contact Us              Home