NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0158:  FMT_SMF_EXT.1

Publication Date
2017.03.08

Protection Profiles
PP_MD_v3.0

Other References
FMT_SMF_EXT.1.1

Issue Description

The RF enclosure needs to be validated in some manner, and determine if a signal generator is needed to entice the device to emanate a signal.

Resolution

FMT_SMF_EXT.1.1

Function 4

The evaluator shall verify that the TSS includes a description of each radio and an indication of if the radio can be enabled/disabled along with what role can do so. In addition the evaluator shall verify that the frequency ranges at which each radio operates is included in the TSS. The evaluator shall confirm that the AGD guidance describes how to perform the enable/disable function for each radio.

The evaluator shall ensure that minimal signal leakage enters the RF shielded enclosure (i.e, Faraday bag, Faraday box, RF shielded room) by performing the following steps:

          Step 1: Place the antenna of the spectrum analyzer inside the RF shielded enclosure.

          Step 2: Enable “Max Hold” on the spectrum analyzer and perform a spectrum sweep of the frequency range between 300MHz – 6000MHz, in I KHz steps (this range should encompass 802.11, 802.15, GSM, UMTS, LTE and GPS). This range will not address NFC 13.56MHz, another test should be set up with similar constraints to address NFC.

If power above -90 dBm is observed, the Faraday box has too great of signal leakage and shall not be used to complete the test for Function 4.

Test 4: The evaluator shall exercise the TSF configuration as all roles specified in the TSS to enable and disable the state of each radio (e.g. Wi-Fi, GPS, cellular, NFC, Bluetooth). Additionally, the evaluator shall repeat the steps below, booting into any auxiliary boot mode supported by the device. For each radio, the evaluator shall:

Step 1: Place the antenna of the spectrum analyzer inside the RF shielded enclosure. Configure the spectrum analyzer to sweep desired frequency range for the radio to be tested (based on range provided in the TSS). The ambient noise floor shall be set to -110dBm. Place the TOE into the RF shielded enclosure to isolate them from all other RF traffic.

Step 2: The evaluator shall create a baseline of the expected behavior of RF signals. The evaluator shall power on the device, ensure the radio in question is enabled, power off the device, enable “Max Hold” on the spectrum analyzer and power on the device. The evaluator shall wait 2 minutes at each Authentication Factor interface prior to entering the necessary password to complete the boot process, waiting 5 minutes after the device is fully booted. The evaluator shall observe that RF spikes are present at the expected uplink channel frequency. The evaluator shall clear the “Max Hold” on the spectrum analyzer.

Step 3: The evaluator shall verify the absence of RF activity for the uplink channel when the radio in question is disabled. The evaluator shall complete the following test five times. The evaluator shall power on the device, ensure the radio in question is disabled, power off the device, enable “Max Hold” on the spectrum analyzer and power on the device. The evaluator shall wait 2 minutes at each Authentication Factor interface prior to entering the necessary password to complete the boot process, waiting 5 minutes after the device is fully booted. The evaluator shall clear the “Max Hold” on the spectrum analyzer. If a spike of RF activity for the uplink channel of the specific radio frequency band is observed at any time (either at an Authentication Factor interface or when the device is fully booted) it is deemed that the radio is enabled.

Justification

Assurance Activities were needed for the RF enclosure.  After responses from the TC, it was determined that a signal generator is not needed for the Assurance Activity for FMT_SMF_EXT.1.1 Function 4.

 
 
Site Map              Contact Us              Home