NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0306:  Update to FAU_WID_EXT.2.1 and FAU_WID_EXT.2.2

Publication Date
2018.05.22

Protection Profiles
EP_WIDS_V1.0

Other References
FAU_WID_EXT.2.1, FAU_WID_EXT.2.2

Issue Description

4.9 GHz is not to be transmitted on and only monitored, but not by all products. In addition, FAU_WID_EXT.2.2 is updated to make the tests more objective.

Resolution

SFR for FAU_WID_EXT.2.1 is replaced as follows (this update to FAU_WID_EXT.2.1 supersedes the changes made in TD275 for this SFR):

 

FAU_WID_EXT.2.1 The TSF shall monitor and analyze [selection: simultaneously monitor and analyze, no other behavior] network traffic matching the [802.11 monitoring SFP] for channels in the following RF Frequencies: all Wi-Fi channels in the 2.4 GHz and 5.0 GHz according to their regulatory domain and [selection: [assignment: specified Wi-Fi channels] in the 4.9 GHz regulatory domain, [assignment: Wi-Fi channels outside regulatory domain], [assignment: non-standard channel frequencies], no other domains].

Application Note: The "802.11 monitoring SFP" is a security function policy and the SFRs that reference this policy describe what the policy does. The "802.11 monitoring SFP" is established in FDP_IFC.1.1 and defined through FAU_WID_EXT SFRs. A vendor does not have to formally define this policy, it only needs to comply with the SFRs.

Application Note: Channels in the regulatory domain refers to the allowed channels that an IEEE 802.11 device is allowed to operate in according to the government regulations of the country/region that the device is operating in.  Channels outside the regulatory domain refers to channels allowed for IEEE 802.11 devices in the standard but that devices are not allowed to operate in in the country/region due to regulations. Non-standard channel frequencies refers to frequencies that do not fall under the IEEE 802.11 specification. Since the list of channels varies depending on the 802.11 protocol, the channel width, channels should be broken down by protocol and channel width and frequencies in the TSS.

Assurance Activity

TSS

The evaluator shall verify that the TSS includes information on the channels the TSF can detect. This includes outlining which channels fall in the regulatory domain, outside regulatory domain, or under a non-standard channel frequencies.

 Guidance

The evaluator shall review the operational guidance for the channels that the TSF is able to monitor and how to configure the TSF to monitor the channels as selected in the SFR. Depending on the channel dwelling times implemented by the vendor it might take a while for the detection of devices.

Tests

The evaluator shall perform the following applicable tests:

·         Channels on 2.4GHz band

o    Step 1: Configure the TSF to monitor the channels as selected in the SFR.

o    Step 2: Deploy AP and set to to channels within the regulatory domain on 2.4GHz band outlined in the TSS.

o    Step 3: Deploy AP on and set to channels outside the regulatory domain on 2.4GHz band outlined in the TSS. (if outside regulatory was selected)

o    Step 4: Verify that the AP gets detected on each channel tested.

·         Channels on On 5GHz band

o    Step 1: Configure the TSF to monitor the channels as selected in the SFR.

o    Step 2: Deploy AP and set to  channels within the regulatory domain on 5GHz band outlined in the TSS.

o    Step 3: Deploy AP on and set to channels outside the regulatory domain on 5GHz band outlined in the TSS. (if outside regulatory was selected)

o    Step 4: Verify that the AP gets detected on each channel tested.

·         Channels on 4.9GHz band (if selected)

o    Step 1: Configure the TSF to monitor the channels as selected in the SFR.

o    Step 2: Deploy AP and set to  channels within the 4.9GHz band outlined in the TSS..

o    Step 3: Verify that the AP gets detected on each channel tested.

·         Non-standard channel frequencies (This test only applies if the ST author has specified assignments for "channels outside the regulatory domain" and/or "non-standard channel frequencies.")

o   Step 1: Configure the TSF to monitor the channels as selected in the SFR.

o   Step 2: Deploy AP and set to frequencies within as outlined in the TSS.

o   Step 3: Verify that the AP gets detected on each channel tested.

 

The SFR, Application Notes, and Assurance Activities for FAU_WIDS_EXT.2.2 are replaced as follows:

FAU_WIDS_EXT.2.2 The TSF shall provide wireless sensors to detect network traffic matching the [802.11 monitoring SFP] that [selection: can be configured to prevent transmission of data, does not transmit data].

Application Note: The intent of this SFR is to employ WIDS/WIPS sensors that can be set to sensor mode only and have WIPS capabilities turned off for deployments that wish to implement a no wireless policy. The testing requirements are intended to verify that no Wi-Fi transmissions are being emitted by the sensor.

Application Note: The "802.11 monitoring SFP" is a security function policy and the SFRs that reference this policy describe what the policy does. The "802.11 monitoring SFP" is established in FDP_IFC.1.1 and defined through FAU_WID_EXT SFRs. A vendor does not have to formally define this policy, it only needs to comply with the SFRs.

 

Assurance Activity

 

TSS

The evaluator shall verify that the TSS includes information on how to configure the sensors as completely passive. Specifically, the TSS shall indicate whether the TOE can be configured as a dedicated sensor with prevention disabled, or, if the sensor transmits data even with no prevention capabilities are enabled, how to disable wireless transmissions.

 

Guidance

Specifically, the TSS shall indicate whether the TOE can be configured as a dedicated sensor with prevention disabled, or, if the sensor transmits data even with no prevention capabilities are enabled, how to disable wireless transmissions.

 

Tests

If the TOE provides the ability to disable wireless transmission or WIPS capabilities, the evaluator shall follow the operational guidance to configure the sensor to not transmit wirelessly. The evaluator shall use a spectrum analyzer to check for RF transmissions coming from the TOE.

The evaluator shall then perform the following tests:


Setup - Set a spectrum analyzer equipped with a 0dB gain omnidirectional antenna to max hold, place the antenna at a distance of 1 meter away from the sensor, and set to the bands specified in the tests below.

On 2.4 GHz band

·         Test 1:

o    Step 1: Boot a sensor and using the spectrum analyzer set for max hold, observe for RF emanations coming from the sensor.

o    Step 2: Verify that any observed RF emanations from the sensor do not exceed -10 dBm.

·         Test 2:

o    Step 1: During normal sensor operations, observe the spectrum analyzer for about 10 minutes, checking for RF emanations coming from the sensor.

o    Step 2: Verify that any observed RF emanations from the sensor do not exceed -10 dBm.

 

On 5GHz band

·         Test 1:

o    Step 1: Boot a sensor and using the spectrum analyzer set for max hold, observe for RF emanations coming from the sensor.

o    Step 2: Verify that any observed RF emanations from the sensor do not exceed -10 dBm.

·         Test 2:

o    Step 1: During normal sensor operations, observe the spectrum analyzer for about 10 minutes checking for RF emanations coming from the sensor..

o    Step 2: Verify that any observed RF emanations from the sensor do not exceed -10 dBm.

On 4.9 GHz band, if selected.

·         Test 1:

o    Step 1: Boot a sensor and using the spectrum analyzer set for max hold, observe for RF emanations coming from the sensor.

o    Step 2: Verify that any observed RF emanations from the sensor do not exceed -10 dBm.

·         Test 2:

o    Step 1: During normal sensor operations, observe the spectrum analyzer for about 10 minutes checking for RF emanations coming from the sensor..

o    Step 2: Verify that any observed RF emanations from the sensor do not exceed -10 dBm.

Justification

This moves the 4.9 GHz to optional for products that do monitor frequency

 
 
Site Map              Contact Us              Home