NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0409:  NIT decision for Applicability of FIA_AFL.1 to key-based SSH authentication

Publication Date
2019.03.22

Protection Profiles
CPP_ND_V2.0E, CPP_ND_V2.1

Other References
FIA_AFL.1, ND SD v2.0e, ND SD v2.1

Issue Description

The NIT issued a technical decision for Applicability of FIA_AFL.1 to key-based SSH authentication

 

Resolution

The NIT agrees that blocking due to authentication failures is intended to be applied to password-based authentication rather than key-based authentication.

Note that the TD for RfI#201818, related to how FIA_AFL.1 applies to local vs. remote administrator accounts, adds text to FIA_AFL.1.1 (and to the Application Note below FIA_AFL.1Application Note 16 in NDcPPv2.0e/17 in NDcPPv2.1) that clarifies that the element applies to password-based authentication.

This TD therefore confirms the interpretation that application of FIA_AFL.1 is only mandatory for password-based authentication, but no additional change is needed beyond that applied by RfI#201818.

For further information, please see the NIT interpretation at:

https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201829.pdf

Justification

See issue description

 
 
Site Map              Contact Us              Home