NIAP: U.S. Government Approved Protection Profile - Extended Package for Wireless LAN Access System

Short Name: pp_wlan_as_ep_v1.0

Technology Type: Wireless LAN

CC Version: 3.1

Date: 28 May 2015

Preceded By: pp_wlan_as_v1.0

Conformance Claim: None



This Extended Package (EP) is written to address the situation when network packets cross the boundary between a wired private network and a wireless client via a WLAN Access System.  The WLAN Access System provides secure communication between a user (wireless client) and a wired (trusted) network by supporting security functions such as administration, authentication, encryption, and the protection and handling of data in transit.  To protect the data in-transit from disclosure and modification, a WLAN Access System is used to establish secure communications.  The WLAN Access System provides one end of the secure cryptographic tunnel and performs encryption and decryption of network packets in accordance with a WLAN Access System security policy negotiated with its authenticated wireless client.  It supports multiple simultaneous wireless connections and is capable of establishing and terminating multiple cryptographic tunnels to and from those peers.

The proper installation, configuration, and administration of the WLAN Access System are critical to its correct operation.  

Note that this EP does not repeat the threats identified in the NDcPP, though they all apply given the conformance and hence dependence of this EP on the NDcPP. Note also that while the NDcPP contains only threats to the ability of the TOE to provide its security functions, this EP addresses only threats to resources in the operational environment. Together the threats of the NDcPP and those defined in this EP define the comprehensive set of security threats addressed by a WLAN Access System TOE.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

Related Technical Decisions

  • 0315 – Clarification of test for FCS_CKM.2.1(3)
  • 0282 – Test Activities added for Key Distribution and Key Generation
  • 0277 – Pre-Shared Key Composition
  • 0271 – RADsec as alternative to IPsec

Please forward any questions or comments to

Site Map              Contact Us              Home