Archived
TD0275: Corrections to FAU_WID_EXT.2.1 and FAU_WID_EXT.3.1
Publication Date
2017.12.20
Protection Profiles
EP_WIDS_V1.0
Other References
FAU_WID_EXT.2.1, FAU_WID_EXT.3.1
Issue Description
Some tests for FAU_WID_EXT.2.1 are dependent on selections and FAU_WID_EXT.3.1 was not formatted correctly.
Resolution
For FAU_WID_EXT.2.1 the app note and tests will be modifed as follows: Application Note: The "802.11 monitoring SFP" is a security function policy and the SFRs that reference this policy describe what the policy does. The "802.11 monitoring SFP" is established in FDP_IFC.1.1 and defined through FAU_WID_EXT SFRs. A vendor does not have to formally define this policy, it only needs to comply with the SFRs. If channels outside regulatory domain or non-standard channel frequencies is selected, the corresponding additional test steps should be performed. Tests The evaluator shall perform the following tests: Test 1: Channels on On 5GHz band o Step 1: Configure the TSF to monitor the channels as selected in the SFR. o Step 2: Deploy AP on at least 2 different channels within the regulatory domain on 5GHz band. o Step 3: If channels outside regulatory domain is selected, deploy AP on at least 2 different channels outside the regulatory domain on 5GHz band. o Step 4: Verify that the AP gets detected on each channel tested. Test 2: Channels on 2.4GHz band o Step 1: Configure the TSF to monitor the channels as selected in the SFR. o Step 2: Deploy AP on at least 2 different channels within the regulatory domain on 2.4GHz band. o Step 3: If channels outside regulatory domain is selected, deploy AP on at least 2 different channels outside the regulatory domain on 2.4GHz band. o Step 4: Verify that the AP gets detected on each channel tested. Test 3: Non-standard channel frequencies (required only if non-standard channel frequencies is selected). o Step 1: Configure the TSF to monitor the channels as selected in the SFR. o Step 2: Deploy AP on at least 2 different channels on non-standard channel frequencies. o Step 3: Verify that the AP gets detected on each channel tested. FAU_WID_EXT.3.1 is formatted as follows: The TSF shall detect the following intrusions: [RF-based denial of service, deauthentication flooding, disassociation flooding, [selection: [assignment: other DoS methods], request-to-send/clear-to-send abuse, no other DoS methods]]. Justification
See issue description. |