Archived
TD0409: NIT decision for Applicability of FIA_AFL.1 to key-based SSH authentication
Publication Date
2019.03.22
Protection Profiles
CPP_ND_V2.0E, CPP_ND_V2.1
Other References
FIA_AFL.1, ND SD v2.0e, ND SD v2.1
Issue Description
The NIT issued a technical decision for Applicability of FIA_AFL.1 to key-based SSH authentication
Resolution
The NIT agrees that blocking due to authentication failures is intended to be applied to password-based authentication rather than key-based authentication. Note that the TD for RfI#201818, related to how FIA_AFL.1 applies to local vs. remote administrator accounts, adds text to FIA_AFL.1.1 (and to the Application Note below FIA_AFL.1 – Application Note 16 in NDcPPv2.0e/17 in NDcPPv2.1) that clarifies that the element applies to password-based authentication. This TD therefore confirms the interpretation that application of FIA_AFL.1 is only mandatory for password-based authentication, but no additional change is needed beyond that applied by RfI#201818. For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201829.pdf Justification
See issue description |