TD0667: Move Set Wireless Freq Band to Optional/Objective
Publication Date
2022.10.12
Protection Profiles
MOD_WLANC_v1.0
Other References
FMT_SMF.1/WLAN
Issue Description
MOD_WLAN_CLI_V1.0 introduced and mandated a new security management requirement in FMT_SMF.1/WLAN WL-1 for setting wireless frequency bands. The new requirement is: This is problematic because quite a few common TOEs do not support this functionality; this management function requires the administrator (or MDM) to set the network policy to a single bandwidth. Resolution
FMT_SMF.1/WLAN is modified in Section 5.3.5 of the MOD_WLAN_CLI_V1.0 PP-Module to make it Optional/Objective, with strikethroughs denoting deletion and underlines denoting addition: FMT_SMF.1/WLAN Specification of Management Functions (WLAN Client) FMT_SMF.1.1/WLAN The TSF shall be capable of performing the following management functions: Table 3: Management Functions Status Markers:
M - Mandatory
O - Optional/Objective
# Management Function Impl Admin User WL-1 configure security policy for each wireless M M O
network:
- [selection: specify the CA(s) from which
the TSF will accept WLAN authentication
server certificate(s), specify the Fully
Qualified Domain Names (FQDNs) of
acceptable WLAN authentication server
certificate(s)],
- security type,
- authentication protocol,
- client credentials to be used for
authentication,
- set wireless frequency band to [selection:
2.4 GHz, 5 GHz, 6 GHz]
...
WL-11 configure security policy for each wireless O O O
network: set wireless frequency band to
[selection: 2.4 GHz, 5 GHz, 6 GHz]
Justification
See issue description. |