TD0746: Correction to FPT_RPL.1 Test 25
Publication Date
2023.05.29
Protection Profiles
MOD_MACSEC_V1.0
Other References
FPT_RPL.1, MOD_MACSEC_V1.0-SD
Issue Description
Test 25 for FPT_RPL.1 in the MOD_MACSEC_V1.0 SD has duplicated requirements over two paragraphs, each with slightly different wording. Resolution
FPT_RPL.1 Test 25 in the MOD_MACSEC_V1.0 SD is modified as follows, with highlighted strikethroughs denoting deletion: Test 25: The evaluator shall set up a MACsec connection with an entity in the operational environment. The evaluator shall then capture traffic sent from this remote entity to the TOE. The evaluator shall retransmit copies of this traffic to the TOE in order to impersonate the remote entity where the PN values in the SecTag of these packets are less than the lowest acceptable PN for the SA. The evaluator shall observe that the TSF does not take action in response to receiving these packets and that the audit log indicates that the replayed traffic was discarded. The evaluator shall establish a MACsec connection between the TOE and a test system. The evaluator shall then capture traffic sent from the test system to the TOE. The evaluator shall retransmit copies of this traffic to the TOE in order to impersonate the remote entity where the PN values in the SecTag of these packets are less than the lowest acceptable PN for the SA. The evaluator shall observe that the TSF does not take action in response to receiving these packets and that the audit log indicates that the replayed traffic was discarded. Justification
See issue description. |