TD0807: Corrections for WLAN AS CC Conformance
Publication Date
2024.01.10
Protection Profiles
MOD_WLAN_AS_v1.0
Other References
FAU_GEN.1/WLAN, FMT_SMF.1/AccessSystem, FTP_ITC.1/Client, Table 3, FCS_RADSEC_EXT.2.1
Issue Description
PP-Module for WLAN AS has several minor errors that need fixing to address CC conformance issues. Resolution
FAU_GEN.1/WLAN in Section 5.2.1 of MOD_WLAN_AS_V1.0 is modified as follows (italicize "not specified"), with green highlights indicating the modification: FAU_GEN.1.1/WLAN The TSF shall be able to generate an audit record of the following auditable events: a. Start-up and shutdown of the audit functions; b. All auditable events for the [not specified] level of audit; and c. [Auditable events listed in the Auditable Events table (Table 2) d. Failure of wireless sensor communication] FMT_SMF.1/AccessSystem in Section 5.2.4 of MOD_WLAN_AS_V1.0 is modified as follows (brackets added and all text italicized inside the brackets), with green highlights indicating the modification: FMT_SMF.1.1/AccessSystem The TSF shall be capable of performing the following management functions: [ - Configure the security policy for each wireless network, including: - Security type - Authentication protocol - Client credentials to be used for authentication - Service Set Identifier (SSID) - If the SSID is broadcasted - Frequency band set to [selection: 2.4 GHz, 5 GHz, 6 GHz] - Transmit power level ] FTP_ITC.1.1/Client and FTP_ITC.1.2/Client in Section 5.2.7 of MOD_WLAN_AS_V1.0 are modified as follows (adding bold text, brackets, and italics), with green highlighting indicating the modifications: FTP_ITC.1.1/Client The TSF shall be capable of using WPA3-Enterprise, WPA2-Enterprise and [selection: WPA3-SAE, WPA3-SAE-PK, WPA2-PSK, no other mode] as defined by IEEE 802.11-2020 to provide a trusted communication channel between itself and WLAN clients that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detection of modification of the channel data. FTP_ITC.1.2/Client The TSF shall permit [the authorized IT entities] to initiate communication via the trusted channel. Table 3 in Section 5.3 of MOD_WLAN_AS_V1.0 is modified as follows: O.CRYPTOGRAPHIC_FUNCTIONS: Add the following row under FCS_CKM.2/DISTRIB:
O.AUTHENTICATION: Add the following row under FCS_RADSEC_EXT.2:
FCS_RADSEC_EXT.2.1 in Appendix B.1 of MOD_WLAN_AS_V1.0 is modified as follows (adding bold text), with green highlighting indicating the modifications: FCS_RADSEC_EXT.2.1 The TSF shall implement [selection: TLS 1.2 (RFC 5246), TLS 1.1 (RFC 4346)] and no earlier TLS versions when acting as a RADIUS over TLS client that supports the following ciphersuites:
Justification
See issue description. |