PD 0141: OD 0265: Clarification on conformance to consistency issues noted in the U.S. Government Wireless Local Area Network (

Subject: PD 0141: OD 0265: Clarification on conformance to consistency issues noted in the U.S. Government Wireless Local Area Network (
From: "Observation Decisions Review Board" <faigin@aero.org>
Date: Mon, 27 Aug 2007 10:55:39 -0700
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal


The ODRB issued the following PD during its August meeting:

PD#  0141

TITLE

Clarification on conformance to consistency issues noted in the
U.S. Government Wireless Local Area Network (WLAN) Access System
Protection Profile for Basic Robustness Environments

ISSUE

There are several consistency issues in the U.S. Government Wireless
Local Area Network (WLAN) Access System Protection Profile for Basic
Robustness Environments, Version 1.0, April 2006: 

1. The rationale statement for OE.MANAGE provides details that this
   environmental security objective supports the FIA_USB.1 security
   functional requirement component. This appears to be in error as this
   component is not listed in the "Requirements Addressing the
   Objective" column. In addition, FIA_USB.1 is a component that is
   implemented by the TOE.

2. The "Requirements Addressing the Objective" and "Rationale" columns
   for O.MANAGE indicates that this security objective maps to the
   FMT_MTD.1(4) Security Functional Requirement component. The mapping
   to this objective appears to be in error as the component is actually
   implemented by the IT environment and is already mapped to
   OE.TIME_STAMPS.

3. The rationale statement for OE.TOE_NO_BYPASS provides details that
   this environmental security objective supports the FIA_UAU.1 security
   functional requirement component. This appears to be in error as this
   component is actually implemented by the TOE.

4. The "Requirements Addressing the Objective" identifies FDP_ITC_EXP.1
   as mapping to the OE.PROTECT_MGMT_COMMS security objective. This
   appears to be a typographical error as the component should have been
   identified as being FTP_ITC_EXP.1.

RESOLUTION

The issues above are resolved as follows:

1. The reference to FIA_USB.1 is to be deleted from the rationale column
   of OE.MANAGE.

2. The reference to FMT_MTD.1(4) is to be deleted from the rationale
   column of O.MANAGE.

3. The inclusion of the environmental requirement FIA_UAU.1 and its
   mapping to OE.TOE_NO_BYPASS are to remain as they are.

4. The typographical error in the labeling of FTP_ITC_EXP.1 is to be
   corrected. I.e. "FDP..." is changed to "FTP...". 

SUPPORT

1. In addition to the points mentioned in the issue, FIA_USB.1 is in the
   mapping for O.AUDIT_GENERATION. 

2. A similar situation to that in issue #1.

3. This is a requirement for the environment, rather than for the TOE,
   therefore there is no functionality imposed upon the TOE by this
   decision.

4. A common typographical error in CC work is substituting "FDP" for
   "FTP" and vice versa.

Note that, as with all cases where an Precedent Decision results in
interpreting PP differently from its current text, the ST must make the
citations correctly, and then must account for the differences in
wording between the PP and the ST by adding a note in the rationale
section of the ST citing this PD.

HISTORY

2007-08-27
    PD issued. (ODRB August 2007 Agenda Item 3.a.ii)

Prev by Date: PD 0138: Sharing of Peripherals with Memory under the Peripheral Sharing PP
Next by Date: Re: PD 0135: "Overwriting" in the Context of Non-Disk Memory (Medium Robustness Profiles)
Prev by thread: RE: PD 0135: "Overwriting" in the Context of Non-Disk Memory (Medium Robustness Profiles)
Next by thread: Re: PD 0141: OD 0265: Clarification on conformance to consistency issues noted in the U.S. Government Wireless Local Area Network (

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov