PD 0140: Clarification on conformance to consistency issues noted in the U.S. Government Wireless Local Area Network (WLAN) Cli

Subject: PD 0140: Clarification on conformance to consistency issues noted in the U.S. Government Wireless Local Area Network (WLAN) Cli
From: "Observation Decisions Review Board" <faigin@aero.org>
Date: Mon, 27 Aug 2007 10:55:38 -0700
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal


During its August 2007, the ODRB issued the following PD:

PD# 0140

TITLE

Clarification on conformance to consistency issues noted in the
U.S. Government Wireless Local Area Network (WLAN) Client for Basic
Robustness Environments Protection Profile  

ISSUE

There are several consistency issues in the U.S. Government Wireless
Local Area Network (WLAN) Client for Basic Robustness Environments
Protection Profile, Version 1.0, March 2006. These issues are: 

1. The Security Functional Requirement component FPT_TST.1 is mentioned
   in several sections but should have been identified as FPT_TST_EXP.1
   for consistency throughout the document.

2. The Security Functional Requirement component FAU_SAR.3 is identified
   as being implemented in the IT environment, but has not been traced
   to a security objective in the IT environment. Rationale does not
   exist as to how this component would satisfy a security objective in
   the IT environment. Traceability from a corresponding security
   objective to specific threat and/or Organizational Security Policy is
   also absent.

RESOLUTION

All references in the ST claiming this PP to FPT_TST.1 shall be changed
to FPT_TST_EXP.1. A note shall be added to the rationale section of the
ST explaining the difference in wording and citing this PD. 

The ST shall include a mapping of FAU_SAR.3 to OE.MANAGE. A note shall
be added to the rationale section of the ST explaining the mapping and
citing this PD. 

SUPPORT

The wording of FPT_TST.1 in the PP differs from that of the CC, and
should have been identified as an explicitly-stated requirement with the
label FPT_TST_EXP.1. The resulting difference between the PP labeling
and that in the ST would be best accounted for in the rationale section
of the ST. 

FAU_SAR.3 was incorrectly left unmapped to an environmental objective in
the PP. No additional functionality is imposed upon the TOE, only a
requirement for the environment. 

HISTORY

2007-08-27
    PD created. (ODRB August 2007 Agenda Item 3.a.i)

Prev by Date: Re: PD 0135: "Overwriting" in the Context of Non-Disk Memory (Medium Robustness Profiles)
Next by Date: Re: PD 0141: OD 0265: Clarification on conformance to consistency issues noted in the U.S. Government Wireless Local Area Network (
Prev by thread: CC v4 ideas and suggestions
Next by thread: Re: PD 0140: Clarification on conformance to consistency issues noted in the U.S. Government Wireless Local Area Network (WLAN) Cli

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov