Specifications
Security Target Version 1.0 9/29/2014
60
determine the vulnerabilities that have been found in WLAN Access System products in general,
as well as those that pertain to the particular TOE. The evaluator documents the sources consulted
and the vulnerabilities found in the report. For each vulnerability found, the evaluator either
provides a rationale with respect to its non-applicability, or the evaluator formulates a test (using
the guidelines provided in ATE_IND) to confirm the vulnerability, if suitable. Suitability is
determined by assessing the attack vector needed to take advantage of the vulnerability. For
example, if the vulnerability can be detected by pressing a key combination on boot-up, for
example, a test would be suitable at the assurance level of this PP. If exploiting the vulnerability
requires an electron microscope and a tank of liquid nitrogen, for instance, then a test would not be
suitable and an appropriate justification would be formulated.