Specifications
33
4 Security Problem Definition
This section identifies the following:
Significant assumptions about the TOE’s operational environment.
IT related threats to the organization countered by the TOE.
Environmental threats requiring controls to provide sufficient protection.
Organizational security policies for the TOE as appropriate.
This document identifies assumptions as A.assumption with “assumption” specifying a
unique name. Threats are identified as T.threat with “threat” specifying a unique name.
Policies are identified as P.policy with “policy” specifying a unique name.
The Security Problem Definition described below is consistent with that of the PP except as
noted above in the listing of TOE Security Problem Definition Additions.
4.1 Assumptions
The specific conditions listed in the following subsections are assumed to exist in the TOE’s
IT environment. These assumptions include both practical realities in the development of the
TOE security requirements and the essential environmental conditions on the use of the TOE.
The assumptions are identical to the assumptions itemized in [WLANPP].
Table 8 TOE Assumptions
Name
Assumption
A.NO_EVIL
Administrators are non-hostile, appropriately trained and follow
all administrator guidance.
A.NO_GENERAL_PURPOSE
There are no general-purpose computing or storage repository
capabilities (e.g., compilers, editors, or user applications)
available on the TOE.
A.PHYSICAL
Physical security, commensurate with the value of the TOE and
the data it contains, is assumed to be provided by the
environment.
A.TOE_NO_BYPASS
Wireless clients are configured so that information cannot flow
between a wireless client and any other wireless client or host
networked to the TOE without passing through the TOE.
A.CLIENT_PROTECT
Wireless clients and/or their hosts are configured to not allow
unauthorized access to networking services of the wireless client
or to stored TOE authentication credentials.