Manualshelf

Installation guide

ManualsBrandsMotorola ManualsComputer equipmentRFS7000 Series
21222324252627282930
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target
Page 26 of 85
5.2.1.15 FIA_UAU.1 Timing of local authentication
FIA_UAU.1.1 The TSF shall allow [identification as provided in FIA_UID.2] on behalf of the user
users to be performed before the user is authenticated.
FIA_UAU.1.2 The TSF shall require each user to be successfully authenticated before allowing any
other TSF-mediated actions on behalf of that user.
5.2.1.16 FIA_UAU_EXP.5(1) Explicit: multiple authentication mechanisms
FIA_UAU_EXP.5.1(1) The TSF shall provide local password-based authentication of
administrators, and a remote authentication mechanism to perform user authentication.
FIA_UAU_EXP.5.2(1) The TSF shall, at the option of the administrator, invoke the remote
password-based authentication mechanism for administrators and the remote EAP-TLS, EAP-
TTLS, or PEAP-based authentication mechanism for wireless LAN users.
Application Note: This explicit requirement is needed for local administrators because there is disagreement
over whether existing CC requirements specifically require the TSF provide authentication. That the TOE
provide authentication is implied by other FIA_UAU requirements, and generally assumed to be a
requirement when other FIA_UAU requirements are included in a TOE. In order to remove any potential
confusion about this ST, an explicit requirement for authentication has been included. This ST mandates that
the TOE provide the client to facilitate remote authentication via an authentication server. The IT
environment will provide the authentication server, and it is important to specify that the TSF must provide
the means for local administrator authentication in case the TOE cannot communicate with the authentication
server.
Since FIA_UAU.5.1(1) and 5.2(1) require that the TSF provide authentication mechanisms, this explicit
requirement is needed with respect to the remote users to specify that the TSF invoke a remote authentication
mechanism rather than provide it.
5.2.1.17 FIA_UID.2 User identification before any action
FIA_UID.2.1 The TSF shall require each user to identify itself before allowing any other TSF-
mediated actions on behalf of that user.
Application Note: This requirement does not refer to management and control packets that must be allowed to
pass between the WLAN client and the access system before authentication. It is assumed that this information
is not user specific and therefore not covered by this requirement.
Application Note: It is also important to note that the identification credential presented to the authentication
server (e.g. a user name) will be related to but not necessarily the same as the identification credential (e.g.
MAC address of a remote system) that is used to enforce FDP_PUD_EXP.
5.2.1.18 FIA_USB.1(1) User-subject binding.
FIA_USB.1.1(1) The TSF shall associate the following wireless user security attributes with
subjects acting on the behalf of that user: [username].