Closed jfisherbah closed 2 years ago
Agree that the current refinement does not change the base SFR, and that an iteration for user authentication failures is good. Will bring up at TC.
Iteration FIA_AFL.1/AuthSvr was added, assume this is now resolved.
The current Auth Server Module draft lists FIA_AFL.1 as a Modified SFR from the NDcPP but does not make any refinements or other modifications to it. This SFR applies to authentication failure handling for administrators (i.e. individuals who would authenticate to the TOE to manage it). We currently do not have an SFR to capture authentication failure handling for users (i.e. individuals who are trying to access some other enterprise resources where the TOE is responsible for authenticating them as part of determining whether the access should be authorized).
The following is proposed: