robertmclemons
commented
3 years ago Made a note of this, but I think it is intentional that certificate- and credential-based failures are not counted.
Closed robertmclemons closed 3 years ago
robertmclemons
commented
3 years ago Made a note of this, but I think it is intentional that certificate- and credential-based failures are not counted.
robertmclemons
commented
3 years ago It turns out that it is intentional that certificate-based authentication failures are not counted.
Change the list of remote authentication methods to "remote authentication based on [selection: username and password, username and a PIN that releases an asymmetric key stored in OE-protected storage, X.509 certificates, SSH public-key credential]"
As currently worded, FIA_UAI.5.1 and FIA_AFL_EXT.1.1 are in disharmony; there are FIA_UAU.5.1 remote login methods for which no failure handling is required! This change synchronizes the authentication methods between FIA_AFL_EXT.1.1 and FIA_UAU.5.1 (as previously existed in v1.0 of the PP).