jfisherbah
commented
3 years ago SME discussion determined auditable events not necessary.
To address feedback on the requirement, the following is proposed:
a. Make an extended requirement to trigger the WPA3 version, e.g.
FCS_WPA_EXT.1 The TSF shall support WPA3 and [selection: WPA2, no other] key generation.
b. Take FCS_CKM.1/WLAN, rename to “FCS_CKM.1/WPA2,” and make it selection-based depending on “WPA2” being selected in the trigger requirement. c. Make a new selection-based requirement depending on “WPA3” being selected in the trigger requirement:
FCS_CKM.1.1/WPA3 The TSF shall generate symmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm *[PRF-384 and [selection: PRF-512, PRF-704, no other algorithm] (as defined in IEEE 802.11ax-2021)] and specified key sizes: [256 bits and [selection: 128 bits, 192 bits, no other key size] using a Random Bit Generator as specified in FCS_RBG_EXT.1**.
- believe IEEE 802.11ax-2021 is the appropriate standard to cite here but confirmation is needed
kgal
Comment With regards to cryptographic key generation, the current requirement needs to be updated to reflect WPA3 key derivation and support 802.11ax, or a separate requirement should be created tailored to SAE-PK.
Auditable Event(s) Attempts to use unauthorized key generation algorithms Key management systems, to check all keys are compliant