
33
4 Security Problem Definition
This section identifies the following:
Significant assumptions about the TOE’s operational environment.
IT related threats to the organization countered by the TOE.
Environmental threats requiring controls to provide sufficient protection.
Organizational security policies for the TOE as appropriate.
This document identifies assumptions as A.assumption with “assumption” specifying a
unique name. Threats are identified as T.threat with “threat” specifying a unique name.
Policies are identified as P.policy with “policy” specifying a unique name.
The Security Problem Definition described below is consistent with that of the PP except as
noted above in the listing of TOE Security Problem Definition Additions.
4.1 Assumptions
The specific conditions listed in the following subsections are assumed to exist in the TOE’s
IT environment. These assumptions include both practical realities in the development of the
TOE security requirements and the essential environmental conditions on the use of the TOE.
The assumptions are identical to the assumptions itemized in [WLANPP].
Table 8 TOE Assumptions
Administrators are non-hostile, appropriately trained and follow
all administrator guidance.
There are no general-purpose computing or storage repository
capabilities (e.g., compilers, editors, or user applications)
available on the TOE.
Physical security, commensurate with the value of the TOE and
the data it contains, is assumed to be provided by the
environment.
Wireless clients are configured so that information cannot flow
between a wireless client and any other wireless client or host
networked to the TOE without passing through the TOE.
Wireless clients and/or their hosts are configured to not allow
unauthorized access to networking services of the wireless client
or to stored TOE authentication credentials.
Komentáře k této Příručce