I-0387: Auditing Of Audit Storage Failures
- Subject: I-0387: Auditing Of Audit Storage Failures
- From: "Interpretations Working Group" <iwg@gibraltar.ncsc.mil>
- Date: Fri, 17 Nov 2000 08:46:30 -0800
- Content-type: Multipart/Mixed; boundary=Message-Boundary-28777
- Priority: normal
[0116] (96 lines) iwg@gibraltar.ncsc.mil 11/06/00 1827.04 gmt Mon Common_Criteria
Subject: I-0387: Auditing Of Audit Storage Failures
This transaction consists of a proposal for a National Interpretation of
a Common Criteria document. It is being posted in accordance with the
procedures of the IWG.
Comments on this proposal are welcomed and should be posted to this
transaction chain. If any party wishes to post a comment anonymously,
the comment should be mailed to IWG@gibraltar.ncsc.mil in a form
suitable for posting. All comments should be posted no later than
Friday, December 1, 2000.
CCITSE/CEM NIAP INTERPRETATION (PROPOSED)
_________________________________________________________________
I-0387: Auditing Of Audit Storage Failures
_________________________________________________________________
NUMBER: I-0387
STATUS: Ready for External Review
TYPE: NIAP Interpretation
TITLE: Auditing Of Audit Storage Failures
SOURCE REFERENCE: CC v2.1 Part 2 Subclause 3.6 FAU_STG.4
CC v2.1 Part 2 Subclause 3.6 FAU_STG.NIAP-0414-1
RELATED TO:
I-0348 Audit Data Loss Prevention Method May Be
Site-Selectable
ISSUE:
If the audit storage fills due to lack of storage space for audit, it
is difficult to create an audit record indicating that audit was
disabled.
STATEMENT OF INTERPRETATION:
When the audit storage is full, it is not necessary to audit storage
failures.
SPECIFIC INTERPRETATION:
To address this interpretation, the following change is made to CC
v2.1, Part 2: (additions marked _thusly_; deletions marked _[DEL:_
thusly _:DEL]_
* FAU_STG.4 is relabeled as FAU_STG.4-NIAP-0387. Unless otherwise
noted in these changes, all normative and informative material
associated with FAU_STG.4 is incorporated unchanged into
FAU_STG.4-NIAP-0387, and all references to FAU_STG.4 in the CC,
CEM, or other Common Criteria documentation is changed to refer to
FAU_STG.4-NIAP-0387.
* Subclause 3.6, FAU_STG.4, "Audit" is changed as follows:
Audit: FAU_STG.4_-NIAP-0387_
The following actions should be auditable if FAU_GEN Security audit
data generation is included in the PP/ST:
a) Basic: Actions taken due to the audit storage failure_, if
conditions allow the audit to be recorded_.
* FAU_STG.NIAP-0414-1 is relabeled as FAU_STG.NIAP-0387-1. Unless
otherwise noted in these changes, all normative and informative
material associated with FAU_STG.NIAP-0414-1 is incorporated
unchanged into FAU_STG.NIAP-0387-1, and all references to
FAU_STG.NIAP-0414-1 in the CC, CEM, or other Common Criteria
documentation is changed to refer to FAU_STG.NIAP-0387-1.
* Subclause 3.6, FAU_STG.NIAP-0387-1, "Audit", is changed as
follows:
Audit: FAU_STG.NIAP-0387-1
The following actions should be auditable if FAU_GEN Security audit
data generation is included in the PP/ST:
1. Basic: Actions taken due to the audit storage failure.
2. Basic: Selection of an action to be taken when there is an audit
storage failure_, if conditions allow the audit to be recorded_.
PROJECTED IMPACT:
Negligible impact anticipated.
SUPPORT:
This interpretation addresses a difficulty that exists in some cases
of audit storage failure. In particular, this interpretation permits
the audit record of the failure in such cases to not be recorded.
---[0116]---
0387.pdf
Date Index |
Thread Index |
Problems or questions? Contact list-master@nist.gov