I-0423: Some Modifications To The Audit Trail Are Authorized
- Subject: I-0423: Some Modifications To The Audit Trail Are Authorized
- From: "Interpretations Working Group" <iwg@gibraltar.ncsc.mil>
- Date: Fri, 17 Nov 2000 08:46:29 -0800
- Content-type: Multipart/Mixed; boundary=Message-Boundary-9205
- Priority: normal
[0122] (102 lines) iwg@gibraltar.ncsc.mil 11/15/00 1817.13 gmt Tue Common_Criteria
Subject: I-0423: Some Modifications To The Audit Trail Are Authorized
This transaction consists of a proposal for a National Interpretation of
a Common Criteria document. It is being posted in accordance with the
procedures of the IWG.
Comments on this proposal are welcomed and should be posted to this
transaction chain. If any party wishes to post a comment anonymously,
the comment should be mailed to IWG@gibraltar.ncsc.mil in a form
suitable for posting. All comments should be posted no later than
Thursday, December 7, 2000.
CCITSE/CEM NIAP INTERPRETATION (PROPOSED)
_________________________________________________________________
I-0423: Some Modifications To The Audit Trail Are Authorized
_________________________________________________________________
NUMBER: I-0423
STATUS: Ready for External Review
TYPE: NIAP Interpretation
TITLE: Some Modifications To The Audit Trail Are Authorized
WOULD SUPERSEDE:
I-0371 Some Modifications To The Audit Trail Are Authorized
SOURCE REFERENCE: CC v2.1 Part 2 Subclause 3.6 FAU_STG
CC v2.1 Part 2 Subclause C.6 FAU_STG
RELATED TO:
I-0371 Some Modifications To The Audit Trail Are Authorized
I-0370 Clarification Of ``Audit Records''
I-0422 Clarification Of ``Audit Records''
ISSUE:
The FAU_STG family does not currently distinguish between authorized
and unauthorized modifications to the audit records. The modification
controls imposed appear to be related only to unauthorized
modifications.
STATEMENT OF INTERPRETATION:
Only unauthorized modifications are prohibited. Modifications to audit
records performed in accordance with TSF policy are permitted.
SPECIFIC INTERPRETATION:
To address this interpretation, the following changes are made to CC
v2.1, Part 2: (additions marked _thusly_; deletions marked _[DEL:_
thusly _:DEL]_ )
* FAU_STG.1-NIAP-0422 is relabeled as FAU_STG.1-NIAP-0423. Unless
otherwise noted in these changes, all normative and informative
material associated with FAU_STG.1-NIAP-0422 is incorporated
unchanged into FAU_STG.1-NIAP-0423, and all references to
FAU_STG.1-NIAP-0422 in the CC, CEM, or other Common Criteria
documentation is changed to refer to FAU_STG.1-NIAP-0423.
* In Subclause 3.6, FAU_STG.1.2-NIAP-0422 is replaced with the
following:
FAU_STG.1.2_-NIAP-0423_ The TSF shall be able to [selection:
prevent, detect] _unauthorised_ modifications to the audit records
in the audit trail.
* In Subclause 3.6, FAU_STG.2.2-NIAP-0422 is replaced with the
following:
FAU_STG.2.2_-NIAP-0423_ The TSF shall be able to [selection:
prevent, detect] _unauthorised_ modifications to the audit records
in the audit trail.
PROJECTED IMPACT:
Negligible impact anticipated.
SUPPORT:
This interpretation brings the elements into conformance with the
words in the Part 2 Annex, by making it explicit that only
unauthorized modifications are to be prohibited.
Note that the ability to perform authorised modifications of the audit
data is a management function addressed by FMT_MTD.1; these changes
would be auditable in accordance with the audit section of FMT_MTD.1.
Notes:
* In the criteria changes, International English is used for
conformity with the underlying component.
* This interpretation is being applied to the CC as modified by
I-0422.
* This interpretation is superseding a previously-approved formal
interpretation primarily to reflect modifications to the
interpretation format. The intent of the interpretation has not
been changed, although some specifics of the criteria changes or
the support may have been clarified or corrected.
---[0122]---
0423.pdf
Date Index |
Thread Index |
Problems or questions? Contact list-master@nist.gov