Re: I-0387: Auditing Of Audit Storage Failures

Subject: Re: I-0387: Auditing Of Audit Storage Failures
From: "NIAP Interpretations Board" <faigin@aero.org>
Date: Tue, 21 Dec 2004 07:47:27 -0800
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal

"Arnold, James L. Jr." <JAMES.L.ARNOLD.JR@saic.com> wrote:

> I am a little confused about which requirement this applies to.
> FAU_STG.4 is about what happens when the audit trail becomes full. If 
> events are overwritten or ignored, for example, I don't see the problem. 
> I would tend to think PPs would require what they want and STs would 
> claim what they do. Is there an expectation that this event needs to 
> be generated in the first place?

There seems to be a bit of a misunderstanding here. 

I-0387 will be updated so that the Issue more clearly explains that the cause 
of the problem is the Audit section that identifies the auditable events for 
each of the Part 2 requirements. For FAU_STG.4, this Audit section (paragraph 
136, CCv2.1 Part 2) says that audit storage failures need to be audited, which 
prompts the question of where this audit record is to be stored.

Prev by Date: NIB Postings: Third Times The Charm!
Next by Date: Re: I-0480: Components Written As Environmental Actions
Prev by thread: RE: I-0387: Auditing Of Audit Storage Failures
Next by thread: Re: I-0387: Auditing Of Audit Storage Failures

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov