Re: Interpretation of FAU_SEL.1.1 and FAU_STG.4.1

["NIAP Interpretations Board" <faigin@aero.org>]

After the August 2004 NIB meeting, the NIB responded to a question raised by 
Montse Rubia regarding FAU_STG.4 in a system that appeared to be storing the 
audit in an external database system. The NIB noted that the TOE in question 
would actually fail FAU_STG.4, because the TSF doesn't actually store the 
audit.

In his 4 September 2004 email, Jim Arnold disagreed with this, indicating that 
he believes that "FAU_STG.4 is about what happens when the audit trail is full 
(or, in other words, when audit records cannot be saved)", and that FAU_STG.4 
had nothing to do with the actual storage of the records.

The NIB agrees to some extent; however, in this case an isolated question was 
presented with no information regarding FAU_STG.1, Protected Audit Trail 
Storage, which is a dependency on FAU_STG.4. The NIB was assuming this 
dependency was applied to the TOE (in the absence of other information); Jim 
was assuming it was met by the environment.

As Jim's email indicates, it is very important to be precise when posting 
questions. If you provide inadequate information, often the response(s) will be 
inadequate.

Lastly, the NIB notes that, in CC v2.1/v2.2, there is actually no specific 
requirement that states the TSF shall store the audit records, just as there is 
no requirement that the TSF shall authenticate users. These are implied 
requirements and demonstrate some of the problems in CC v2.1/v2.2. Hopefully, 
these will be corrected in v3.0.