Re: I-0387: Auditing Of Audit Storage Failures

Subject: Re: I-0387: Auditing Of Audit Storage Failures
From: "NIAP Interpretations Board" <faigin@aero.org>
Date: Tue, 21 Dec 2004 08:06:36 -0800
Content-description: Mail message body
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Priority: normal



  [NOTE: This proposal is being re-posted after being updated to reflect
  comments the NIB received on its previous posting, or comments arising
  from further NIB discussion of the proposal.]

  The following is a proposal for formal CCEVS guidance related to the
  Common Criteria and ancillary documents. It is being posted in
  accordance with the procedures of the NIB.

  Comments on this proposal are welcomed and should be posted to this
  transaction chain.  If any party wishes to post a comment anonymously,
  the comment should be mailed to cc-cmt@nist.gov in a form suitable for
  posting.  All comments should be posted no later than Monday, January
  10, 2005.


                      CCITSE/CEM  GUIDANCE (PROPOSED)

     _________________________________________________________________

                  I-0387: Auditing Of Audit Storage Failures
     _________________________________________________________________

TYPE:                 Guidance
NUMBER:               I-0387
STATUS:               Ready for External Repost after Interpretations Board
                      Rework/Review

TITLE:                Auditing Of Audit Storage Failures
PREVIOUS POSTING:      [cc-cmt 01250]
COMMENTS DUE BY:      Monday, January 10, 2005 to cc-cmt@nist.gov

SOURCE REFERENCE:     CC v2.1 Part 2 Subclause 3.6 FAU_STG.4
                      CC v2.1 Part 2 Subclause 3.6 FAU_STG.NIAP-0414-1
RELATED TO:
     I-0348           Audit Data Loss Prevention Method May Be Site-Selectable
     I-0414           Site-Configurable Prevention Of Audit Loss

ISSUE:

   The AUDIT section for FAU_STG.4 indicates that the actions taken due
   to the audit storage failure should be audited. However, if there is
   an audit storage failure, this record can?t go into the audit trail?
   Where should the record be stored?

STATEMENT

   When the audit trail is full, the audit related to the action taken
   due to storage failure should be stored in an alternate location.

SUPPORT:

   This interpretation addresses a difficulty that exists in some cases
   of audit storage failure. In particular, this interpretation permits
   the audit record of the failure in such cases to be recorded in an
   alternate location. This will permit retrieval of the record in a
   maintenance mode, when the situation that resulted in audit failure
   may be corrected and normal auditing behavior restored.

   Note: This interpretation is being applied to the CC as modified by
   I-0414.

Prev by Date: Updated PD 0103: Clarify CCEVS Policy for Applying NIAP Interpretations
Next by Date: Re: I-0469: What Does "Initial Startup" Mean For FPT_AMT And FPT_TST?
Prev by thread: Re: I-0387: Auditing Of Audit Storage Failures
Next by thread: I-0395: Security Attributes Include Attributes Of Information And Resources

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov