Re: Interpretation of FAU_SEL.1.1 and FAU_STG.4.1

["YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>]

"NIAP Interpretations Board" wrote on Wednesday, December 22, 2004:


> The NIB agrees to some extent; however, in this case an isolated question
was
> presented with no information regarding FAU_STG.1, Protected Audit Trail
> Storage, which is a dependency on FAU_STG.4. The NIB was assuming this
> dependency was applied to the TOE (in the absence of other information);
Jim
> was assuming it was met by the environment.
>

Does this mean that if an SFR-A depends on an SFR-B that is satisfied by the
IT environment then the SFR-A must also be moved to the IT environment?
We see, in many STs, that FPT_STM.1 is satisfied by the IT environment
(Hardware ), yet the FPT_SMT dependent FAU_GEN.1 is satisfied by the TOE.
I think NIB allows this.

>
> Lastly, the NIB notes that, in CC v2.1/v2.2, there is actually no specific
> requirement that states the TSF shall store the audit records, just as
there is
> no requirement that the TSF shall authenticate users. These are implied
> requirements and demonstrate some of the problems in CC v2.1/v2.2.
Hopefully,
> these will be corrected in v3.0.
>

I agree that "authenticate users" and "identifiy users" are provided as an
each isolated SFR.
But, "store the audit records"?

What security aspects could we find in the function?

I think, the existing FAU_STG.2.3(below) is sufficient to deal with the
function and to think about the security, isn't it?.

FAU_STG.2.3
The TSF shall ensure that [assignment: metric for saving audit records]
audit records will be maintained when the following conditions occur:
[selection: audit storage exhaustion, failure, attack].

Regards,

Yokota