Re: SFRs - Requirement Specification or Implementation Description?

Subject: Re: SFRs - Requirement Specification or Implementation Description?
From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>
Date: Wed, 6 Dec 2006 09:40:26 +0900
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="UTF-8"
References: <BD3748772E02FB4596FFF09D2CCA06DB019D3745@s228130hz1ew08.apptix-01.savvis.net> <200612011139.09686.out@itsef.com> <00ae01c7176b$5bd677b0$6858a8c0@yokota>


Please correct me.
There is a case that the TOE does not provides the startup time and shutdown
time, but the IT environment does.
In such case, yes, we could say, as discussed here, that:
1) audit startup/shutdown functions are vacuously satisfied, or
2) those functions are to be optional, or
3) an explicitly stated requirement should be used.

Regards,
Hirofumi Yokota

----- Original Message ----- 
From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>
To: "Multiple recipients of list" <cc-cmt@nist.gov>
Sent: Monday, December 04, 2006 3:30 PM
Subject: Re: SFRs - Requirement Specification or Implementation Description?


>
> I think, there are variations. Sometimes, the TOE's startup/shutdown might
> be the audit function's startup/shutdown, or enabling/disabling some
> security modules could be the audit functions startup/shutdown. Or, for
some
> auditable events, disc failures, communication failures and those
recoveries
> might be the audit startup/shutdown functions.
>
> In any above cases we would need to audit the "time", when the auditing is
> enabled and/or disabled.
>
> Regards,
> Hirofumi Yokota
>
>
>
>
>

Follow-Ups:
- RE: SFRs - Requirement Specification or Implementation Description?
  - From: Nir Naaman <nir.naaman@metasec.com>

References:
- RE: SFRs - Requirement Specification or Implementation Description?
  - From: "Squires, Alicia" <Alicia.Squires@savvis.net>
- Re: SFRs - Requirement Specification or Implementation Description?
  - From: "Dirk-Jan Out" <out@itsef.com>
- Re: SFRs - Requirement Specification or Implementation Description?
  - From: "YOKOTA HIROFUMI" <yokota-hirofumi@jqa.jp>

Prev by Date: Re: SFRs - Requirement Specification or Implementation Description?
Next by Date: RE: SFRs - Requirement Specification or Implementation Description?
Prev by thread: Re: SFRs - Requirement Specification or Implementation Description?
Next by thread: RE: SFRs - Requirement Specification or Implementation Description?

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov