Раздел: Документация
0 ... 8 9 10 11 12 13 14 ... 117 3.4 Security audit review (FAU SAR) Family behaviour This family defines the requirements for audit tools that should be available to authorised users to assist in the review of audit data. Component levelling FAUSAR Security audit review FAUSAR.1 Audit review provides the capability to read information from the audit records. FAU SAR.2 Restricted audit review requires that there are no other users except those that have been identified in FAUSAR.1 that can read the information. FAU SAR.3 Selectable audit review requires audit review tools to select the audit data to be reviewed based on criteria. Management: FAUSAR.1 The following actions could be considered for the management functions in FMT: a) maintenance (deletion, modification, addition) of the group of users with read access right to the audit records. Management: FAUSAR.2, FAUSAR.3 There are no management activities foreseen. Audit: FAU SAR.1 The following actions should be auditable if FAUGEN Security audit data generation is included in the PP/ST: a) Basic: Reading of information from the audit records. Audit: FAU SAR.2 The following actions should be auditable if FAUGEN Security audit data generation is included in the PP/ST: a) Basic: Unsuccessful attempts to read information from the audit records.  Audit: FAUSAR.3 The following actions should be auditable if FAUGEN Security audit data generation is included in the PP/ST: a) Detailed: the parameters used for the viewing. FAUSAR.1 Audit review This component will provide authorised users the capability to obtain and interpret the information. In case of human users this information needs to be in a human understandable presentation. In case of external IT entities the information needs to be unambiguously represented in an electronic fashion. Hierarchical to: No other components. FAUSAR.1.1 The TSF shall provide [assignment: authorised users] with the capability to read [assignment: list of audit information] from the audit records. FAUSAR.1.2 The TSF shall provide the audit records in a manner suitable for the user to interpret the information. Dependencies: FAUGEN.1 Audit data generation FAU SAR.2 Restricted audit review Hierarchical to: No other components. FAUSAR.2.1 The TSF shall prohibit all users read access to the audit records, except those users that have been granted explicit read-access. Dependencies: FAUSAR.1 Audit review FAU SAR.3 Selectable audit review Hierarchical to: No other components. FAUSAR.3.1 The TSF shall provide the ability to perform [selection: searches, sorting, ordering] of audit data based on [assignment: criteria with logical relations]. Dependencies: FAUSAR.1 Audit review 3.5 Security audit event selection (FAU SEL) Family behaviour This family defines requirements to select the events to be audited during TOE operation. It defines requirements to include or exclude events from the set of auditable events. I FAUSEL Security audit event selectionI-1 1 I FAU SEL.1 Selective audit, requires the ability to include or exclude events from the set of audited events based upon attributes to be specified by the PP/ST author. Management: FAUSEL. 1 The following actions could be considered for the management functions in FMT: a) maintenance of the rights to view/modify the audit events. Audit: FAUSEL.1 The following actions should be auditable if FAUGEN Security audit data generation is included in the PP/ST: a) Minimal: All modifications to the audit configuration that occur while the audit collection functions are operating. FAUSEL.1 Selective audit Hierarchical to: No other components. FAUSEL.1.1 The TSF shall be able to include or exclude auditable events from the set of audited events based on the following attributes: a)[selection: object identity, user identity, subject identity, host identity, event type] b)[assignment: list of additional attributes that audit selectivity is based upon]. Dependencies: FAUGEN.1 Audit data generation FMTMTD.1 Management of TSF data 0 ... 8 9 10 11 12 13 14 ... 117
|
