Раздел: Документация

0 ... 9 10 11 12 13 14 15 ... 117

3.6 Security audit event storage (FAU STG)

Family behaviour

This family defines the requirements for the TSF to be able to create and maintain a secure audit trail.

Component levelling

FAUSTG Security audit event storage

3- 4

At FAUSTG.1 Protected audit trail storage, requirements are placed on the audit trail. It will be protected from unauthorised deletion and/or modification.

FAUSTG.2 Guarantees of audit data availability specifies the guarantees that the TSF maintains over the audit data given the occurrence of an undesired condition.

FAUSTG.3 Action in case of possible audit data loss specifies actions to be taken if a threshold on the audit trail is exceeded.

FAUSTG.4 Prevention of audit data loss specifies actions in case the audit trail is full.

Management: FAU STG.1

There are no management activities foreseen.

Management: FAU STG.2

The following actions could be considered for the management functions in FMT: a) maintenance of the parameters that control the audit storage capability.

Management: FAUSTG.3

The following actions could be considered for the management functions in FMT:

a)maintenance of the threshold;

b)maintenance (deletion, modification, addition) of actions to be taken in case of imminent audit storage failure.

Management: FAU STG.4

The following actions could be considered for the management functions in FMT:

1

2

---

a) maintenance (deletion, modification, addition) of actions to be taken in case of audit storage failure.

Audit: FAUSTG.1, FAUSTG.2

There are no actions identified that should be auditable if FAU GEN Security audit data generation is included in the PP/ST.

Audit: FAU STG.3

The following actions should be auditable if FAUGEN Security audit data generation is included

in the PP/ST:

a) Basic: Actions taken due to exceeding of a threshold.

Audit: FAU STG.4

The following actions should be auditable if FAUGEN Security audit data generation is included

in the PP/ST:

a) Basic: Actions taken due to the audit storage failure.

FAU STG.1 Protected audit trail storage Hierarchical to: No other components.

FAU STG.1.1 The TSF shall protect the stored audit records from unauthorised deletion.

FAUSTG.1.2 The TSF shall be able to [selection: prevent, detect] modifications to the audit records.

Dependencies: FAUGEN.1 Audit data generation

FAUSTG.2 Guarantees of audit data availability

Hierarchical to: FAU STG.1

FAU STG.2.1 The TSF shall protect the stored audit records from unauthorised deletion.

FAUSTG.2.2 The TSF shall be able to [selection: prevent, detect] modifications to the audit records.

FAUSTG.2.3 The TSF shall ensure that [assignment: metric for saving audit records] audit records will be maintained when the following conditions occur: [selection:

audit storage exhaustion, failure, attack].

Dependencies: FAUGEN. 1 Audit data generation

---

FAUSTG.3 Action in case of possible audit data loss

Hierarchical to: No other components.

FAUSTG.3.1 The TSF shall take [assignment: actions to be taken in case of possible audit storage failure] if the audit trail exceeds [assignment: pre-defined limit].

Dependencies: FAUSTG.1 Protected audit trail storage

FAUSTG.4 Prevention of audit data loss

Hierarchical to: FAU STG.3

FAUSTG.4.1 The TSF shall [selection: ignore auditable events, prevent auditable events, except those taken by the authorised user with special rights, overwrite the oldest stored audit records] and [assignment: other actions to be taken in case of audit storage failure] if the audit trail is full.

Dependencies: FAUSTG.1 Protected audit trail storage

0 ... 9 10 11 12 13 14 15 ... 117