Раздел: Документация
0 ... 6 7 8 9 10 11 12 ... 117 3.1 Security audit automatic response (FAU ARP) Family behaviour This family defines the response to be taken in case of detected events indicative of a potential security violation. Component levelling I FAUARP Security audit automatic responseI-1 1 I At FAUARP. 1 Security alarms, the TSF shall take actions in case a potential security violation is detected. Management: FAUARP. 1 The following actions could be considered for the management functions in FMT: a) the management (addition, removal, or modification) of actions. Audit: FAUARP.1 The following actions should be auditable if FAUGEN Security audit data generation is included in the PP/ST: a) Minimal: Actions taken due to imminent security violations. FAUARP.1 Security alarms Hierarchical to: No other components. FAUARP.1.1 The TSF shall take [assignment: list of the least disruptive actions] upon detection of a potential security violation. Dependencies: FAUSAA.1 Potential violation analysis 3.2 Security audit data generation (FAU GEN) Family behaviour This family defines requirements for recording the occurrence of security relevant events that take place under TSF control. This family identifies the level of auditing, enumerates the types of events that shall be auditable by the TSF, and identifies the minimum set of audit-related information that should be provided within various audit record types. Component levelling FAU GEN Security audit data generation  FAU GEN.1 Audit data generation defines the level of auditable events, and specifies the list of data that shall be recorded in each record. At FAU GEN.2 User identity association, the TSF shall associate auditable events to individual user identities. Management: FAUGEN.1, FAUGEN.2 There are no management activities foreseen. Audit: FAUGEN.1, FAUGEN.2 There are no actions identified that should be auditable if FAU GEN Security audit data generation is included in the PP/ST. FAUGEN.1 Audit data generation Hierarchical to: No other components. FAUGEN.1.1 The TSF shall be able to generate an audit record of the following auditable events: a)Start-up and shutdown of the audit functions; b)All auditable events for the [selection: minimum, basic, detailed, not specified] level of audit; and c)[assignment: other specifically defined auditable events]. FAUGEN.1.2 The TSF shall record within each audit record at least the following information: a)Date and time of the event, type of event, subject identity, and the outcome (success or failure) of the event; and b)For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, [assignment: other audit relevant information] Dependencies: FPTSTM.1 Reliable time stamps FAUGEN.2 User identity association Hierarchical to: No other components. FAUGEN.2.1 The TSF shall be able to associate each auditable event with the identity of the user that caused the event. Dependencies: FAUGEN.1 Audit data generation FIAUID.1 Timing of identification 0 ... 6 7 8 9 10 11 12 ... 117
|
