![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0031: Handling Audit Section Text: Actions vs. Information To Be Recorded
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2002-06-11 |
| Last Modified | 2006-08-02 |
Issue
According to the FIA_UID family in Part 2 of CC version 2.1, the following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
-
Minimal: Unsuccessful use of the user identification mechanism, including the user identity provided.
-
Basic: All use of the user identification mechanism, including the user identity provided.
This seems to combine both the action to be audited and the information to be recorded.
Resolution
A table is often used in both Protection Profiles and Security Targets to record the FAU_GEN auditable actions and the corresponding audit record content. Although the paragraph above labels items ‘a' and ‘b' as "actions", the phrase "including the user identity provided" really identifies the audit record content. Consequently, PP/ST authors should remove the phrase "including the user identity provided" when listing the auditable actions. The "user identity" should be recorded as part of the audit record content for the action.
Support
This issue results from a minor wording situation in the Common Criteria. The intent of the wording, however, is clear, and including the audit record content with the auditable action would not alter the results of an evaluation.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- AFLWPPv1.0
Related NIs:
- None
Related CCIMB-INTERPs:
- None
Source OD: 0016