[Public Interpretations Database]

I-0006: Audit Of User-Id For Invalid Login

 
NUMBER:               I-0006
STATUS:               Approved by CCEVS Management and Mailed to Public Mailing
                      List

TITLE:                Audit Of User-Id For Invalid Login
APPROVAL POSTING:     [announce 0329]

EFFECTIVE:            1993-10-20

REQUIREMENT:          Audit
CRITERIA CLASSES:     C2, B1, B2, B3, A1
DOCUMENT(S):          Trusted Facility Manual
RELATED TO:
     I-0187           Auditing User ID On Failed Login Attempts (C1-CI-01-84)

STATEMENT:

The following interprets the requirement that ``The TCB shall be able to record the following types of events: use of identification and authentication mechanisms, ... For each recorded event, the audit record shall identify: date and time of the event, user, type of event, and success or failure of the event.''

While the audit mechanism is required to be capable of producing a record of each login attempt, on failed login attempts it is not required to record in the audit record the character string supplied as the user identity.

PROJECTED IMPACT:

Negligible impact anticipated.

SUPPORT:

This is a restatement of formal interpretation C1-CI-01-84 (I-0187).

Recording the character string on failed login attempts would have the positive aspect of possibly allowing the auditor to identify some types of break-in attempts. It would have the negative aspect of exposing the user's password in the audit log whenever a user mistakenly types a password when an identifier is requested. A flexible implementation would allow the system administrator to decide whether the increased ability to detect break-in attempts is worth the risk of possible password exposure.