[Public Interpretations Database]

I-0370: Clarification Of ``Audit Records''

 
TYPE:                 NIAP Interpretation
NUMBER:               I-0370
STATUS:               Formally Superseded

TITLE:                Clarification Of ``Audit Records''
SUPERSEDED BY:        
     I-0422           Clarification Of ``Audit Records''

EFFECTIVE:            2000-03-27
SUPERSEDED:           2000-12-05

SOURCE REFERENCE:     CC v2.1 Part 2 Subclause 3.6 FAU_STG
                      CC v2.1 Part 2 Subclause C.6 FAU_STG
RELATED TO:
     I-0371           Some Modifications To The Audit Trail Are Authorized
CCIMB ENTRY:          CCIMB-INTERP-0109

STATEMENT

The following interprets the .1 and .2 elements of the FAU_STG.1 and FAU_STG.2 components:

In general, the phrase "audit records" in these elements refers to audit records stored in the "audit trail," as described in the Part 2 Annex. However, the use of the phrase "audit records" in this way does not preclude the actions specified as acceptable in FAU_STG.2.3, FAU_STG.3, and FAU_STG.4.

RECOMMENDED CRITERIA CHANGES

The application notes in the Part 2 Annex for FAU_STG.2 should be clarified to indicate that the use of the term "audit records", in most cases, refers to the entire trail except when a specific subset must be addressed (as in FAU_STG.2.3, FAU_STG.3.*, and FAU_STG.4.*).

The elements for FAU_STG.1.* and FAU_STG.2.* should be modified to add the phrase "in the audit trail" after "audit records" in all elements.

SUPPORT:

This interpretation arises because a confusion is introduced due to the Part 2 usage of the term "Audit Records" as opposed to the term "Audit Trail". The Part 2 Annex, Section C.6, clarifies by implication that the term "Audit Records" refers to the records in the audit trail, as the application notes refer almost exclusively to the "audit trail" or the records in the trail.

The problem is that the current CC Part 2 words are potentially misleading; in particular, FAU_STG.1.2 and FAU_STG.2.2 could be read so as to allow an authorized administrator to modify specific audit records. This appears not to be what was desired.

However, there is a rationale for the use of the term "audit records": it is used in Part 2 to permit truncation of an audit trail (i.e., deletion of some of the records from the trail). Further, there may be the need to permit some assigned action to address a subset of the records in the trail. As a result, it would be inappropriate to simply substitute "audit trail" for "audit records".