![[Public Interpretations Database]](/assets/images/public-interps.jpg){kind=small}
I-0371: Some Modifications To The Audit Trail Are Authorized
TYPE: NIAP Interpretation
NUMBER: I-0371
STATUS: Formally Superseded
TITLE: Some Modifications To The Audit Trail Are Authorized
SUPERSEDED BY:
I-0423 Some Modifications To The Audit Trail Are Authorized
EFFECTIVE: 2000-03-27
SUPERSEDED: 2000-12-11
SOURCE REFERENCE: CC v2.1 Part 2 Subclause 3.6 FAU_STG
CC v2.1 Part 2 Subclause C.6 FAU_STG
RELATED TO:
I-0370 Clarification Of ``Audit Records''
STATEMENT
The following interprets the following elements in FAU_STG:FAU_STG.1.2 The TSF shall be able to [selection: prevent, detect] modifications to the audit records.FAU_STG.2.2 The TSF shall be able to [selection: prevent, detect] modifications to the audit records.
Only unauthorized modifications are prohibited. Modifications to audit records performed in accordance with TSF policy are permitted.
RECOMMENDED CRITERIA CHANGES
To address this interpretation, the Part 2 elements FAU_STG.1.2 and FAU_STG.2.2 should be modified to insert "unauthorised" before "modifications".
SUPPORT:
This interpretation brings the elements into conformance with the words in the Part 2 Annex, by making it explicit that only unauthorized modifications are to be prohibited.Note that the ability to perform authorised modifications of the audit data is a management function addressed by FMT_MTD.1; these changes would be auditable in accordance with the audit section of FMT_MTD.1.