![[Public Interpretations Database]](/assets/images/public-interps.jpg){kind=small}
I-0372: Audit Records Must Be Protected At All Times
TYPE: NIAP Interpretation
NUMBER: I-0372
STATUS: Withdrawn
REASON: With the approval of I-0422, this becomes a simple
typographical error. It has been incorporated into I-0349.
TITLE: Audit Records Must Be Protected At All Times
SOURCE REFERENCE: CC v2.1 Part 2 Subclause 3.6 FAU_STG
CC v2.1 Part 2 Subclause C.6 FAU_STG
RELATED TO:
I-0370 Clarification Of ``Audit Records''
I-0371 Some Modifications To The Audit Trail Are Authorized
I-0422 Clarification Of ``Audit Records''
ISSUE:
The .1 elements already refer to stored audit records; the word "stored" is missing in the .2 elements.STATEMENT
The following interprets the FAU_STG.1 and FAU_STG.2 components:Audit records must be appropriately protected from the time they are generated.
RECOMMENDED CRITERIA CHANGES
To address this interpretation, FAU_STG.1.2 and FAU_STG.2.2 should be modified to refer to "stored audit records", and that the informative material be modified to clarify that an audit record is considered "stored" beginning at the time it is generated.
SUPPORT:
This queue entry attempts to correct the inconsistency.However, use of the term "stored audit records" makes it unclear when a record is "stored". This queue entry also clarifies that a record is considered stored once it is generated by the TSF. In other words, from the time of generation, the record must be protected. This includes the time when it is in temporary storage or buffers, as well as when it has been written to secondary storage.