[Public Interpretations Database]

I-0423: Some Modifications To The Audit Trail Are Authorized

 
TYPE:                 NIAP Interpretation
NUMBER:               I-0423
STATUS:               Formally Superseded

TITLE:                Some Modifications To The Audit Trail Are Authorized
SUPERSEDES:
     I-0371           Some Modifications To The Audit Trail Are Authorized
SUPERSEDED BY:        
     CCIMB-INTERP-0141

EFFECTIVE:            2000-12-11
SUPERSEDED:           2003-07-15

SOURCE REFERENCE:     CC v2.1 Part 2 Subclause 3.6 FAU_STG
                      CC v2.1 Part 2 Subclause C.6 FAU_STG
RELATED TO:
     I-0371           Some Modifications To The Audit Trail Are Authorized
     I-0370           Clarification Of ``Audit Records''
     I-0422           Clarification Of ``Audit Records''
CCIMB ENTRY:          CCIMB-INTERP-0141

ISSUE:

The FAU_STG family does not currently distinguish between authorized and unauthorized modifications to the audit records. The modification controls imposed appear to be related only to unauthorized modifications.

STATEMENT

Only unauthorized modifications are prohibited. Modifications to audit records performed in accordance with TSF policy are permitted.

RECOMMENDED CRITERIA CHANGES

To address this interpretation, the following changes are made to CC v2.1, Part 2: (additions marked thusly; deletions marked thusly)

  • FAU_STG.1-NIAP-0422 is relabeled as FAU_STG.1-NIAP-0423. Unless otherwise noted in these changes, all normative and informative material associated with FAU_STG.1-NIAP-0422 is incorporated unchanged into FAU_STG.1-NIAP-0423, and all references to FAU_STG.1-NIAP-0422 in the CC, CEM, or other Common Criteria documentation is changed to refer to FAU_STG.1-NIAP-0423.

  • In Subclause 3.6, FAU_STG.1.2-NIAP-0422 is replaced with the following:

    FAU_STG.1.2-NIAP-0423 The TSF shall be able to [selection: prevent, detect] unauthorised modifications to the audit records in the audit trail.

  • In Subclause 3.6, FAU_STG.2.2-NIAP-0422 is replaced with the following:

    FAU_STG.2.2-NIAP-0423 The TSF shall be able to [selection: prevent, detect] unauthorised modifications to the audit records in the audit trail.

SUPPORT:

This interpretation brings the elements into conformance with the words in the Part 2 Annex, by making it explicit that only unauthorized modifications are to be prohibited.

Note that the ability to perform authorised modifications of the audit data is a management function addressed by FMT_MTD.1; these changes would be auditable in accordance with the audit section of FMT_MTD.1.

Notes:

  • In the criteria changes, International English is used for conformity with the underlying component.

  • This interpretation is being applied to the CC as modified by I-0422.

  • This interpretation is superseding a previously-approved formal interpretation primarily to reflect modifications to the interpretation format. The intent of the interpretation has not been changed, although some specifics of the criteria changes or the support may have been clarified or corrected.