This interpretation arises because a confusion is introduced due to the Part 2 usage of the term "Audit Records" as opposed to the term "Audit Trail". The Part 2 Annex, Section C.6, clarifies by implication that the term "Audit Records" refers to the records in the audit trail, as the application notes refer almost exclusively to the "audit trail" or the records in the trail. The problem is that the current CC Part 2 words are potentially misleading; in particular, FAU_STG.1.2 and FAU_STG.2.2 could be read so as to allow an authorized administrator to modify specific audit records. This appears not to be what was desired. However, there is a rationale for the use of the term "audit records": it is used in Part 2 to permit truncation of an audit trail (i.e., deletion of some of the records from the trail). Further, there may be the need to permit some assigned action to address a subset of the records in the trail. As a result, it would be inappropriate to simply substitute "audit trail" for "audit records".

The following interprets the .1 and .2 elements of the FAU_STG.1 and FAU_STG.2 components: In general, the phrase "audit records" in these elements refers to audit records stored in the "audit trail," as described in the Part 2 Annex. However, the use of the phrase "audit records" in this way does not preclude the actions specified as acceptable in FAU_STG.2.3, FAU_STG.3, and FAU_STG.4.

The application notes in the Part 2 Annex for FAU_STG.2 should be clarified to indicate that the use of the term "audit records", in most cases, refers to the entire trail except when a specific subset must be addressed (as in FAU_STG.2.3, FAU_STG.3.*, and FAU_STG.4.*). The elements for FAU_STG.1.* and FAU_STG.2.* should be modified to add the phrase "in the audit trail" after "audit records" in all elements.

This interpretation corrects the confusion identified in the Problem statement. 00/08 Message: Group that submitted RI rethinks their questions.It is now suspended and status changed to "awaiting input".