Archived TD0017: NDPP Audit Shutdown
PP_ND_V1.1_Err2, requirement FAU_SEL.1
NDPP Errata #2 added the shutdown event to FAU_GEN.1. There are many circumstances under which a TOE may be unable to generate a shutdown audit record. If auditing can never be turned off and the TOE generates a startup audit record, is a separate shutdown audit record even necessary or can the startup audit record be used as the sentinel for demarcation between TOE startups and shutdowns?
In the case of an administrative shutdown, a shutdown audit record must be created according to FAU_GEN.1 c). In the case of an uncontrolled shutdown (e.g., power failure, system is unplugged or powered down), it is likely not possible to create a shutdown audit record. In that case, the creation of the startup audit record is sufficient to indicate that a shutdown event occurred, accounting for the break in the audit records.