NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0017:  NDPP Audit Shutdown

Publication Date

Protection Profiles

Other References
PP_ND_V1.1_Err2, requirement FAU_SEL.1

Issue Description

NDPP Errata #2 added the shutdown event to FAU_GEN.1. There are many circumstances under which a TOE may be unable to generate a shutdown audit record. If auditing can never be turned off and the TOE generates a startup audit record, is a separate shutdown audit record even necessary or can the startup audit record be used as the sentinel for demarcation between TOE startups and shutdowns?


In the case of an administrative shutdown, a shutdown audit record must be created according to FAU_GEN.1 c). In the case of an uncontrolled shutdown (e.g., power failure, system is unplugged or powered down), it is likely not possible to create a shutdown audit record. In that case, the creation of the startup audit record is sufficient to indicate that a shutdown event occurred, accounting for the break in the audit records.


There are cases where the audit system can only be shut down when the system is shut down. For uncontrolled shutdowns in those cases, the startup audit record can be used to indicate that there was a break in the audit records.

Site Map              Contact Us              Home