NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0237:  FAU_GEN.1.1(2) - FMT_UNR_EXT.1 Audit Record Selection-Based

Publication Date

Protection Profiles

Other References

Issue Description

The audit record for FMT_UNR_EXT.1 in FAU_GEN.1.1(2) for the MDM Agent EP v3.0 is to record if the TOE unenrolls from management.  However, the TOE could provide no option for a user to attempt to unenroll in the evaluated configuration.


MDM Agent EP v3.0:


In Table 1 – Auditable Events, change the row corresponding to FMT_UNR_EXT.1 to


[selection: Attempt to unenroll, none]

No additional information

Add to Application Note for FAU_GEN.1.1(2):

The selection for the FMT_UNR_EXT.1 auditable event in Table 1 corresponds to the selection in FMT_UNR_EXT.1. If “apply remediation actions” is selected in FMT_UNR_EXT.1, then the ST author selects “attempt to unenroll” in FAU_GEN.1.1(2) Table 1 for FMT_UNR_EXT.1; otherwise, "none" is selected.


The audit for FMT_UNR_EXT.1 is to record if the TOE unenrolls from management. However, if the TOE prevents unenrollment from occurring, then there will never be an auditable event corresponding to an unenrollment from management. Thus the audit record for FMT_UNR_EXT.1 should be selection-based, dependent on the selection made in FMT_UNR_EXT.1.

Site Map              Contact Us              Home