TD0287: FAU_STG.4 Testing
Need clarification on under what conditions Test 1 or Test 2 in FAU_STG.4 apply.
Additional text has been added to the application note and TSS activitiy to clarify when Test 1 or Test 2 is required.
FAU_STG.4.1 Refinement: The TSF shall [prevent audited events, except those taken by the Auditor] and [assignment: other actions to be taken in case of audit storage failure] if the audit trail cannot be written to.
Application Note: This requirement applies to the TOE regardless of whether the audit trail is stored within the TOE boundary, on the TOE platform, or on an external system in the Operational Environment. If the audit trail (in whole or in part) is stored locally (either within the TOE boundary or on the TOE platform), then the requirement applies when the audit trail cannot be written to when it is full. If the audit trail (in whole or in part) is stored on a system external to the TOE platform, then the requirement applies when the connection between the TOE platform and the external audit server becomes disconnected and the audit trail cannot be written to. In the case where the audit trail is external to the TOE and cannot be written to because it is full (and the TOE has some way of detecting that), then the requirement applies in that case as well. In all cases, the ST author is expected to describe (in the TSS) how the TSF is made aware of any such failures and how it behaves in response.
See issue description.