NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0237:  FAU_GEN.1.1(2) - FMT_UNR_EXT.1 Audit Record Selection-Based

Publication Date
2017.09.26

Protection Profiles
EP_MDM_AGENT_V3.0

Other References
FAU_GEN.1.1(2); FMT_UNR_EXT.1

Issue Description

The audit record for FMT_UNR_EXT.1 in FAU_GEN.1.1(2) for the MDM Agent EP v3.0 is to record if the TOE unenrolls from management.  However, the TOE could provide no option for a user to attempt to unenroll in the evaluated configuration.

Resolution

MDM Agent EP v3.0:

FAU_GEN.1.1(2):

In Table 1 – Auditable Events, change the row corresponding to FMT_UNR_EXT.1 to

FMT_UNR_EXT.1

[selection: Attempt to unenroll, none]

No additional information

Add to Application Note for FAU_GEN.1.1(2):

The selection for the FMT_UNR_EXT.1 auditable event in Table 1 corresponds to the selection in FMT_UNR_EXT.1. If “apply remediation actions” is selected in FMT_UNR_EXT.1, then the ST author selects “attempt to unenroll” in FAU_GEN.1.1(2) Table 1 for FMT_UNR_EXT.1; otherwise, "none" is selected.

Justification

The audit for FMT_UNR_EXT.1 is to record if the TOE unenrolls from management. However, if the TOE prevents unenrollment from occurring, then there will never be an auditable event corresponding to an unenrollment from management. Thus the audit record for FMT_UNR_EXT.1 should be selection-based, dependent on the selection made in FMT_UNR_EXT.1.

 
 
Site Map              Contact Us              Home