The audit record for FMT_UNR_EXT.1 in FAU_GEN.1.1(2) for the MDM Agent EP v3.0 is to record if the TOE unenrolls from management.  However, the TOE could provide no option for a user to attempt to unenroll in the evaluated configuration.

MDM Agent EP v3.0:

FAU_GEN.1.1(2):

In Table 1 – Auditable Events, change the row corresponding to FMT_UNR_EXT.1 to

Add to Application Note for FAU_GEN.1.1(2):

The selection for the FMT_UNR_EXT.1 auditable event in Table 1 corresponds to the selection in FMT_UNR_EXT.1. If “apply remediation actions” is selected in FMT_UNR_EXT.1, then the ST author selects “attempt to unenroll” in FAU_GEN.1.1(2) Table 1 for FMT_UNR_EXT.1; otherwise, "none" is selected.

The audit for FMT_UNR_EXT.1 is to record if the TOE unenrolls from management. However, if the TOE prevents unenrollment from occurring, then there will never be an auditable event corresponding to an unenrollment from management. Thus the audit record for FMT_UNR_EXT.1 should be selection-based, dependent on the selection made in FMT_UNR_EXT.1.