NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0287:  FAU_STG.4 Testing

Publication Date
2018.01.25

Protection Profiles
PP_CA_V2.1

Other References
FAU_STG.4

Issue Description

Need clarification on under what conditions Test 1 or Test 2 in FAU_STG.4 apply.

Resolution

Additional text has been added to the application note and TSS activitiy to clarify when Test 1 or Test 2 is required.

 

FAU_STG.4.1                Refinement: The TSF shall [prevent audited events, except those taken by the Auditor] and [assignment: other actions to be taken in case of audit storage failure] if the audit trail cannot be written to.

Application Note:            This requirement applies to the TOE regardless of whether the audit trail is stored within the TOE boundary, on the TOE platform, or on an external system in the Operational Environment. If the audit trail (in whole or in part) is stored locally (either within the TOE boundary or on the TOE platform), then the requirement applies when the audit trail cannot be written to when it is full.  If the audit trail (in whole or in part) is stored on a system external to the TOE platform, then the requirement applies when the connection between the TOE platform and the external audit server becomes disconnected and the audit trail cannot be written to. In the case where the audit trail is external to the TOE and cannot be written to because it is full (and the TOE has some way of detecting that), then the requirement applies in that case as well. In all cases, the ST author is expected to describe (in the TSS) how the TSF is made aware of any such failures and how it behaves in response.

Assurance Activity

TSS

The evaluator shall examine the TSS to ensure it describes the behavior of the TSF when the audit trail cannot be written to.  The evaluator shall ensure the TSS describes where the audit trail is stored (locally, remotely, or both); how the TSF detects audit full conditions if the audit trail is stored locally; whether and how the TSF detects audit full conditions for remote audit repositories; and how the TSF detects loss of communication with external audit repositories (if using an external audit server).  The evaluator shall also ensure the TSS describes what actions can be performed by the Auditor, if any, in each case where the audit trail cannot be written.

Guidance

The evaluator shall examine the operational guidance to ensure it describes what conditions result in the audit trail not being able to be written to, and how an Auditor recognizes that such a condition has occurred. The evaluator shall also examine the operational guidance to ensure it includes remedial steps for correcting such issues.
 

Test

The evaluator shall perform the following tests.  The tests are conditional on where the audit data are being stored.  Test 1 demonstrates the capability of the TOE to react to an indication that the repository is full; this is always applicable if the audit data are stored locally (either within the TOE boundary or on the TOE platform).  If the TOE has a means to detect that a remote audit repository is full, then this test will be run for those types of TOEs as well. Test 2 is only executed in cases where an external repository is supported, and tests the ability of the TOE to detect when the connection to the repository becomes unavailable.

·         Test 1 (conditional): The evaluator shall cause the audit trail to become full, verify that the TSF behaves as documented in the TSS, and verify that a privileged user can perform the documented remedial steps.

·         Test 2 (conditional): If the TOE uses a remote repository in the Operational Environment to store audit data, the evaluator shall cause the audit trail to become unavailable, verify that the TSF behaves as documented in the TSS, and verify that a privileged user can perform the documented remedial steps.

Equivalency

Testing of the TOE may be performed on a subset of the platforms listed in the TOE's ST. Justification must be provided for those platforms that were excluded from testing.
 

 

Justification

See issue description.

 
 
Site Map              Contact Us              Home