search

ND-iTC / Documents

ND iTC Document repository (NDcPP, ND SD, and all related files)
MIT License
5 stars 1 forks source link

[SD Correction] Some evaluation activities related to audit records are impossible to perform. #291

Open OlegAndrianov opened 1 year ago

OlegAndrianov commented 1 year ago

Provide the location of the issue FAU_STG_EXT.1 Test 4 and FAU_GEN.1

What is the correction request for the cPP? Please describe. PP language in FAU_STG_EXT.1 allows TOE developers option not to provide users with ability to view or export audit records created on the TOE. That creates problems when performing certain evaluation activities:

  1. Log records generated when testing failing connection to the remote audit server will not be accessible:
    • Log records for FTP_ITC.1 Failure of the trusted channel functions.
    • Log records for FIA_X509_EXT.1/Rev Unsuccessful attempt to validate a certificate, when this certificate is provided by remote audit server.
  2. Log records generated when connection to the remote server is not yet established:
    • Start/stop audit function record
    • Startup self-test and its outcome (mandatory log record in VPNGW PP-Module)
  3. Evaluation activity for FAU_STG_EXT.1 Test 4 is also problematic – evaluator has no way to verify existing audit data is overwritten, dropped or other action is performed.

Describe the solution you'd like Add PP language to require at least some form of access to locally stored audit records. Alternative would be to add clarification in the SD on how to perform FAU_STG_EXT.1 Test 4 and FAU_GEN.1 activities in this case.

Describe alternatives you've considered Alternative solution was to make retransmission of local audit records to the remote server mandatory, that would solve 1 and 2 but not 3 as evaluators can easily revert remote audit server to a good state and check transmitted audit records, But that solution still leaves TOE troubleshooting problematic when connection to the remote server fails and cannot be re-established for some reason - misconfiguration, certificate expiration or revocation, etc. This will affect TOE customers as well as evaluators.

Additional context See related #290

KSinitski commented 1 year ago

Related issue: https://github.com/ND-iTC/Documents/issues/117