Closed kgal closed 9 years ago
For the record: FAU_SAR.1.1: The TSF shall provide [assignment: authorised users] with the capability to read [assignment: list of audit information] from the audit records.
FPT_ACF_EXT.1.2: The OS shall implement access controls which prohibit unprivileged subjects from reading: Security audit logs, list of other objects.
I agree there is no need to add it, since it is already covered in FPT_ACF_EXT.1.
You could put FAU_SAR.1 (is there a .1.2 also, that we meet?) into the Appendix D, as it is an implicitly satisfied requirement, with this justification.
On Wed, Jun 24, 2015 at 8:39 AM, kgal notifications@github.com wrote:
For the record: FAU_SAR.1.1: The TSF shall provide [assignment: authorised users] with the capability to read [assignment: list of audit information] from the audit records.
FPT_ACF_EXT.1.2: The OS shall implement access controls which prohibit unprivileged subjects from reading: Security audit logs, list of other objects.
— Reply to this email directly or view it on GitHub https://github.com/commoncriteria/operatingsystem/issues/69#issuecomment-114853021 .
Jeffrey Blank 410-854-8675 Operating Systems and Applications Division Systems and Technologies Analysis Group NSA Information Assurance
Oh I just had to look. FAU_SAR.2 states "The TSF shall provide the audit records in a manner suitable for the user to interpret the information."
This is ridiculous. I think you could still claim all of FAU_SAR.1, just since .1.2 since I find it ludicrous to believe that a system would create audit records that cannot be read.
Yes, there was much snickering at 1.2.
We decided FPT_ACF_EXT.1.2 is clearer than FAU_SAR.1.1, so we're keeping it.
Possibly replace with FAU_SAR.1