Specifications

ManualsBrandsAruba ManualsComputer equipment620

Security Target Version 1.0 9/29/2014

25

Requirement Auditable Events

Additional Audit

Record Content

Guidance Notes

FCS_SSH_EXT.1

Protocol failures.

Establishment/Termination

of an SSH session.

Reason for failure.

Non-TOE endpoint of

connection (IP address)

for both successes and

failures.

See [SYSLOG] message ID

125022

See [SYSLOG] – Security -

Warnings

FCS_TLS_EXT.1

Protocol failures.

Establishment/Termination

of a TLS session.

Reason for failure.

Non-TOE endpoint of

connection (IP address)

for both successes and

failures.

TLS is only used in the context of

HTTPS. Audit messages for TLS will

be the same as FCS_HTTPS_EXT.1.

FDP_RIP.2

None

FIA_8021X_EXT.1

Attempts to access to the

802.1X controlled port.

Provided client identity

(IP address).

Statistics available through

“show dot1x supplicant-info”

and “show dot1x counters”.

Note: Client identity provided

by MAC address, not IP address.

IP address is not applicable prior

to 802.1X completion.

FIA_AFL.1

The reaching of the

threshold for the

unsuccessful authentication

attempts and the actions

taken (e.g., disabling of an

account) and the

subsequent, if appropriate,

restoration to the normal

state (e.g., re-enabling of a

terminal).

None

See [SYSLOG] message ID

125060

FIA_PMG_EXT.1

None

FIA_PSK_EXT.1

None

FIA_UAU.6

Attempts to re-authenticate.

Origin of the attempt

(e.g., IP address).

Reauthentication is not treated

differently than initial

authentication. Audit for this

activity would be identical to

FIA_UIA_EXT.1.

FIA_UAU.7

None

FIA_UAU_EXT.5

All use of the

authentication mechanism.

Origin of the attempt

(e.g., IP address).

See [SYSLOG] – Security -

Warnings

FIA_UIA_EXT.1

All use of the identification

and authentication

mechanism.

Provided user identity,

origin of the attempt

(e.g., IP address).

See [SYSLOG] – Security -

Warnings

FIA_X509_EXT.1

Attempts to load

certificates.

Attempts to revoke

certificates.

None

Audit messages for these actions

are stored in the configuration

audit trail. For identification, all

certificate management

commands will include the

keywords “crypto-local pki”

with the rest of the message

indicating whether a certificate