Specifications
Security Target Version 1.0 9/29/2014
28
mechanisms directly. For example, testing to ensure the TOE can detect replay attempts will more
than likely be done to demonstrate that requirement FPT_RPL.1 is satisfied. Another example is
that testing performed to ensure that the administrative guidance provided is correct verifies that
AGD_OPE.1 is satisfied and should address the invocation of the administrative actions that are
needed to verify the audit records are generated as expected.
FAU_GEN.1.2
The TSF shall record within each audit record at least the following information: a) Date and time
of the event, type of event, subject identity, and the outcome (success or failure) of the event; and
b) For each audit event type, based on the auditable event definitions of the functional components
included in the PP/ST, [information specified in column three of Table 2 Audit Events].
Assurance Activity:
This activity should be accomplished in conjunction with the testing of FAU_GEN.1.1.
5.2.1.2 User Audit Association (FAU_GEN.2)
FAU_GEN.2.1
For audit events resulting from actions of identified users, the TSF shall be able to associate each
auditable event with the identity of the user that caused the event.
Component Assurance Activity:
This activity should be accomplished in conjunction with the testing of FAU_GEN.1.1.
5.2.1.3 Audit Review (FAU_SAR.1)
FAU_SAR.1.1
The TSF shall provide Authorized Administrators with the capability to read all audit data from
the audit records.
FAU_SAR.1.2
Refinement: The TSF shall provide the audit records in a manner suitable for the user
Authorized
Administrators to interpret the information.
5.2.1.4 Restricted Audit Review (FAU_SAR.2)
FAU_SAR.2.1
Refinement: The TSF shall prohibit all users read access to the audit records in the audit trail,
except Authorized Administrators.
5.2.1.5 Selective Audit (FAU_SEL.1)
FAU_SEL.1.1
The TSF shall be able to select the set of events to be audited from the set of all auditable events
based on the following attributes: a) event type; b) success of auditable security events; c) failure
of auditable security events; and d) [device interface and wireless client identity].
Assurance Activity:
The evaluator shall review the administrative guidance to ensure that the guidance itemizes all
event types, as well as describes all attributes that are to be selectable in accordance with the
requirement, to include those attributes listed in the assignment. The administrative guidance shall
also contain instructions on how to set the pre-selection, as well as explain the syntax (if present)
for multi-value pre-selection. The administrative guidance shall also identify those audit records
that are always recorded, regardless of the selection criteria currently being enforced.
The evaluator shall also perform the following tests:
Test 1: For each attribute listed in the requirement, the evaluator shall devise a test to show that
selecting the attribute causes only audit events with that attribute (or those that are always
recorded, as identified in the administrative guidance) to be recorded.