User guide

ManualsBrandsAruba ManualsComputer equipment620

Aruba Networks Security Target

Page 21 of 67

FAU_GEN.1.2 The TSF shall record within each audit record at least the following

information:

a) Date and time of the event, type of event, subject identity, and the

outcome (success or failure) of the event; and

b) For each audit event type, based on the auditable event definitions of

the functional components included in the PP/ST, information

specified in column three of Table 11.

Table 11: Auditable events

Requirement

Auditable Events

Additional Audit Record Contents

Guidance Notes

FIA_UIA_EXT.1

All use of the identification

and authentication

mechanism.

Provided user identity, origin of the

attempt

See [SYSLOG] – Security - Warnings

FIA_UAU_EXT.2

All use of the authentication

mechanism.

Origin of the attempt (e.g., IP

address).

Same audit messages apply as for

FIA_UIA_EXT.1.

FPT_STM.1

Changes to the time. The old

and new values for the time.

Origin of the attempt (e.g., IP

address).

See [SYSLOG] – Security – Warnings

for the clock change message. The

audit trail will indicate the IP address

from which the change was made.

FPT_TUD_EXT.1

Initiation of update.

No additional information.

The audit trail will indicate when a new

software image has been copied to the

TOE through use of the “copy”

command. A complete reboot is

required to make an update actually

take effect.

FTA_SSL_EXT.1

Any attempts at unlocking of

an interactive session.

No additional information.

N/A for this TOE. Interactive sessions

are only terminated, not locked.

FTA_SSL.3

The termination of a remote

session by the session

locking mechanism.

No additional information.

See [SYSLOG] – Security - Warnings

FTA_SSL.4

The termination of an

interactive session.

No additional information.

See [SYSLOG] – Security - Warnings

FTP_ITC.1

Initiation of the trusted

channel. Termination of the

trusted channel. Failure of the

trusted channel functions.

Identification of the initiator and target

of failed trusted channels

establishment attempt.

The Inter-TSF trusted channel is

IPsec. Audit messages will be the

same as for FCS_IPSEC_EXT.1.

FTP_TRP.1

Initiation of the trusted

channel. Termination of the

trusted channel. Failures of

the trusted path functions.

Identification of the claimed user

identity.

Depending on whether the remote

administrator is using HTTPS or SSH,

the audit messages will be the same

as FCS_SSH_EXT.1 or

FCS_HTTPS_EXT.1. Audit message

125022 includes the identification of

the claimed user identity.

FCS_IPSEC_EXT.1

Failure to establish an IPsec

SA.

Reason for failure.

See [SYSLOG] message ID 103001

through 103092

Establishment/Termination of

an IPsec SA.

Non-TOE endpoint of connection (IP

address) for both successes and

failures.

See [SYSLOG] message ID 103009,

103077