Specifications

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentNetIron CER Series

Brocade MLXe® and NetIron® Family Devices with Multi-Service IronWare R05.7.00

Security Target Version 1., July 15, 2014

Page 18 of 50

Requirement

Auditable Events

Additional Audit Record Contents

FPT_TUD_EXT.1

Initiation of update.

No additional information.

FPT_TST_EXT.1

None.

FTA_SSL_EXT.1

Any attempts at unlocking of an interactive

session.

No additional information.

FTA_SSL.3

The termination of a remote session by the

session locking mechanism.

No additional information.

FTA_SSL.4

The termination of an interactive session.

No additional information.

FTA_TAB.1

None.

FTP_ITC.1

Initiation of the trusted channel.

Termination of the trusted channel.

Failure of the trusted channel functions.

Identification of the initiator and target

of failed trusted channels establishment

attempt.

FTP_TRP.1

Initiation of the trusted channel.

Termination of the trusted channel.

Failures of the trusted path functions.

Identification of the claimed user

identity.

Table 2 Auditable Events

5.1.1.2 User Identity Association (FAU_GEN.2)

FAU_GEN.2.1

For audit events resulting from actions of identified users, the TSF shall be able to associate each

auditable event with the identity of the user that caused the event.

Assurance Activity:

This activity should be accomplished in conjunction with the testing of FAU_GEN.1.1.

5.1.1.3 External Audit Trail Storage (FAU_STG_EXT.1)

FAU_STG_EXT.1.1

The TSF shall be able to [transmit the generated audit data to an external IT entity] using a

trusted channel implementing the [TLS] protocol.

Assurance Activity:

The evaluator shall examine the TSS to ensure it describes the amount of audit data that are stored

locally; what happens when the local audit data store is full; and how these records are protected

against unauthorized access. The evaluator shall also examine the operational guidance to

determine that it describes the relationship between the local audit data and the audit data that are

sent to the audit log server (for TOEs that are not acting as an audit log server). For example,

when an audit event is generated, is it simultaneously sent to the external server and the local

store, or is the local store used as a buffer and “cleared” periodically by sending the data to the

audit server.

The evaluator shall examine the TSS to ensure it describes the means by which the audit data are

transferred to the external audit server, and how the trusted channel is provided. Testing of the

trusted channel mechanism will be performed as specified in the associated assurance activities for

the particular trusted channel mechanism. The evaluator shall also examine the operational

guidance to ensure it describes how to establish the trusted channel to the audit server, as well as

describe any requirements on the audit server (particular audit server protocol, version of the

protocol required, etc.), as well as configuration of the TOE needed to communicate with the audit

server. The evaluator shall perform the following test for this requirement: