Specifications
57
FIA_AFL.1(2)
The reaching of the threshold for the
unsuccessful authentication attempts and
the actions (e.g., disabling of a terminal)
taken and the subsequent, if appropriate,
restoration to the normal state (e.g., re-
enabling of a terminal
None
FIA_ATD.1(3)
None
None
FIA_UAU_(EXT).5(2)
Failure to receive a response from the
remote authentication server
Identification of the
Authentication server that did
not reply
FIA_UID.1
None
None
FMT_MTD.1(4)
Changes to the time data
None
FMT_MTD.1(5)
Changing the TOE audit pre-selection data
None
FMT_SMR.1(2)
Modifications to the group of users that
are part of a role
None
FPT_STM.1(2)
Setting time/date
Identity of the administrator
that performed the action
FTP_ITC_(EXT).1
Initiation/Closure of a trusted channel
Identification of the remote
entity with which the channel
was attempted/created;
Success or failure of the event.
FAU_GEN.1.2(2) The TOE IT Environment shall record within each audit record at least the following
information:
a) Date and time of the event, type of event, subject identity (if applicable), and the
outcome (success or failure) of the event; and
b) For each audit event type, based on the auditable event definitions of the functional
components included in the PP/ST, information specified in column three of Table
15.
6.2.2 FAU_SAR.1 Audit Review
FAU_SAR.1.1 The TOE IT environment shall provide only the [administrator] with the capability to read [all
audit data] from the audit records.
FAU_SAR.1.2 The TOE IT environment TSF shall provide the audit records in a manner suitable for the
administrator to interpret the information.
6.2.3 FAU_SAR.2 Restricted Audit Review
FAU_SAR.2.1 The TOE IT environment shall prohibit all users read access to the audit records, except those
users that have been granted explicit read-access.