Canmove, confirm
937
edits
Changes
→Configuring Discretionary Access Control
'''N/A'''. The NSS cryptographic module does not support manual entry of cryptographic keys and CSPs.
==Auditable Events==
<div class=note>Many auditable events required by FIPS 140-2 are related to the crypto officer role. In the NSS cryptographic module, the crypto officer role is only used to perform these functions:
* install the module,
* initialize or re-initialize the module, and
* initialize the NSS User's password.
Moreover, the operator assumes the crypto officer role implicitly when he performs a crypto officer function. No explicit request or authentication (beyond logging into the OS user account) is required.</div>
The following events are auditable by the NSS cryptographic module.
* attempts to provide invalid input for crypto officer functions
** We log the use of all crypto officer functions (see below) with the return code. The return code tells us whether the operator attempted to provide invalid input.
* the addition or deletion of an operator to/from a crypto officer role
** N/A. Any authorized operator can assume the crypto officer role.
* operations to process audit data stored in the audit trail
** These operations are recorded by the audit mechanism of the OS.
* requests to use authentication data management mechanisms
** FC_InitPIN calls (which initialize the NSS User's password)
** FC_SetPIN calls (which change the NSS User's password)
* use of a security-relevant crypto officer function
** FC_InitToken calls (which re-initialize the module)
** FC_InitPIN calls (which initialize the NSS User's password)
* requests to access authentication data associated with the cryptographic module
** N/A. The module doesn't give the operator access to the authentication data.
* use of an authentication mechanism (e.g., login) associated with the cryptographic module
** FC_Login calls
** FC_Logout calls
* explicit requests to assume a crypto officer role
** N/A. The crypto officer role is assumed implicitly when the operator performs crypto officer functions.
* the allocation of a function to a crypto officer role
** N/A. The functions allocated to the crypto officer role are fixed.
* other auditable events
** Power-up self-test failure
** Pair-wise consistency test failure
** Continuous random number generator test failure
