canmove, Confirmed users
937
edits
FIPS Operational Environment: Difference between revisions
Jump to navigation
Jump to search
FIPS Operational Environment (view source)
Revision as of 00:25, 15 September 2006
, 15 September 2006→Auditable Events
| Line 162: | Line 162: | ||
* initialize the NSS User's password. | * initialize the NSS User's password. | ||
Moreover, the operator assumes the crypto officer role implicitly when he performs a crypto officer function. No explicit request or authentication (beyond logging into the OS user account of the operator) is required.</div> | Moreover, the operator assumes the crypto officer role implicitly when he performs a crypto officer function. No explicit request or authentication (beyond logging into the OS user account of the operator) is required.</div> | ||
Every audit record contains the following information on the event: | |||
* date and time of the event | |||
* the string <code>"NSS <softoken library name>"</code>, identifying the NSS cryptographic module. On Red Hat Enterprise Linux and Solaris, this string is <code>"NSS libsoftokn3.so"</code>. | |||
* process ID (pid) of the process using the NSS cryptographic module | |||
* user ID (uid) of the user who owns the process | |||
* the PKCS #11 function that generated the event. For example, <code>FC_Login</code>. | |||
* the arguments and return code (error code) of the function. Arguments that contain sensitive information such as passwords are omitted. | |||
* the type of event (an error message). For example, "power-up self-tests failed". | |||
The following events are auditable by the NSS cryptographic module. | The following events are auditable by the NSS cryptographic module. | ||