Canmove, confirm
937
edits
Changes
→Auditable Events
* process ID (pid) of the process using the NSS cryptographic module
* user ID (uid) of the user who owns the process
* the actual audit message, which usually consists of** the PKCS #11 function that generated the event. For example, <code>FC_Login</code>.** the arguments and return code (error code) of the function. Arguments that contain sensitive information such as passwords are omitted.* the type of event * (optional) an error message). For example, "power-up self-tests failed".
The following events are auditable by the NSS cryptographic module.
* requests to use authentication data management mechanisms
** FC_InitPIN calls (which initialize the NSS User's password)
*** "C_InitPIN(hSession=<session handle>)=<return code>"
** FC_SetPIN calls (which change the NSS User's password)
*** "C_SetPIN(hSession=<session handle>)=<return code>"
* use of a security-relevant crypto officer function
** FC_InitToken calls (which re-initialize the module)
*** "C_InitToken(slotID=<slot ID>, pLabel="<token label>")=<return code>"
** FC_InitPIN calls (which initialize the NSS User's password)
*** "C_InitPIN(hSession=<session handle>)=<return code>"
* requests to access authentication data associated with the cryptographic module
** N/A. The module doesn't give the operator access to the authentication data.
* use of an authentication mechanism (e.g., login) associated with the cryptographic module
** FC_Login calls
*** "C_Login(hSession=<session handle>, userType=<user type>)=<return code>"
** FC_Logout calls
*** "C_Logout(hSession=<session handle>)=<return code>",
* explicit requests to assume a crypto officer role
** N/A. The crypto officer role is assumed implicitly when the operator performs crypto officer functions.
* other auditable events
** Power-up self-test failure
*** "C_Initialize()=<return code> power-up self-tests failed"
** Pair-wise consistency test failure
*** "C_GenerateKeyPair(hSession=<session handle>, pMechanism->mechanism=<mechanism>)=<return code> self-test: pair-wise consistency test failed"
** Continuous random number generator test failure
*** C_GenerateRandom(hSession=<session handle>, pRandomData=<pointer>, ulRandomLen=<length>)=<return code> self-test: continuous RNG test failed"
** Switching between FIPS and non-FIPS modes
*** "enabled FIPS mode"
*** "disabled FIPS mode"
