Canmove, confirm
937
edits
Changes
→Auditable Events
The following events are auditable by the NSS cryptographic module.
* attempts to provide invalid input for crypto officer functions: We log the use of all crypto officer functions with the return code. The return code tells us whether the operator attempted to provide invalid input.
** <code>FC_InitToken(slotID, pPin, ulPinLen, pLabel)</code>
*** If <code>slotID</code> is invalid, the return code <code>0x00000003 (CKR_SLOT_ID_INVALID)</code> is logged.
*** The other input arguments are ignored. (The password of the Crypto Officer is not used because the module depends on the OS to authenticate the Crypto Officer and doesn't perform further authentication.)
** <code>FC_InitPIN(hSession, pPin, ulPinLen)</code>
** We log * If <code>hSession</code> is invalid, the use of all crypto officer functions return code <code>0x000000B3 (see belowCKR_SESSION_HANDLE_INVALID) with </code> is logged.*** If the password that <code>pPin</code> points to is not a valid UTF-8 string, the return code<code>0x000000A1 (CKR_PIN_INVALID)</code> is logged. The *** If the password that <code>pPin</code> points to is too short, too long, or too weak (doesn't have enough character types), the return code tells us whether the operator attempted to provide invalid input<code>0x000000A2 (CKR_PIN_LEN_RANGE)</code> is logged.
* the addition or deletion of an operator to/from a crypto officer role
** N/A. Any authorized operator can assume the crypto officer role.
