canmove, Confirmed users
937
edits
FIPS Operational Environment: Difference between revisions
Jump to navigation
Jump to search
FIPS Operational Environment (view source)
Revision as of 21:07, 15 September 2006
, 15 September 2006→Auditable Events
| Line 180: | Line 180: | ||
** <code>FC_InitPIN(hSession, pPin, ulPinLen)</code> | ** <code>FC_InitPIN(hSession, pPin, ulPinLen)</code> | ||
*** If <code>hSession</code> is invalid, the return code <code>0x000000B3 (CKR_SESSION_HANDLE_INVALID)</code> is logged. | *** If <code>hSession</code> is invalid, the return code <code>0x000000B3 (CKR_SESSION_HANDLE_INVALID)</code> is logged. | ||
*** If the password that <code>pPin</code> points to | *** If the password that <code>pPin</code> points to has an invalid UTF-8 character, the return code <code>0x000000A1 (CKR_PIN_INVALID)</code> is logged. | ||
*** If the password that <code>pPin</code> points to is | *** If <code>ulPinLen</code> is too short or too long, or the password that <code>pPin</code> points to is too weak (doesn't have enough character types), the return code <code>0x000000A2 (CKR_PIN_LEN_RANGE)</code> is logged. | ||
* the addition or deletion of an operator to/from a crypto officer role | * the addition or deletion of an operator to/from a crypto officer role | ||
** | ** Since any authorized operator can assume the crypto officer role, this requirement is the addition or deletion of an operator. CAPP requires that the OS audits the creation or deletion of users. | ||
* operations to process audit data stored in the audit trail | * operations to process audit data stored in the audit trail | ||
** These operations are recorded by the audit mechanism of the OS. | ** These operations are recorded by the audit mechanism of the OS. | ||