canmove, Confirmed users
937
edits
FIPS Operational Environment: Difference between revisions
Jump to navigation
Jump to search
FIPS Operational Environment (view source)
Revision as of 22:01, 15 September 2006
, 15 September 2006→Auditable Events
| Line 182: | Line 182: | ||
*** If the password that <code>pPin</code> points to has an invalid UTF-8 character, the return code <code>0x000000A1 (CKR_PIN_INVALID)</code> is logged. | *** If the password that <code>pPin</code> points to has an invalid UTF-8 character, the return code <code>0x000000A1 (CKR_PIN_INVALID)</code> is logged. | ||
*** If <code>ulPinLen</code> is too short or too long, or the password that <code>pPin</code> points to is too weak (doesn't have enough character types), the return code <code>0x000000A2 (CKR_PIN_LEN_RANGE)</code> is logged. | *** If <code>ulPinLen</code> is too short or too long, or the password that <code>pPin</code> points to is too weak (doesn't have enough character types), the return code <code>0x000000A2 (CKR_PIN_LEN_RANGE)</code> is logged. | ||
* the addition or deletion of an operator to/from a crypto officer role | * the addition or deletion of an operator to/from a crypto officer role: Since any authorized operator can assume the crypto officer role, this event is equivalent to the addition or deletion of a user account in the OS. These events are recorded by the audit mechanism of the OS. | ||
** Red Hat Enterprise Linux 4: FAU_SMR.1 ''Modifications to the group of users that are part of a role'' are auditable events. (See [http://www.commoncriteriaportal.org/public/files/epfiles/ST_VID10072-ST.pdf Security Target], Table 5-1, page 32.) | |||
* operations to process audit data stored in the audit trail | ** Trusted Solaris 8: Audit.5 ''The creation, deletion, disabling or enabling of user accounts is auditable''. (See [http://www.commoncriteriaportal.org/public/files/epfiles/TSolaris8_Issue3.1.pdf Security Target], page 55.) | ||
* operations to process audit data stored in the audit trail: these operations are recorded by the audit mechanism of the OS. | |||
** Red Hat Enterprise Linux 4: FAU_SAR.1 ''Reading of information from the audit records'' and FAU_SAR.2 ''Unsuccessful attempts to read information from the audit records'' are auditable events. (See [http://www.commoncriteriaportal.org/public/files/epfiles/ST_VID10072-ST.pdf Security Target], Table 5-1, pages 29-30.) | |||
** Trusted Solaris 8: Audit.2 ''Attempts to access to objects are auditable''. (See [http://www.commoncriteriaportal.org/public/files/epfiles/TSolaris8_Issue3.1.pdf Security Target], page 54.) | |||
* requests to use authentication data management mechanisms | * requests to use authentication data management mechanisms | ||
** FC_InitPIN calls (which initialize the NSS User's password) | ** FC_InitPIN calls (which initialize the NSS User's password) | ||