Changes

* the addition or deletion of an operator to/from a crypto officer role** : Since any authorized operator can assume the crypto officer role, this requirement event is equivalent to the addition or deletion of an operatora user account in the OS. CAPP requires that These events are recorded by the audit mechanism of the OS audits .** Red Hat Enterprise Linux 4: FAU_SMR.1 ''Modifications to the group of users that are part of a role'' are auditable events. (See [http://www.commoncriteriaportal.org/public/files/epfiles/ST_VID10072-ST.pdf Security Target], Table 5-1, page 32.)** Trusted Solaris 8: Audit.5 ''The creation , deletion, disabling or deletion enabling of usersuser accounts is auditable''. (See [http://www.commoncriteriaportal.org/public/files/epfiles/TSolaris8_Issue3.1.pdf Security Target], page 55.)* operations to process audit data stored in the audit trail** These : these operations are recorded by the audit mechanism of the OS.** Red Hat Enterprise Linux 4: FAU_SAR.1 ''Reading of information from the audit records'' and FAU_SAR.2 ''Unsuccessful attempts to read information from the audit records'' are auditable events. (See [http://www.commoncriteriaportal.org/public/files/epfiles/ST_VID10072-ST.pdf Security Target], Table 5-1, pages 29-30.)** Trusted Solaris 8: Audit.2 ''Attempts to access to objects are auditable''. (See [http://www.commoncriteriaportal.org/public/files/epfiles/TSolaris8_Issue3.1.pdf Security Target], page 54.)