Canmove, confirm
937
edits
Changes
→Auditable Events
* attempts to provide invalid input for crypto officer functions: We log the use of all crypto officer functions with the return code. The return code tells us whether the operator attempted to provide invalid input.
** <code>FC_InitToken(slotID, pPin, ulPinLen, pLabel)</code>
*** If <code>slotID</code> is invalid, the return code is 0x00000003 (<code>CKR_SLOT_ID_INVALID</code>) is logged.
*** The other input arguments are ignored. (The password of the Crypto Officer is not used because the module depends on the OS to authenticate the Crypto Officer and doesn't perform further authentication.)
** <code>FC_InitPIN(hSession, pPin, ulPinLen)</code>
*** If <code>hSession</code> is invalid, the return code is 0x000000B3 (<code>CKR_SESSION_HANDLE_INVALID</code>) is logged.*** If the password that <code>pPin</code> points to has an invalid UTF-8 character, the return code is 0x000000A1 (<code>CKR_PIN_INVALID</code>) is logged.*** If <code>ulPinLen</code> is too short or too long, or the password that <code>pPin</code> points to is too weak (doesn't have enough character types), the return code is 0x000000A2 (<code>CKR_PIN_LEN_RANGE</code>) is logged.
* the addition or deletion of an operator to/from a crypto officer role: Since any authorized operator can assume the crypto officer role, this event is equivalent to the addition or deletion of a user account in the OS. These events are recorded by the audit mechanism of the OS.
** Red Hat Enterprise Linux 4: FAU_SMR.1 ''Modifications to the group of users that are part of a role'' are auditable events. (See [http://www.commoncriteriaportal.org/public/files/epfiles/ST_VID10072-ST.pdf Security Target], Table 5-1, page 32.)
