Class fau: security audit, Able, Uditable – Nortel Networks Nortel Network VPN Router and Client Workstation 7.05 User Manual

Security Target, Version 3.9

March 18, 2008

Nortel VPN Router v7.05 and Client Workstation v7.11

Page 22 of 67

© 2008 Nortel Networks

5.1.1 Class FAU: Security Audit

FAU_GEN.1 Audit Data Generation

Hierarchical to: No other components.

FAU_GEN.1.1

The TSF shall be able to generate an audit record of the following auditable events:

a) Start-up and shutdown of the audit functions;

b) All auditable events, for the [not specified] level of audit; and

c) [All events listed in Table 4].

Table 4 - Auditable Events

Event

Start-up and shutdown of audit functions

Modification to the TSF and System data

Reading of information from the audit Records

All modifications to the audit configuration that occur while the audit
collection functions are operating

All use of the user identification and authentication mechanism

All modifications in the behavior of the Functions of the TSF

Modifications to the role allocation of users

FAU_GEN.1.2

The TSF shall record within each audit record at least the following information:

a) Date and time of the event, type of event, subject identity, and the outcome (success or failure) of the
event; and

b) For each audit event type, based on the auditable event definitions of the functional components included
in the PP/ST, [no other audit relevant information].

Dependencies: FPT_STM.1 Reliable time stamps

FAU_SAR.1 Audit review

Hierarchical to: No other components.

FAU_SAR.1.1

The TSF shall provide [Primary Admin, the Restricted Admin, and the VPN User] with the capability to
read [all audit records that they have permission to view] from the audit records.

FAU_SAR.1.2