| Date: | 02/16/2001 |
| Subject: | Events and actions |
| CC Part #1 Reference: | |
| CC Part #2 Reference: | |
| CC Part #3 Reference: | CC Part 3, Section 11.1 (AGD_ADM) |
| CEM Reference: |
AGD_ADM.1.6C states:
The administrator guidance shall describe each type of security-relevant event relative to the administrative functions that need to be performed, including changing the security characteristics of entities under the control of the TSF.AGD_ADM.1.1C stipulates that administrator functions must be defined. Is an event (AGD_ADM.1.6C) the same as a function (AGD_ADM.1.1C) or something different?
Security-relevant events and administrative functions are not identical.
Specific Changes
The following application note is added to AGD_ADM after paragraph 375:
AGD_ADM.1.6C requires that the administrator guidance describe the appropriate administrator's reactions to all security-relevant events. Although many security-relevant events are the result of performing administrative functions, this need not always be the case (e.g. the audit log fills up, an intrusion is detected). Furthermore, a security-relevant event may happen as a result of a specific chain of administrator functions or, conversely, several security-relevant events may be triggered by one function.Rationale
N/A