Family behaviour
This family defines the requirements for audit tools that should be available to authorised users to assist in the review of audit data.
Component levelling
FAU_SAR.1 Audit review provides the capability to read information from the audit records.
FAU_SAR.2 Restricted audit review requires that there are no other users except those that have been identified in FAU_SAR.1 Audit review that can read the information.
FAU_SAR.3 Selectable audit review requires audit review tools to select the audit data to be reviewed based on criteria.
Management: FAU_SAR.1 Audit review
The following actions could be considered for the management functions in FMT:
a) maintenance (deletion, modification, addition) of the group of users with read access right to the audit records.
Management: FAU_SAR.2 Restricted audit review, FAU_SAR.3 Selectable audit review
There are no management activities foreseen.
Audit: FAU_SAR.1 Audit review
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
a) Basic: Reading of information from the audit records.
Audit: FAU_SAR.2 Restricted audit review
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
a) Basic: Unsuccessful attempts to read information from the audit records.
Audit: FAU_SAR.3 Selectable audit review
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:
a) Detailed: the parameters used for the viewing.