3.5 Security audit event selection (FAU_SEL)

Family behaviour

This family defines requirements to select the events to be audited during TOE operation. It defines requirements to include or exclude events from the set of auditable events.

FAU_SEL.1 Selective audit, requires the ability to include or exclude events from the set of audited events based upon attributes to be specified by the PP/ST author.

Management: FAU_SEL.1 Selective audit

The following actions could be considered for the management functions in FMT:

a)    maintenance of the rights to view/modify the audit events.

Audit: FAU_SEL.1 Selective audit

The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP/ST:

a)    Minimal: All modifications to the audit configuration that occur while the audit collection functions are operating.