User application notes
An action should be taken for follow up action in the event of an alarm. This action can be to inform the authorised user, to present the authorised user with a set of possible containment actions, or to take corrective actions. The timing of the actions should be carefully considered by the PP/ST author.
Operations
Assignment:
In FAU_ARP.1.1 the PP/ST author should specify the actions to be taken in case of a potential security violation. An example of such a list is: "inform the authorised user, disable the subject that created the potential security violation." It can also specify that the action to be taken can be specified by an authorised user.