FAU_SAA.1 Potential violation analysis
User application notes
This component is used to specify the set of auditable events whose occurrence or accumulated occurrence held to indicate a potential violation of the TSP, and any rules to be used to perform the violation analysis.
Operations
Assignment:
For FAU_SAA.1.2.a, the PP/ST author should identify the subset of defined auditable events whose occurrence or accumulated occurrence need to be detected as an indication of a potential violation of the TSP.
Assignment:
In FAU_SAA.1.2.b, the PP/ST author should specify any other rules that the TSF should use in its analysis of the audit trail. Those rules could include specific requirements to express the needs for the events to occur in a certain period of time (e.g. period of the day, duration).