FAU_STG.1 Protected audit trail storage
User application notes
In a distributed environment, as the location of the audit trail is in the TSC, but not necessarily co-located with the function generating the audit data, the PP/ST author could request authentication of the originator of the audit record, or non-repudiation of the origin of the record prior storing this record in the audit trail.
The TSF will protect the audit trail from unauthorised deletion and modification. It is noted that in some systems the auditor (role) might not be authorised to delete the audit records for a certain period of time.
Operations
Selection:
In FAU_STG.1.2, the PP/ST author should specify whether the TSF shall prevent or only be able to detect modifications of the audit trail.