FAU_STG.2 Guarantees of audit data availability
User application notes
This component allows the PP/ST author to specify to which metrics the audit trail should conform.
In a distributed environment, as the location of the audit trail is in the TSC, but not necessarily co-located with the function generating the audit data, the PP/ST author could request authentication of the originator of the audit record, or non-repudiation of the origin of the record prior storing this record in the audit trail.
Operations
Selection:
In FAU_STG.2.2, the PP/ST author should specify whether the TSF shall prevent or only be able to detect modifications of the audit trail.
In FAU_STG.2.3, the PP/ST author should specify the condition under which the TSF shall still be able to maintain a defined amount of audit data. This condition can be any one of the following: audit storage exhaustion, failure, attack.
Assignment:
In FAU_STG.2.3, the PP/ST author should specify the metric that the TSF must ensure with respect to the audit trail. This metric limits the data loss by enumerating the number of records that must be kept, or the time that records are guaranteed to be maintained. An example of the metric could be "100,000" indicating that 100,000 audit records can be stored.