该楼层疑似违规已被系统折叠 隐藏此楼查看此楼

those who are authorized for audit data. The TCB shall be able to record the following types of events: use of identification

and authentication mechanisms, introduction or objects into a user's address space (e.g., file open, program initiation),

deletion of objects, and actions taken by computer operators and system administrators and/or system security officers, and

other security relevant events. For each recorded event, the audit record shall identify: date and time of the event, user,

type of event, and success or failure of the event. For identification/authentication events the origin of request (e.g.,

terminal ID) shall be included in the audit record. For events that introduce an object into a user's address space and for

object deletion events the audit record shall include the name of the object. The ADP system administrator shall be able to

selectively audit the actions of any one or more users based on individual identity.

Assurance

Operational Assurance

System Architecture

The TCB shall maintain a domain for its own execution that protects it from external interference or tampering (e.g., by

modification of its code or data structures). Resources controlled by the TCB may be a defined subset of the subjects and

objects in the ADP system. The TCB shall isolate the resources to be protected so that they are subject to the access control

and auditing requirements.

System Integrity

Hardware and/or software features shall be provided that can be used to periodically validate the correct operation of the

on-site hardware and firmware elements of the TCB.

Life-Cycle Assurance

Security Testing

The security mechanisms of the ADP system shall be tested and found to work as claimed in the system documentation. Testing

shall be done to assure that there are no obvious ways for an unauthorized user to bypass or otherwise defeat the security

protection mechanisms of the TCB. Testing shall also include a search for obvious flaws that would allow violation of

resource isolation, or that would permit unauthorized access to the audit or authentication data. (See the Security Testing

guidelines.)

Documentation

Security Features User's Guide

A single summary, chapter, or manual in user documentation shall describe the protection mechanisms provided by the TCB,

guidelines on their use, and how they interact with one another.

Trusted Facility Manual

A manual addressed to the ADP system administrator shall present cautions about functions and privileges that should be

controlled when running a secure facility. The procedures for examining and maintaining the audit files as well as the

detailed audit record structure for each type of audit event shall be given.

Test Documentation

The system developer shall provide to the evaluators a document that describes the test plan, test procedures that show how