|
A Guide to Understanding Audit in Trusted Systems
CONTENTS
FOREWORD 1
ACKNOWLEDGEMENTS 2
CONTENTS 2
PREFACE 4
1. INTRODUCTION 4
1.1 History of the National Computer Security Center 4
1.2 Goal of the National Computer Security Center 4
2. PURPOSE 4
3. SCOPE 5
4. CONTROL OBJECTIVES 5
5. OVERVIEW OF AUDITING PRINCIPLES 6
5.1 Purpose of the Audit Mechanism 6
5.2 Users of the Audit Mechanism 6
5.3 Aspects of Effective Auditing 7
5.3.1 Identification/Authentication 7
5.3.2 Administrative 7
5.3.3 System Design 7
5.4. Security of the Audit 7
6. MEETING THE CRITERIA REQUIREMENTS 8
6.1 The C2 Audit Requirement 8
6.1.1 Auditable Events 8
6.1.2 Auditable Information 8
6.1.3 Audit Basis 9
6.2 The B1 Audit Requirement 9
6.2.1 Auditable Events 9
6.2.2 Auditable Information 9
6.2.3 Audit Basis 9
6.3 The B2 Audit Requirement 9
6.3.1 Auditable Events 9
6.3.2 Auditable Information 10
6.3.3 Audit Basis 10
6.4 The B3 Audit Requirement 10
6.4.1 Auditable Events 10
6.4.2 Auditable Information 10
6.4.3 Audit Basis 10
6.5 The A1 Audit Requirement 11
6.5.1 Auditable Events 11
6.5.2 Auditable Information 11
6.5.3 Audit Basis 11
7. POSSIBLE IMPLEMENTATION METHODS 11
7.1 Pre/Post Selection of Auditable Events 11
7.1.1 Pre-Selection 12
7.1.2 Post-Selection 12
7.2 Data Compression 12
7.3 Multiple Audit Trails 13
7.4 Physical Storage 13
7.5 Write-Once Device 14
7.6 Forwarding Audit Data 14
8. OTHER TOPICS 14
8.1 Audit Data Reduction 14
8.2 Availability of Audit Data 15
8.3 Audit Data Retention 15
8.4 Testing 15
8.5 Documentation 16
8.6 Unavoidable Security Risks 16
8.6.1 Auditing Administrators/Insider Threat 16
8.6.2 Data Loss 17
9. AUDIT SUMMARY 17
GLOSSARY 18
REFERENCES 20
|
