jxq
作者jxq2021-07-22 11:39
其它, gbase

GB/T 20273-2019安全功能要求解读(二)FAU_GEN.1 审计数据产生

字数 8233阅读 683评论 0赞 0

(一)前言

(二)FAU_GEN.1 审计数据产生

GB18336.2

7.2.5 FAU_GEN.1 审计数据产生
从属于:无其他组件。
依赖关系:FPT_STM.1 可信时间戳
7.2.5.1 FAU_GEN.1.1
TSF应能为下述可审计事件产生审计记录:
a)审计功能的开启和关闭;
b)有关【选择,选取一个:最小级、基本级、详细级、未规定】审计级别的所有可审计事件;
c)【赋值:其他专门定义的可审计事件】。
7.2.5.2 FAU_GEN.1.2
TSF应在每个审计记录中至少记录下列信息:
a)事件的日期和时间、时间类型、主体身份(如果适用)、事件的结果(成功或失败);
b)对每种审计事件类型,基于PP/ST中功能组件的可审计事件的定义,【赋值:其他审计相关信息】。

C.3.2 FAU_GEN.1 审计数据产生
C.3.2.1 用户应用注释
本组件定义了标识可审计事件的一些要求,包括应产生审计记录以及审计记录中所应提供的信息。
当SFR不要求单个用户身份与审计事件相关联时,可单独使用FAU_GEN.1“审计数据产生”,当PP/ST包含隐私要求时这种情况就可能存在。如果必须在审计中考虑用户身份,就应增加使用FAU_GEN.2“用户身份关联”。
如果主体是一个用户,用户身份可能作为主体身份被记录。如果用户鉴别(FIA_UAU)没有被应用,用户的身份可能还没有被验证。因此在一个无效登录的实例中所声称的用户身份应该被记录。应考虑指明已记录的身份没有被鉴别的情况。
C.3.2.2 评估者注释
存在与FPT_STM“时间戳”的依赖关系,如果时间的正确性对TOE而言不是问题,可删去这一依赖关系。
C.3.2.3 操作
C.3.2.3.1 选择
在FAU_GEN.1.1中,PP/ST作者应选择PP/ST中其他功能组件的审计条中所提出的可审计事件级别。这些级别可以是“最小级”、“基本级”、“详细级”或“未规定”。
C.3.2.3.2 赋值
在FAU_GEN.1.1中,PP/ST作者应指定一个其他专门定义的可审计事件列表,一并归入可审计事件列表中。这种赋值可以是“无”,也可以是一个功能要求的可审计事件,其审计级别比b)中所要求的审计级别更高,也可以是由特定应用程序接口(API)的使用而产生的一些事件。
在FAU_GEN.1.2中,PP/ST作者应对PP/ST中每个可审计事件指定一个其他审计相关信息列表,并将其纳入审计事件记录中,或者指定为“无”。

ISO15408-2

7.2.5 FAU_GEN.1 Audit data generation
Hierarchical to: No other components.
Dependencies: FPT_STM.1 Reliable time stamps
7.2.5.1 FAU_GEN.1.1
The TSF shall be able to generate an audit record of the following auditable events:
a) Start-up and shutdown of the audit functions;
b) All auditable events for the [selection, choose one of: minimum, basic, detailed, not specified] level of audit; and
c) [assignment: other specifically defined auditable events].
7.2.5.2 FAU_GEN.1.2
The TSF shall record within each audit record at least the following information:
a) Date and time of the event, type of event, subject identity (if applicable), and the outcome (success or failure) of the event; and
b) For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, [assignment: other audit relevant information].

C.3.2 FAU_GEN.1 Audit data generation
C.3.2.1 User application notes
This component defines requirements to identify the auditable events for which audit records should be generated, and the information to be provided in the audit records.
FAU_GEN.1
Audit data generation by itself might be used when the SFRs do not require that individual user identities be associated with audit events. This could be appropriate when the PP/ST also contains privacy requirements. If the user identity must be incorporated FAU_GEN.2 User identity association could be used in addition.
If the subject is a user, the user identity may be recorded as the subject identity. The identity of the user may not yet been verified if User authentication (FIA_UAU) has not been applied. Therefore in the instance of an invalid login the claimed user identity should be recorded. It should be considered to indicate when a recorded identity has not been authenticated.
C.3.2.2 Evaluator notes
There is a dependency on Time stamps (FPT_STM). If correctness of time is not an issue for this TOE, elimination of this dependency could be justified.
C.3.2.3 Operations
C.3.2.3.1 Selection
In FAU_GEN.1.1, the PP/ST author should select the level of auditable events called out in the audit subclause of other functional components included in the PP/ST. This level is one of the following: “minimum”, “basic”, “detailed” or “not specified”.
C.3.2.3.2 Assignment
In FAU_GEN.1.1, the PP/ST author should assign a list of other specifically defined auditable events to be included in the list of auditable events. The assignment may comprise none, or events that could be auditable events of a functional requirement that are of a higher audit level than requested in b), as well as the events generated through the use of a specified Application Programming Interface (API).
In FAU_GEN.1.2, the PP/ST author should assign, for each auditable events included in the PP/ST, either a list of other audit relevant information to be included in audit events records or none.

GB20273

7.2.2.1 审计数据产生(FAU_GEN.1)
FAU_GEN.1.1 TSF应能够为下述可审计事件产生审计记录:
a)数据库审计功能的启动和关闭;
b)数据库实例及其组件服务的启动和关闭;
c)数据库安全功能【选择:最小级、基本级、未规定】审计级别的所有可审计事件;
d)其他面向数据库安全审计员的,并且是可绕过访问控制策略的特殊定义【赋值:ST作者定义的DBMS审计事件】的可审计事件;
e)未指定审计级别(例如数据库对象数据操作级)的所有可审计事件。
FAU_GEN.1.2 TSF应在每个审计记录中至少记录下列信息:
a)事件的日期和时间、事件类型、主体身份和关联组或角色、事件结果(成功或失败);
b)对于每个审计事件类型,基于本标准定义的安全功能组件的可审计事件定义,表8列出了最小审计级别的数据库安全功能可审计事件。
表8 可审计安全事件类型


USGovPP

5.1.1.1 Audit data generation (FAU_GEN.1-NIAP-0410)
Hierarchical to: No other components.
Dependencies: FPT_STM.1 Reliable time stamps
FAU_GEN.1.1-NIAP-0410
Refinement: The TSF shall be able to generate an audit record of the following auditable events:
a) Start-up and shutdown of the audit functions;
b) All auditable events for the minimum level of audit listed in Table 8;
c) [Start-up and shutdown of the DBMS;
d) Use of special permissions (e.g., those often used by authorized administrators to circumvent access control policies); and
e) [selection: [assignment: events at a minimal level of audit introduced by the inclusion of additional SFRs determined by the ST author], [assignment: events commensurate with a minimal level of audit introduced by the inclusion of extended requirements determined by the ST author], “no additional events”]].
Application Note: For the selection, the ST author should choose one or both of the assignments (as detailed in the following paragraphs), or select “no additional events”.
Application Note: For the first assignment, the ST author augments the table (or lists explicitly) the audit events associated with the minimal level of audit for any SFRs that the ST author includes that are not included in this PP.
Application Note: Likewise, if the ST author includes extended requirements not contained in this PP, the corresponding audit events must be added in the second assignment. Because “minimal” audit is not defined for such requirements, the ST author will need to determine a set of events that are commensurate with the type of information that is captured at the minimal level for similar requirements.
Application Note: If no additional (CC or extended) SFRs are included, or if additional SFRs are included that do not have “minimal” audit associated with them then it is acceptable to assign “no additional events” in this item.
FAU_GEN.1.2-NIAP-0410
The TSF shall record within each audit record at least the following information:
a) Date and time of the event, type of event, subject identity (if applicable), and the outcome (success or failure) of the event; and
b) For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, [information specified in column three of Table 8 below].
Application Note: In column 3 of the table below, “Audit Record Contents” is used to designate data that should be included in the audit record if it “makes sense” in the context of the event, that generates the record. If no other information is required (other than that listed in item a) above) for a particular auditable event type, then an assignment of “none” is acceptable.
Table 8 Auditable Events

GB20009

5.1.2.1 审计数据产生(FAU_GEN.1)
审计数据产生组件应按照安全目标设定的数据库标准审计和细粒度审计策略自动产生相应的审计事件记录信息。该组件安全评估内容如下:
a)应测试评估对象提供的不同级别审计策略能产生下述可审计事件记录:
1)数据库审计功能的启动和关闭;
2)数据库实例及其组件服务的启动和关闭;
3)数据库实例配置参数非缺省值修改事件;
4)数据库对象结构修改事件;
5)GB/T 20273-2019列出的数据库审计级别【最小级】的可审计事件;
6)其他面向数据库安全审计员的,可绕过访问控制策略的特殊定义【赋值:ST作者定义的审计事件】的可审计事件;
7)未指定审计级别【赋值:数据库对象操作级别的细粒度审计的事件】的所有可审计事件。
b)应检查审计记录中至少包含如下信息:
1)事件类型、事件发生日期和时间、主体关联身份/组/角色、涉及的数据库对象、产生审计事件的主机信息、事件操作结果(成功或失败);
2)应根据评估对象【赋值:ST作者指定的审计事件】和规定的格式【赋值:数据类型与格式】来生成审计数据;
3)对于每个审计事件类型,基于GB/T 20273-2019中包括的安全功能组件的可审计事件定义。
c)应检查数据库管理系统的审计数据产生策略配置管理API或工具,确认审计数据产生机制与功能有效性。

简析

  • 为便于阅读,在GB20273表8“安全功能要求”栏的组件标识后,添加组件名称。
  • GB20273规定:“c)数据库安全功能【选择:最小级、基本级、未规定】审计级别的所有可审计事件”,即未做出对审计级别的选择;GB20009中,a)5)做出了“最小级”的选择,与GB20273不一致。
  • GB20273表8中,遗漏安全功能要求“FAU_GEN.2 用户身份关联”及其对应的可审计事件。根据GB18336.2 7.2.4,FAU_GEN.2的可审计事件为“无审计事件”。
  • 根据GB18336.2 7.5.4,安全功能要求“FAU_SEL.1 选择性审计”的可审计事件应为“审计收集功能运行时,所有因审计配置修改而产生的事件”。
  • 鉴于GB20009 a)5)做出了“最小级”审计级别的选择,根据GB18336.2 7.6.9,安全功能要求“FAU_STG.4 防止审计数据丢失”的可审计事件应为“无审计事件”。
  • 根据GB18336.2 7.2.3,不影响GB20273 7.2.6.4和GB20009 5.1.6.7管理功能规范(FMT_SMF.1)的安全管理功能列表。
  • USGovPP Table 8中,“Additional Audit Record Contents”栏描述审计记录的主体身份。
  • USGovPP Table 8中,“Auditable Event(s)”与表8的“可审计事件”有一定对应关系。
  • USGovPP Table 8中,NIAP是National Information Assurance Partnership的首字母缩写。

如果觉得我的文章对您有用,请点赞。您的支持将鼓励我继续创作!

0

添加新评论0 条评论

Ctrl+Enter 发表

分布式关系型数据库选型优先顺序调查

发表您的选型观点,参与即得50金币。