|Subject:||Events and actions|
|CC Part #1 Reference:|
|CC Part #2 Reference:|
|CC Part #3 Reference:||CC Part 3, Section 11.1 (AGD_ADM)|
The administrator guidance shall describe each type of security-relevant event relative to the administrative functions that need to be performed, including changing the security characteristics of entities under the control of the TSF.AGD_ADM.1.1C stipulates that administrator functions must be defined. Is an event (AGD_ADM.1.6C) the same as a function (AGD_ADM.1.1C) or something different?
Security-relevant events and administrative functions are not identical.
The following application note is added to AGD_ADM after paragraph 375:
AGD_ADM.1.6C requires that the administrator guidance describe the appropriate administrator's reactions to all security-relevant events. Although many security-relevant events are the result of performing administrative functions, this need not always be the case (e.g. the audit log fills up, an intrusion is detected). Furthermore, a security-relevant event may happen as a result of a specific chain of administrator functions or, conversely, several security-relevant events may be triggered by one function.Rationale