[Bug 624] Simple enhancement for Common Criteria conformity
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Aug 12 03:46:48 EST 2003
http://bugzilla.mindrot.org/show_bug.cgi?id=624
Summary: Simple enhancement for Common Criteria conformity
Product: Portable OpenSSH
Version: 3.6.1p2
Platform: All
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: sftp-server
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: mag at lme.linux.hu
The FDP_ITC requirement family of the Common Criteria says:
"""
The following events should be auditable if FAU_GEN Security audit data
generation is included in the PP/ST:
a) Minimal: Successful import of user data, including any security attributes.
b) Basic: All attempts to import user data, including any security attributes.
c) Detailed: The specification of security attributes for imported user data
supplied by an authorised user.
"""
The FDP_ITC requirement family of the Common Criteria says:
"""
The following events shall be auditable if FAU_GEN Security audit data
generation is included in the PP/ST:
a) Minimal: Successful export of information.
b) Basic: All attempts to export information.
"""
These requirements are present in all the common protection profiles
for operating systems (LSPP, CAPP). Fulfilling them in ssh means
a very short code calling syslog() added to the scp and sftp, sftp-server
source.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list