<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>On 11/22/2016 08:55 AM, Stephen Smalley wrote:<br>
</p>
<blockquote
cite="mid:1be21bc4-e70f-092f-13cb-458cc0beefad@tycho.nsa.gov"
type="cite">
<blockquote type="cite" style="color: #000000;">
<pre wrap=""><span class="moz-txt-citetags">> </span>OK. We can move the point where res=1 is set. But I would think that its a
<span class="moz-txt-citetags">> </span>requirement to have an audit record that states that policy failed to load.
<span class="moz-txt-citetags">> </span>FMT_MSA.3 Static Attribute Initialization. Auditable events: All modifications
<span class="moz-txt-citetags">> </span>of the initial value of security attributes. I would think this means changes
<span class="moz-txt-citetags">> </span>such as booleans, modifying labels, loading a new policy, or failure to load a
<span class="moz-txt-citetags">> </span>policy.
</pre>
</blockquote>
<pre wrap="">Failure to load a policy is not a modification to the initial value of
the security attribute, is it?
</pre>
</blockquote>
It is definitely relevant, if it falls under another category.<br>
Either a failed malicious intent or a failed supervisory function.<br>
<br>
LCB<br>
</body>
</html>