-
Notifications
You must be signed in to change notification settings - Fork 2
Audit Tables
Updated 20 March 2026
Audit Tables can be automatically generated for Audit Events that are defined using the <audit-event> tag as part of a <f-component> element. This requires that the <audit-events-in-sfrs/> tag be specified in the <pp-preferences> element near the top of the XML document. Soon this will be the default.
Some audit tables are automatically placed in the document and others require that an <audit-table> element be defined. The audit table for Mandatory SFRs must be declared in the XML. Historically this table appears within the FAU_GEN.1 SFR, but it makes more sense if it is placed at the beginning of the SFR section before all of the Mandatory SFRs. This makes sense because the audit tables for Optional, Objective, Implementation-based, and Selection-based SFRs are automatically placed at the beginning of their respective sections in Appendixes A and B. This is just being consistent.
Audit tables that appear in Appendix A and B of PPs and Packages should not be declared. They are automatically generated and placed in their own sections at the top of sections A.1, A.2, A.3, and B.
All audit tables in Modules must be expressly declared.
Typically, an audit table is declared within its own section, like this:
<section id="sec-audit-table" title="Auditable Events for Mandatory SFRs">
<audit-table id="at-mandatory" table="mandatory"/>
</section>The id and table attributes are required. The table attribute must match the table attribute of the audit events that are to appear in the table. The table attribute of audit events defaults to the status attribute of the SFR in which the audit event is defined. In PPs and Packages, if there is no status attribute in an SFR, the default status is "mandatory." So, in a PP or Package, all audit events for mandatory requirements would automatically appear in the table declared above.
The predefined values for the table attribute are "mandatory," "optional," "objective," "sel-based," and "feat-based."
In PPs and Packages, the audit tables for Optional, Objective, Implementation-dependent, and Selection-based SFRs are automatically generated and appear in the first sections of Appendixes A.1, A.2, A.3, and B, respectively.
In Modules, all audit tables must be expressly declared. For example, the audit table for mandatory SFRs should be declared in the first section within the <man-sfrs> element.
<section id="sec-audit-table" title="Auditable Events for Mandatory SFRs">
<audit-table id="at-mandatory" table="mandatory"/>
</section>The audit table for optional SFRs should be in the first section in the <opt-sfrs> element.
<section id="sec-opt-audit-table" title="Auditable Events for Strictly Optional SFRs">
<audit-table id="at-optional" table="optional"/>
</section>Likewise, the audit table for selection-based SFRs should appear in the first section inside the <sel-sfrs> element.
<section id="sec-sel-audit-table" title="Auditable Events for Selection-based SFRs">
<audit-table id="at-sel-based" table="sel-based"/>
</section>And likewise for the <obj-sfrs>
<section id="sec-obj-audit-table" title="Auditable Events for Objective SFRs">
<audit-table id="at-objective" table="objective"/>
</section>And so on for the <impl-dep-sfrs>
<section id="sec-imp-audit-table" title="Auditable Events for Implementation-Dependent SFRs">
<audit-table id="at-feat-based" table="feat-based"/>
</section>The above audit tables all use predefined values for the table attribute. This allows the tables to be automatically populated based on the the status of the SFR to which they are attached. In PPs and Packages, this is generally determined by the status attribute of the SFR. In Modules, this is determined by which section the SFR is defined in (<man-sfrs>, <obj-sfrs>, etc.).
It is also possible to declare audit tables that don't use the predefined table attributes. This allows for custom audit tables. One use of custom audit tables to allow specifications of audit events for SFRs within an <additional-sfrs> element in a Module under a base PP.
As usual, the table should be declared in its own section at the beginning of the <additional-sfrs> element.
<section id="sec-at-os-addnl" title="Auditable Events for MDF Additional SFRs">
<audit-table id="at-os-addnl" table="tab-at-os-addnl" title="Auditable Events for MDF Additional SFRs"/>
</section> Notice that this declaration uses the title attribute. This is necessary for tables that don't match one of the predefined table attributes so that the table caption is properly generated.
Since the audit table does not use one of the predefined values for the table attribute, each audit event to be displayed in that table must have a table attribute that matches the table attribute of the table. See audit event for more on defining audit events.
Generally, audit tables are referenced in FAU_GEN.1. There are two slightly different ways to reference audit tables depending on whether they are declared automatically or manually.
Audit tables that appear in Appendixes A and B of PPs and Packages are automatically declared. They are referenced using predefined values for their id attributes:
<xref g="t-audit-optional"/>
<xref g="t-audit-objective"/>
<xref g="t-audit-sel-based"/>
<xref g="t-audit-feat-based"/> <!-- For implementation-dependent -->The g attribute to <xref> is used only to reference these predefined tables. To reference all other tables use the to attribute.
For example, to reference this table:
<section id="sec-audit-table" title="Auditable Events for Mandatory SFRs">
<audit-table id="at-mandatory" table="mandatory"/>
</section>use <xref to="at-mandatory"/>
These cross-references output only the word "Table" followed by the table number. It also generates a hyperlink to the table.
Currently, if you want the name of the table included you have to include it manually.
So, a typical FAU_GEN.1 might look something like this:
<h:li>Specifically defined auditable events in <xref to="at-mandatory"/> for Mandatory requirements</h:li>
<h:li><selectables linebreak="yes">
<selectable>Specifically defined auditable events in <xref g="t-audit-optional"/> for Strictly Optional requirements</selectable>
<selectable>Specifically defined auditable event in <xref g="t-audit-objective"/> for Objective requirements</selectable>
<selectable>Specifically defined auditable event in <xref g="t-audit-sel-based"/> for Selection-based requirements</selectable>
</selectables></h:li>See also, Audit Events, xrefs.