ISO/IEC INTERNATIONAL STANDARD 10181-7 Firstedition 1996-08-01 Information technology -- Open Systems Interconnection Security frameworks for open systems: Security audit and alarms framework (Osi) - Cadres pour la sécurité dans les systemes ouverts: Cadre pour I'audit de sécurite et les alarmes IEC fso Reference number ISO/IEC 10181-7:1996(E) Copyright Intermational Organization for Standardization Not for Resale ISO/IEC 10181-7:1996(E) CONTENTS Page 1 Scope. 1 2 Normative references 1 2.1 Identical Recommendations I International Standards ... 2 2.2 Paired Recommendations I International Standards equivalent in technical content. 2 3 Definitions... 2 3.1 Basic Reference Model definitions .... 2 3.2 Security architecture definitions ... 2 3.3 Management framework definitions .... 3 3.4 Security framework overview definitions.... 3 3.5 Additional definitions ... 3 4 Abbreviations. 4 5 4 6 General discussion of security audit and alarms .. 4 6.1 Model and functions .... 4 6.2 Phases of security audit and alarms procedures ... 6 6.3 Correlation of audit information .......... 8 7 Policy and other aspects of security audit and alarms .... 8 7.1 8 7.2 Legal aspects......... 8 7.3 Protection requirements ...... 8 8 Security audit and alarms information and facilities... 9 8.1 Audit and alarms information ... 9 8.2 Security audit and alarms facilities. 10 9 Security audit and alarms mechanisms 11 10 Interaction with other security services and mechanisms 12 10.1 Entity authentication .... 12 10.2 Data origin authentication... 12 10.3 12 12 10.5 Integrity... 12 10.6 Non-repudiation... 12 Annex A -- General security audit and alarms principles for OSI 13 Annex B -- Realization of the security audit and alarm model . 15 Annex C - Security Audit and Alarms Facilities Outline . 17 Annex D - Time Registration of Audit Events .. 18 @ISO/IEC1996 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and micro- film, without permission in writing from the publisher. ISO/IEC Copyright Office · Case postale 56 . CH-1211 Geneve 20 · Switzerland Printed in Switzerland Copyright International Organization for Standardization Not for Resale ISO/IEC 10181-7:1996(E) @ ISO/IEC Foreword ISO (the International Organization for Standardization) and IEC (the Inter- national Electrotechnical Commission)form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technicalcommittee,ISO/IECTC1.DraftInternationalStandardsadoptedbythe joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. International Standard ISO/IEC 10181-7 was prepared by Joint Technical Com- mittee ISO/IEC JTC 1, Information technology, Subcommittee SC 21, Open systems interconnection, data management and open distributed processing, in collaboration with ITU-T. The identical text is published as ITU-T Recommen- dationX.816. ISO/IEC 10181 consists of the following parts, under the general title Information technology-Open Systems Interconnection-Security frameworks for open systems: --Part I:Overview -Part 2: Authentication framework -Part 3: Access control framework -Part 4: Non-repudiation framework -Part5:Confidentiality framework ---Part 6: Integrity framework -Part 7: Security audit and alarms framework Annexes A to D of this