The operating system must employ automated mechanisms to support auditing of the enforcement actions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-28789	SRG-OS-000089	SV-36779r1_rule		Medium

Description
Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Accordingly, only qualified and authorized individuals are allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications. Auditing this information is critical to both the configuration management process and in the event of an intrusion.

Description

Any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have significant effects on the overall security of the system. Accordingly, only qualified and authorized individuals are allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications. Auditing this information is critical to both the configuration management process and in the event of an intrusion.

STIG	Date
Operating System Security Requirements Guide	2013-03-28

Details

Check Text ( None )
None

Fix Text (None)
None