The operating system must produce audit records containing sufficient information to establish the identity of any user/subject associated with the event.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-28958 | SRG-OS-000255 | SV-36949r1_rule | Medium |
| Description |
|---|
| Operating system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control, includes time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. |
| STIG | Date |
|---|---|
| Operating System Security Requirements Guide | 2013-03-28 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (None) |
|---|
| None |