The operating system must produce audit records containing sufficient information to establish where the events occurred.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-29106	SRG-OS-000039	SV-37099r1_rule		Medium

Description
Operating system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. Without sufficient information establishing where the audit events occurred, investigation into the cause of events is severely hindered.

Description

Operating system auditing capability is critical for accurate forensic analysis. Audit record content that may be necessary to satisfy the requirement of this control includes, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. Without sufficient information establishing where the audit events occurred, investigation into the cause of events is severely hindered.

STIG	Date
Operating System Security Requirements Guide	2013-03-28

Details

Check Text ( None )
None

Fix Text (None)
None