| When accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying processes themselves. In order to detect and respond to events affecting user accessibility and operating system processing, the operating system must audit account disabling actions and, as required, notify as required the appropriate individuals, so they can investigate the event. Such a capability greatly reduces the risk that accessibility will be negatively affected for extended periods of time and provides logging that can be used for forensic purposes. Permanent not a finding - Auditing cannot be configured/implemented like a typical UNIX system. Auditing is turned on by default, as is logging. Syslog is the best way to ensure all access is logged. Access is limited to privileged roles only. In lockdown mode (required), only the vpxuser proxy has access. |
