An error occurred:

Check: SRG-OS-000042-GPOS-00021

General Purpose Operating System SRG: SRG-OS-000042-GPOS-00021 (in versions v2 r7 through v1 r4)

Title

The operating system must produce audit records containing the individual identities of group account users. (Cat II impact)

Discussion

Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. At a minimum, the organization must audit the individual identities of group users. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the actual account involved in the activity.

Check Content

Verify the operating system produces audit records containing the individual identities of group account users. If it does not, this is a finding.

Fix Text

Configure the operating system to produce audit records containing the individual identities of group account users.

Additional Identifiers

Rule ID: SV-203610r557088_rule

Vulnerability ID: V-203610

Group Title: SRG-OS-000042

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000135

The information system generates audit records containing the organization-defined additional, more detailed information that is to be included in the audit records.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-3 (1)

Additional Audit Information