Check: SRG-OS-000255-GPOS-00096
General Purpose Operating System SRG:
SRG-OS-000255-GPOS-00096
(in versions v3 r1 through v1 r6)
Title
The operating system must produce audit records containing information to establish the identity of any individual or process associated with the event. (Cat II impact)
Discussion
Without information that establishes the identity of the subjects (i.e., users or processes acting on behalf of users) associated with the events, security personnel cannot determine responsibility for the potentially harmful event.
Check Content
Verify the operating system produces audit records containing information to establish the identity of any individual or process associated with the event. If it does not, this is a finding.
Fix Text
Configure the operating system to produce audit records containing information to establish the identity of any individual or process associated with the event.
Additional Identifiers
Rule ID: SV-203671r991556_rule
Vulnerability ID: V-203671
Group Title: SRG-OS-000255
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001487 |
Ensure that audit records containing information that establishes the identity of any individuals, subjects, or objects/entities associated with the event. |
Controls
Number | Title |
---|---|
AU-3 |
Content of Audit Records |