Check: SRG-OS-000338-GPOS-00130
General Purpose Operating System SRG:
SRG-OS-000338-GPOS-00130
(in versions v1 r5 through v1 r5)
Title
The operating system must provide the capability for authorized users to select a user session to capture/record or view/hear. (Cat II impact)
Discussion
Without the capability to select a user session to capture/record or view/hear, investigations into suspicious or harmful events would be hampered by the volume of information captured. The volume of information captured may also adversely impact the operation of the network. Session audits may include monitoring keystrokes, screen monitoring software, remote desktop recording, screen mirroring, and recording information and/or file transfers.
Check Content
Verify the operating system provides the capability for authorized users to select a user session to capture/record or view/hear. If it does not, this is a finding.
Fix Text
Configure the operating system to provide the capability for authorized users to select a user session to capture/record or view/hear.
Additional Identifiers
Rule ID: SV-71501r1_rule
Vulnerability ID: V-57241
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001919 |
The information system provides the capability for authorized users to select a user session to capture/record or view/hear. |
Controls
Number | Title |
---|---|
AU-14 |
Session Audit |