SRG-OS-000255-GPOS-00096

The operating system must produce audit records containing information to establish the identity of any individual or process associated with the event.

Details
Associations

Canonical Source

SV-203671r991556_rule ( from General Purpose Operating System Security Requirements Guide )

Description

Without information that establishes the identity of the subjects (i.e., users or processes acting on behalf of users) associated with the events, security personnel cannot determine responsibility for the potentially harmful event.