SRG-OS-000349-GPOS-00137

The operating system must provide an audit reduction capability that supports after-the-fact investigations of security incidents.