The operating system must protect audit information from unauthorized read access.

An XCCDF Rule