The operating system must protect audit tools from unauthorized modification.

An XCCDF Rule