- SOL-11.1-010040 - The audit system must produce records containing sufficient information to establish the identity of any user/subject associated with the event.
- SOL-11.1-010060 - The audit system must support an audit reduction capability.
- SOL-11.1-010070 - The audit system records must be able to be used by a report generation capability.
- SOL-11.1-010080 - The operating system must provide the capability to automatically process audit records for events of interest based upon selectable, event criteria.
- SOL-11.1-010100 - The audit records must provide data for all auditable events defined at the organizational level for the organization-defined information system components.
- SOL-11.1-010120 - The operating system must generate audit records for the selected list of auditable events as defined in DoD list of events.
- SOL-11.1-010130 - The operating system must support the capability to compile audit records from multiple components
- SOL-11.1-010140 - Audit records must include what type of events occurred.
- SOL-11.1-010150 - Audit records must include when (date and time) the events occurred.
- SOL-11.1-010160 - Audit records must include where the events occurred.
- SOL-11.1-010170 - Audit records must include the sources of the events that occurred.
- SOL-11.1-010180 - Audit records must include the outcome (success or failure) of the events that occurred.
- SOL-11.1-010220 - The audit system must be configured to audit file deletions - getpolicy
- SOL-11.1-010220 - The audit system must be configured to audit file deletions.
- SOL-11.1-010230 - The audit system must be configured to audit account creation - getpolicy
- SOL-11.1-010230 - The audit system must be configured to audit account creation.
- SOL-11.1-010250 - The audit system must be configured to audit account modification - getpolicy
- SOL-11.1-010250 - The audit system must be configured to audit account modification.
- SOL-11.1-010260 - The operating system must automatically audit account disabling actions - getpolicy
- SOL-11.1-010260 - The operating system must automatically audit account disabling actions.
- SOL-11.1-010270 - The operating system must automatically audit account termination - getpolicy
- SOL-11.1-010270 - The operating system must automatically audit account termination.
- SOL-11.1-010290 - The operating system must ensure unauthorized, security-relevant configuration changes detected are tracked - getpolicy
- SOL-11.1-010290 - The operating system must ensure unauthorized, security-relevant configuration changes detected are tracked.
- SOL-11.1-010300 - The audit system must be configured to audit all administrative, privileged, and security actions - getpolicy
- SOL-11.1-010300 - The audit system must be configured to audit all administrative, privileged, and security actions.
- SOL-11.1-010310 - The audit system must be configured to audit login, logout, and session initiation - getflags
- SOL-11.1-010310 - The audit system must be configured to audit login, logout, and session initiation - getnaflags lo
- SOL-11.1-010310 - The audit system must be configured to audit login, logout, and session initiation - getnaflags na
- SOL-11.1-010310 - The audit system must be configured to audit login, logout, and session initiation - getpolicy
