Auditing account disabling actions will support account management procedures. When device management accounts are disabled, user or service accessibility may be affected. Auditing also ensures authorized active accounts remain enabled and available for use when required. If the User-Audit Logging role is not assigned to an admin, then all admins can see the log. If the role is defined, then the role is the only one that can see the local audit log. Satisfies: SRG-APP-000028-NDM-000210, SRG-APP-000381-NDM-000305, SRG-APP-000029-NDM-000211, SRG-APP-000027-NDM-000209, SRG-APP-000091-NDM-000223, SRG-APP-000092-NDM-000224, SRG-APP-000516-NDM-000334, SRG-APP-000495-NDM-000318, SRG-APP-000499-NDM-000319, SRG-APP-000503-NDM-000320, SRG-APP-000504-NDM-000321, SRG-APP-000505-NDM-000322, SRG-APP-000506-NDM-000323, SRG-APP-000099-NDM-000229, SRG-APP-000098-NDM-000228, SRG-APP-000097-NDM-000227, SRG-APP-000096-NDM-000226, SRG-APP-000095-NDM-000225, SRG-APP-000101-NDM-000231, SRG-APP-000100-NDM-000230, SRG-APP-000177-NDM-000263, SRG-APP-000319-NDM-000283, SRG-APP-000026-NDM-000208, SRG-APP-000343-NDM-000289
Verify user audit logging is enabled. 1. From the GUI menu, navigate to Configure >> All Settings >> Administer >> User Audit. 2. Under the User Audit Logging section, verify "Yes" is selected. If user audit logging is not enabled and assigned, this is a finding.
Enable the User Audit role and assign to a user. 1. From the GUI, navigate to Configure >> All Settings >> Administer >> User Audit. 2. On the Settings tab, select "Yes" under the User Audit Logging section. 3. Assign the role to an admin user account. Note: The user auditor role removes all other admin roles and functions from the users assigned the role of audit administrator. Other types of administrators, including the default admin of last resort, will not be able to access the auditing functions or local audit log.