3.2 Enable security auditing

Information

Logs generated by auditd may be useful when investigating a security incident as they may help reveal the vulnerable application and the actions taken by a malicious actor.

Solution

Perform the following to implement the prescribed state:
Run the following command in Terminal:
sudo /bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.auditd.plist

See Also

https://workbench.cisecurity.org/files/300

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c.

Plugin: Unix

Control ID: 7735ffa45b7c213578c2e001a1488ef914b4f2c3a69127fb8e35e6d184fba56a