Audit Account Creation, Modification, and DeletionID: oval:org.secpod.oval:def:54025 | Date: (C)2019-04-05 (M)2023-07-04 |
Class: COMPLIANCE | Family: macos |
Account creations and account modfications, such as disablement and termination, can all be signs of an intrusion and should be audited. Once an attacker establishes access to a system, the attacker may attempt to create an account to reestablish access at a later time. The attacker may also attempt to modify accounts in an attempt to change an existing account's privileges or disable or delete accounts in a denial-of-service attack. Auditing of account creation, modification, disabling, and termination events mitigates this risk.
Platform: |
Apple Mac OS X 10.14 |