The software passes this check, this however is a side effect of limited error handling.
\end{result}
- \item\pass{} Verify security logging controls provide the ability
+ \item\fail{} Verify security logging controls provide the ability
to log success and
particularly failure events that
are identified as security-relevant.
Failed/unauthorized installation attempts won't get logged either.
\end{result}
- \item\pass{} Verify that each log event includes necessary
+ \item\fail{} Verify that each log event includes necessary
information that would allow for a detailed
investigation of the timeline when an event
happens.
\begin{result}
\end{result}
- \item\pass{} Verify that an audit log or similar allows for non-repudiation of key transactions.
+ \item\fail{} Verify that an audit log or similar allows for non-repudiation of key transactions.
\begin{result}
Failed login attempts, password reset, login/logout... are not logged at all.
\begin{result}
\end{result}
- \item\pass{} Time sources should be synchronized to ensure
+ \item\fail{} Time sources should be synchronized to ensure
logs have the correct time.
\begin{result}