|

 
|
| | Name : | Matt Bishop | Organization : | University of California Davis | Post Date : | 9/30/2005 |
| Section : | 2.2.8 | Page no. : | 2-19 | Line no.: | | Comment : | In short, no section of the standards requires the vendor to document how to configure the audit system, when
to invoke that audit system to develop an audit trail, how to protect that audit trail from being compromised, or
how to use an audit trail to confirm the correct execution of the system or discover and fix errors.
There is only the requirement that the vendor provide documentation showing the system can produce an adequate audit trail and explaining how to produce it. | |
|
|