Sub-Requirement 10.1
10.1 Establish a process for linking all access to system components (especially those done with administrative privileges such as root) to each individual user
Illustrative Controls and the TIBCO LogLogic Solution
All users (internal, external and temporary) and their activity on in-scope systems (business applications, operating systems, network devices) must be uniquely identifiable. Administrators and root users should never directly access system components, as these accounts are generally shared and can be difficult to track back to a specific individual. Instead, these users should be accessing these components using commands such as sudo or su; or in the Windows environment, be assigned to a administrative group. This setup allows the actions of specific individuals to be tracked.
To satisfy this requirement, administrators should regularly review user lists on in-scope systems to identify IDs that may be generic or shared.
Reports and Alerts
Use the following link/reference to see the 10.1 reports and alerts: 10.1 on page 134.