Print This Page
It must be possible for an independent auditor to verify that the system conforms to the security policy. To enable this, systems and processes need to be in place that record security related events in a tamper-resistant audit log.