>From b83e5f688b09e23274e765646c909d565e5164b1 Mon Sep 17 00:00:00 2001
From: Shawn Wells <shawn@redhat.com>
Date: Wed, 16 May 2012 15:18:07 -0400
Subject: [PATCH 05/11] Mapped CCI-001686 to met_natively

This CCI requires that "appropriate individuals" recieve notifications for account terminations. This is provided for natively in the linux audit logs, which are accessible to root (other guidance states that root must review the logs, so I'm considering the fact auditd puts the information there a notification)
---
 rhel6/src/input/auxiliary/srg_support.xml |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/rhel6/src/input/auxiliary/srg_support.xml b/rhel6/src/input/auxiliary/srg_support.xml
index 5dbdc95..60f003e 100644
--- a/rhel6/src/input/auxiliary/srg_support.xml
+++ b/rhel6/src/input/auxiliary/srg_support.xml
@@ -14,6 +14,15 @@ Red Hat Enterprise Linux meets this requirement by design.
      desired here. -->
 </description>
 <ref disa="131" />
+
+<Rule id="audit_account_termination">
+<title>The operating system must notify, as required, appropriate individuals for account termination.</title>
+<description>Monitoring account termination is critical to ensure a denial of service situation does not exist on the operating system.  An unexpected account termination can also be a sign of a rogue administrator account that may be deleting traces of activity.  In order to facilitate the monitoring, the operating system must notify designated personnel when an account is terminated.</description>
+<rationale>The Red Hat Enterprise Linux Auditing Subsystem provides this functionality natively, placing this information in the audit logs for system administrator review.</rationale>
+<ref disa="1686" />
+</Rule>
+
+
 </Group>
 
 <Group id="unmet_impractical_guidance" hidden="true">
-- 
1.7.1