Whose Requirement?
A. Unauthorized activity on operational systems shall be continuously monitored, recorded and reported.
B. The unauthorized activity monitor shall be physically protected from unauthorized access and eavesdropping.
C. Recording of unauthorized activity shall be initiated and terminated by an authorized security administrator through both command line and graphical interfaces.
D. Recording of unauthorized activity shall be initiated within 50 ms of completing an operator input request.
E. The recording mechanism for unauthorized activity shall provide an upgrade path for alternate types of media.