Details
Logs generated by auditd may be useful when investigating a security incident as they may help reveal the vulnerable application and the actions taken by a malicious actor.
Solution
Perform the following to implement the prescribed state:
Run the following command in Terminal:
sudo /bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.auditd.plist
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.