Are the records protected against intentional or accidental modification or deletion?
Is an electronic audit trail completely outside the control and access of the system administrator (except for the read only access of the audit trail file)?
Is it impossible to disable the audit trail function without being detected?
Is the system date and/or metadata protected from accidental and/or intentional modification or deletion?
Is the distribution of, access to, and use of the operating system and maintenance documentation controlled?