Monitoring and identifying security threats and malicious activity has continued to become a top priority across many different industries and business segments world-wide.  Standards continue to be updated, and enforcement of these standards is required for many doing business in these regulated areas (ex. In the US NIST has documented expectations related to DFARS and CMMC with new requirements in 2020).  To better understand expectations that may be required to enhance the existing Windchill security auditing functionality associated with this increased security visibility, it would be helpful to know what types of concerns are being identified as gaps.  More specifically, what security events may be required to be added/updated?  Does the current security event auditing provide the traceability needed to meet regulatory audits around security traceability?

Examples:

• Identifying changes to a user's permissions by an administrator to elevate permissions without prior approvals.
• Changes in the Windchill configuration made by an administrator with no justification, allowing malicious behavior to occur.