This rule and others on non-suid executables are kind of silly since users can just copy chcon (or other) locally or from elsewhere and attempt to run it, which auditing as specified would not capture. Hence, it doesn't really provide protection from much of anything and is just theater.
The suid executables should be combined into one item that says suid executable use should generate audit records. Otherwise, the spirit is violated whenever you install a suid file on the system that is not in the STIG so will not be audited.
This rule and others on non-suid executables are kind of silly since users can just copy chcon (or other) locally or from elsewhere and attempt to run it, which auditing as specified would not capture. Hence, it doesn't really provide protection from much of anything and is just theater.
The suid executables should be combined into one item that says suid executable use should generate audit records. Otherwise, the spirit is violated whenever you install a suid file on the system that is not in the STIG so will not be audited.