Audio devices must not have extended ACLs.
File system ACLs can provide access to files beyond what is allowed by the mode numbers of the files.
Remove the extended ACL from the audio device file(s) and disable extended permissions.
Determine the audio device files for the system. Procedure: # /usr/sbin/lsdev -C | grep -i audio #aclget /dev/*aud0 Check if extended permissions are disabled. If extended permissions are not disabled, this is a finding.