Hmmmâ Been there, done that, but over fifteen years ago, so I'm not familiar with current protocols. I don't know what to tell you. If the security manual can't get you there, then maybe there's something in
http://www.commoncriteriaportal.org/files/epfiles/0536a_pdf.pdf If not, contact the DoD reps responsible for the requirements. There's got to be simple ways to get this going, since so many are in the same boat. Good luck.
P.S. Check the manpages for audit_control and audit_user, for starters.
P.P.S. If you find a solution, please post it.