diff --git a/schedule/security/cc_audit_trail_protection.yaml b/schedule/security/cc_audit_trail_protection.yaml
new file mode 100644
index 000000000000..9fabb0c49b11
--- /dev/null
+++ b/schedule/security/cc_audit_trail_protection.yaml
@@ -0,0 +1,7 @@
+name: cc_audit_trail_protection
+description:    >
+    This is for audit_test audit-trail-protection
+schedule:
+    - boot/boot_to_desktop
+    - security/cc/cc_audit_test_setup
+    - security/cc/audit_trail_protection
diff --git a/tests/security/cc/audit_trail_protection.pm b/tests/security/cc/audit_trail_protection.pm
new file mode 100644
index 000000000000..bff686b5ed97
--- /dev/null
+++ b/tests/security/cc/audit_trail_protection.pm
@@ -0,0 +1,33 @@
+# SUSE's openQA tests
+#
+# Copyright © 2021 SUSE LLC
+#
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved.  This file is offered as-is,
+# without any warranty.
+#
+# Summary: Run 'audit-trail-protection' test case of 'audit-test' test suite
+# Maintainer: Liu Xiaojing <xiaojing.liu@suse.com>
+# Tags: poo#94447
+
+use base 'consoletest';
+use strict;
+use warnings;
+use testapi;
+use utils;
+use audit_test qw(run_testcase compare_run_log);
+
+sub run {
+    my ($self) = shift;
+
+    select_console 'root-console';
+
+    run_testcase('audit-trail-protection', (make => 1));
+
+    # Compare current test results with baseline
+    my $result = compare_run_log('audit_trail_protection');
+    $self->result($result);
+}
+
+1;