Audit is showing all fields which are secured behind subpages to the users who do not have access to those subpages. Is this expected? 

Release : Any

Component : CA PPM STUDIO

This is by design. Currently to provide access to users to audit trail on the objects there is the following permission:
Audit Trail - View

If you provide it, the users will be able to see all the audit fields on the objects. This is an Admin permission.

We recommend to only provide this permissions to very few users such as the Clarity administrator of the system.
This permission will provide access to all audited fields on the objects they have access to. We don't have field security in Classic and secured subpages access right is only for subpages/list views and not a field level security.

Field Level Security (FLS) is now being introduced in Modern UX so if you want, when you speak to Product Management, let them know you would like having Audit in Modern UX, controlling the access based on FLS like we do on the other modules.

If you would like this feature to restrict the permissions by the fields they are seeing in the secure pages, then this would be a new enhancement. Please bring it up to our Product Management Office Hours for consideration. Here us how to join:
https://knowledge.broadcom.com/external/article?articleId=143934

 For now we recommend you to remove this permission from all the users who are not allowed to see sensitive information. You may create custom portlets of the Audit data for them to see only with the data you choose.