800-53|AU-1

Title

AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES

Description

The organization:

Supplemental

This control addresses the establishment of policy and procedures for the effective implementation of selected security controls and control enhancements in the AU family. Policy and procedures reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance. Security program policies and procedures at the organization level may make the need for system-specific policies and procedures unnecessary. The policy can be included as part of the general information security policy for organizations or conversely, can be represented by multiple policies reflecting the complex nature of certain organizations. The procedures can be established for the security program in general and for particular information systems, if needed. The organizational risk management strategy is a key factor in establishing policy and procedures.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: PM-9

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.3 Ensure 'Enable Log on High DP Load' is enabled	Palo_Alto	CIS Palo Alto Firewall 10 v1.2.0 L1
1.1.3 Ensure 'Enable Log on High DP Load' is enabled	Palo_Alto	CIS Palo Alto Firewall 11 v1.1.0 L1
1.1.3 Ensure 'Enable Log on High DP Load' is enabled	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.21 Ensure that the audit logs are forwarded off the cluster for retention	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
2.13 Ensure centralized and remote logging is configured	Unix	CIS Docker v1.7.0 L2 Docker - Linux
3.4 Ensure Security Auditing Retention Is Enabled	Unix	CIS Apple macOS 10.14 v2.0.0 L1
4.1.2 Ensure auditd service is enabled	Unix	CIS Debian 8 Workstation L2 v2.0.2
4.1.2 Ensure auditd service is enabled	Unix	CIS Debian 8 Server L2 v2.0.2
4.1.18 Ensure the audit configuration is immutable	Unix	CIS Debian 8 Workstation L2 v2.0.2
4.1.18 Ensure the audit configuration is immutable	Unix	CIS Debian 8 Server L2 v2.0.2
4.2.2.1 Ensure syslog-ng service is enabled	Unix	CIS Debian 8 Server L1 v2.0.2
4.2.2.1 Ensure syslog-ng service is enabled	Unix	CIS Debian 8 Workstation L1 v2.0.2
6.3 Ensure to lockdown access logs to 'Administrator , Resource Administrator and Auditor ' roles only	F5	CIS F5 Networks v1.0.0 L1
6.4 Ensure that audit logging for 'MCP, tmsh and GUI' is set to enabled	F5	CIS F5 Networks v1.0.0 L1
7.1.2 Disable Limited Audit of Applications (DB2_LIMIT_AUDIT_APPS)	Unix	CIS IBM DB2 11 v1.1.0 Linux OS Level 1
7.1.2 Disable Limited Audit of Applications (DB2_LIMIT_AUDIT_APPS)	Windows	CIS IBM DB2 11 v1.1.0 Windows OS Level 1
7.3.1 Centralized Logging and Reporting	FortiGate	CIS Fortigate 7.0.x v1.3.0 L2

Detections

Analytics