800-53|AU-12

Title

AUDIT GENERATION

Description

The information system:

Supplemental

Audit records can be generated from many different information system components. The list of audited events is the set of events for which audits are to be generated. These events are typically a subset of all events for which the information system is capable of generating audit records.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-3,AU-2,AU-3,AU-6,AU-7

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.2 Ensure 'Enable Log on High DP Load' is enabled	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.1.3 Ensure auditing is configured for the Docker daemon	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.3 Ensure auditing is configured for the Docker daemon	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.3.2.2 Enable 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings'	Windows	CIS Windows 8 L1 v1.0.0
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerd	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerd	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.4.1 exec accounting	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.2 command accounting	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.3 network accounting	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.4 system accounting	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/docker	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/docker	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/docker	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/docker	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.6 Set 'aaa accounting' to log all privileged use commands using 'commands 15'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
1.1.6 Set 'aaa accounting' to log all privileged use commands using 'commands 15'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
1.1.7 Ensure auditing is configured for Docker files and directories - docker.service	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.7 Set 'aaa accounting' to log all privileged use commands using 'commands 15'	Cisco	CIS Cisco IOS 12 L2 v4.0.0
1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sock	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.8 Set 'aaa accounting connection'	Cisco	CIS Cisco IOS 12 L2 v4.0.0
1.1.8 Set 'aaa accounting exec'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
1.1.8 Set 'aaa accounting exec'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
1.1.9 Ensure auditing is configured for Docker files and directories - docker.sock	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.9 Set 'aaa accounting exec'	Cisco	CIS Cisco IOS 15 L2 v4.1.1
1.1.9 Set 'aaa accounting exec'	Cisco	CIS Cisco IOS 12 L2 v4.0.0
1.1.9 Set 'aaa accounting network'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
1.1.9 Set 'aaa accounting network'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/docker	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.10 Set 'aaa accounting network'	Cisco	CIS Cisco IOS 15 L2 v4.1.1
1.1.10 Set 'aaa accounting network'	Cisco	CIS Cisco IOS 12 L2 v4.0.0
1.1.10 Set 'aaa accounting system'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
1.1.10 Set 'aaa accounting system'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.11 Set 'aaa accounting system'	Cisco	CIS Cisco IOS 15 L2 v4.1.1
1.1.11 Set 'aaa accounting system'	Cisco	CIS Cisco IOS 12 L2 v4.0.0
1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.toml	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.15 Ensure that the --audit-log-path argument is set as appropriate	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runc	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.10 Set receive connector 'Configure Protocol logging' to 'Verbose'	Windows	CIS Microsoft Exchange Server 2013 Edge v1.1.0
1.10 Set receive connector 'Configure Protocol logging' to 'Verbose'	Windows	CIS Microsoft Exchange Server 2016 Edge v1.0.0
1.10.1 Ensure 'logging' is enabled	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.1 Ensure 'logging' is enabled	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.2 Ensure 'logging to monitor' is disabled	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.10 Ensure 'logging buffered severity level' is greater than or equal to '3'	Cisco	CIS Cisco Firewall v8.x L1 v4.2.0
1.10.10 Ensure 'logging buffered severity level' is greater than or equal to '3'	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0

Detections

Analytics