800-53|AU-12

Title

AUDIT GENERATION

Description

The information system:

Supplemental

Audit records can be generated from many different information system components. The list of audited events is the set of events for which audits are to be generated. These events are typically a subset of all events for which the information system is capable of generating audit records.

Reference Item Details

Related: AC-3,AU-2,AU-3,AU-6,AU-7

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2 Ensure 'Enable Log on High DP Load' is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.1.3 Ensure auditing is configured for the Docker daemonUnixCIS Docker v1.7.0 L1 Docker - Linux
1.1.3.2.2 Enable 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings'WindowsCIS Windows 8 L1 v1.0.0
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerdUnixCIS Docker v1.7.0 L1 Docker - Linux
1.1.4.1 exec accountingCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.2 command accountingCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.3 network accountingCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.4 system accountingCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/dockerUnixCIS Docker v1.7.0 L1 Docker - Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/dockerUnixCIS Docker v1.7.0 L1 Docker - Linux
1.1.6 Set 'aaa accounting' to log all privileged use commands using 'commands 15'CiscoCIS Cisco IOS XE 16.x v2.1.0 L2
1.1.6 Set 'aaa accounting' to log all privileged use commands using 'commands 15'CiscoCIS Cisco IOS XE 17.x v2.1.0 L2
1.1.7 Ensure auditing is configured for Docker files and directories - docker.serviceUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.7 Set 'aaa accounting' to log all privileged use commands using 'commands 15'CiscoCIS Cisco IOS 12 L2 v4.0.0
1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sockUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.8 Set 'aaa accounting connection'CiscoCIS Cisco IOS 12 L2 v4.0.0
1.1.8 Set 'aaa accounting exec'CiscoCIS Cisco IOS XE 16.x v2.1.0 L2
1.1.8 Set 'aaa accounting exec'CiscoCIS Cisco IOS XE 17.x v2.1.0 L2
1.1.9 Ensure auditing is configured for Docker files and directories - docker.sockUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.9 Set 'aaa accounting exec'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.1.9 Set 'aaa accounting exec'CiscoCIS Cisco IOS 12 L2 v4.0.0
1.1.9 Set 'aaa accounting network'CiscoCIS Cisco IOS XE 16.x v2.1.0 L2
1.1.9 Set 'aaa accounting network'CiscoCIS Cisco IOS XE 17.x v2.1.0 L2
1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/dockerUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.10 Set 'aaa accounting network'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.1.10 Set 'aaa accounting network'CiscoCIS Cisco IOS 12 L2 v4.0.0
1.1.10 Set 'aaa accounting system'CiscoCIS Cisco IOS XE 17.x v2.1.0 L2
1.1.10 Set 'aaa accounting system'CiscoCIS Cisco IOS XE 16.x v2.1.0 L2
1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.jsonUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.11 Set 'aaa accounting system'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.1.11 Set 'aaa accounting system'CiscoCIS Cisco IOS 12 L2 v4.0.0
1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.tomlUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/dockerUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerdUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shimUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.15 Ensure that the --audit-log-path argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1UnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2UnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runcUnixCIS Docker v1.7.0 L2 Docker - Linux
1.10 Set receive connector 'Configure Protocol logging' to 'Verbose'WindowsCIS Microsoft Exchange Server 2013 Edge v1.1.0
1.10 Set receive connector 'Configure Protocol logging' to 'Verbose'WindowsCIS Microsoft Exchange Server 2016 Edge v1.0.0
1.10.1 Ensure 'logging' is enabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.1 Ensure 'logging' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.2 Ensure 'logging to monitor' is disabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.3 Ensure 'syslog hosts' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.4 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.5 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.5 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.10.10 Ensure 'logging buffered severity level' is greater than or equal to '3'CiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.10.10 Ensure 'logging buffered severity level' is greater than or equal to '3'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0