Detections
Analytics

800-53|AU-12

Title

AUDIT GENERATION

Description

The information system:

Supplemental

Audit records can be generated from many different information system components. The list of audited events is the set of events for which audits are to be generated. These events are typically a subset of all events for which the information system is capable of generating audit records.

Reference Item Details

Related: AC-3,AU-2,AU-3,AU-6,AU-7

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1.2.1.64 Set 'Audit: Audit the access of global system objects' to 'Disabled'WindowsCIS Windows 2003 DC v3.1.0
1.1.1.2.1.64 Set 'Audit: Audit the access of global system objects' to 'Disabled'WindowsCIS Windows 2003 MS v3.1.0
1.1.1.2.1.83 Set 'Audit: Audit the use of Backup and Restore privilege' to 'Disabled'WindowsCIS Windows 2003 DC v3.1.0
1.1.1.2.1.83 Set 'Audit: Audit the use of Backup and Restore privilege' to 'Disabled'WindowsCIS Windows 2003 MS v3.1.0
1.1.1.2.2.1 Set 'Audit directory service access' to 'Failure'WindowsCIS Windows 2003 DC v3.1.0
1.1.1.2.2.1 Set 'Audit directory service access' to 'Failure'WindowsCIS Windows 2003 MS v3.1.0
1.1.1.2.2.2 Set 'Audit account logon events' to 'Success, Failure'WindowsCIS Windows 2003 DC v3.1.0
1.1.1.2.2.2 Set 'Audit account logon events' to 'Success, Failure'WindowsCIS Windows 2003 MS v3.1.0
1.1.1.2.2.3 Set 'Audit logon events' to 'Success, Failure'WindowsCIS Windows 2003 MS v3.1.0
1.1.1.2.2.3 Set 'Audit logon events' to 'Success, Failure'WindowsCIS Windows 2003 DC v3.1.0
1.1.1.2.2.4 Set 'Audit process tracking' to 'No Auditing'WindowsCIS Windows 2003 DC v3.1.0
1.1.1.2.2.4 Set 'Audit process tracking' to 'No Auditing'WindowsCIS Windows 2003 MS v3.1.0
1.1.1.2.2.5 Set 'Audit account management' to 'Success, Failure'WindowsCIS Windows 2003 MS v3.1.0
1.1.1.2.2.5 Set 'Audit account management' to 'Success, Failure'WindowsCIS Windows 2003 DC v3.1.0
1.1.1.2.2.6 Set 'Audit policy change' to 'Success' (minimum) or 'Success and Failure'WindowsCIS Windows 2003 DC v3.1.0
1.1.1.2.2.6 Set 'Audit policy change' to 'Success' (minimum) or 'Success and Failure'WindowsCIS Windows 2003 MS v3.1.0
1.1.1.2.2.7 Set 'Audit system events' to 'Success' (minimum) or 'Success and Failure'WindowsCIS Windows 2003 MS v3.1.0
1.1.1.2.2.7 Set 'Audit system events' to 'Success' (minimum) or 'Success and Failure'WindowsCIS Windows 2003 DC v3.1.0
1.1.1.2.2.8 Set 'Audit privilege use' to 'Failure' (minimum) or 'Success and Failure'WindowsCIS Windows 2003 MS v3.1.0
1.1.1.2.2.8 Set 'Audit privilege use' to 'Failure' (minimum) or 'Success and Failure'WindowsCIS Windows 2003 DC v3.1.0
1.1.1.2.2.9 Configure 'Audit object access'WindowsCIS Windows 2003 MS v3.1.0
1.1.1.2.2.9 Configure 'Audit object access'WindowsCIS Windows 2003 DC v3.1.0
1.1.2 Ensure 'Enable Log on High DP Load' is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.1.3 Ensure auditing is configured for the Docker daemonUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.3 Ensure auditing is configured for the Docker daemonUnixCIS Docker v1.6.0 L1 Docker Linux
1.1.3.2.2 Enable 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings'WindowsCIS Windows 8 L1 v1.0.0
1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/dockerUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.10 Set 'aaa accounting exec'CiscoCIS Cisco IOS 16 L2 v1.1.0
1.1.10 Set 'aaa accounting network'CiscoCIS Cisco IOS 15 L2 v4.0.1
1.1.10 Set 'aaa accounting network'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.1.10 Set 'aaa accounting network'CiscoCIS Cisco IOS 12 L2 v4.0.0
1.1.10 Set 'aaa accounting system'CiscoCIS Cisco IOS XE 17.x v2.1.0 L2
1.1.10 Set 'aaa accounting system'CiscoCIS Cisco IOS XE 16.x v2.1.0 L2
1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.jsonUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.11 Set 'aaa accounting network'CiscoCIS Cisco IOS 16 L2 v1.1.0
1.1.11 Set 'aaa accounting system'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.1.11 Set 'aaa accounting system'CiscoCIS Cisco IOS 12 L2 v4.0.0
1.1.11 Set 'aaa accounting system'CiscoCIS Cisco IOS 15 L2 v4.0.1
1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.tomlUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.12 Set 'aaa accounting system'CiscoCIS Cisco IOS 16 L2 v1.1.0
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/dockerUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerdUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shimUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.15 Ensure that the --audit-log-path argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.15 Ensure that the --audit-log-path argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1UnixCIS Docker v1.6.0 L2 Docker Linux
1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2UnixCIS Docker v1.6.0 L2 Docker Linux
1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runcUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.37 Ensure that the AdvancedAuditing argument is not set to false - @AUDIT_POLICY_FILE@UnixCIS Kubernetes 1.13 Benchmark v1.4.0 L1
1.1.37 Ensure that the AdvancedAuditing argument is not set to false - AdvancedAuditingUnixCIS Kubernetes 1.13 Benchmark v1.4.0 L1