Detections
Analytics

800-53|AU-12(3)

Title

CHANGES BY AUTHORIZED INDIVIDUALS

Description

The information system provides the capability for [Assignment: organization-defined individuals or roles] to change the auditing to be performed on [Assignment: organization-defined information system components] based on [Assignment: organization-defined selectable event criteria] within [Assignment: organization-defined time thresholds].

Supplemental

This control enhancement enables organizations to extend or limit auditing as necessary to meet organizational requirements. Auditing that is limited to conserve information system resources may be extended to address certain threat situations. In addition, auditing may be limited to a specific set of events to facilitate audit reduction, analysis, and reporting. Organizations can establish time thresholds in which audit actions are changed, for example, near real-time, within minutes, or within hours.

Reference Item Details

Related: AU-7

Category: AUDIT AND ACCOUNTABILITY

Parent Title: AUDIT GENERATION

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.13 UBTU-24-100400UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.14 UBTU-24-100410UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.34 APPL-14-001003UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.119 UBTU-22-653010UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.120 UBTU-22-653015UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.229 OL08-00-030180UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.230 OL08-00-030181UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.367 RHEL-09-653010UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.368 RHEL-09-653015UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
AIX7-00-002032 - AIX must provide the function for assigned ISSOs or designated SAs to change the auditing to be performed on all operating system components, based on all selectable event criteria in near real time.UnixDISA STIG AIX 7.x v3r1
ALMA-09-047100 - The audit package must be installed on AlmaLinux OS 9.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
ALMA-09-054910 - The auditd service must be enabled on AlmaLinux OS 9.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
AOSX-15-001003 - The macOS system must initiate session audits at system startupUnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-13-001003 - The macOS system must produce audit records containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions.UnixDISA STIG Apple macOS 13 v1r5
APPL-14-001003 - The macOS system must enable security auditing.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-15-001003 - The macOS system must enable security auditing.UnixDISA Apple macOS 15 Sequoia STIG v1r5
APPL-26-001003 - The macOS system must enable security auditing.UnixDISA Apple macOS 26 Tahoe STIG v1r1
AZLX-23-001025 - Amazon Linux 2023 must have the audit package installed.UnixDISA Amazon Linux 2023 STIG v1r2
AZLX-23-001030 - Amazon Linux 2023 must produce audit records containing information to establish what type of events occurred.UnixDISA Amazon Linux 2023 STIG v1r2
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
CD12-00-010000 - PostgreSQL must provide the means for individuals in authorized roles to change the auditing to be performed on all application components, based on all selectable event criteria within organization-defined time thresholds.PostgreSQLDBDISA STIG Crunchy Data PostgreSQL DB v3r1
ESXI-06-000030 - The system must produce audit records containing information to establish what type of events occurred.VMwareDISA VMware vSphere ESXi 6.0 STIG v1r5
ESXI-06-100030 - The VMM must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.VMwareDISA VMware vSphere ESXi 6.0 STIG v1r5
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - 800-53r5 Low
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - 800-171
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
OL08-00-030180 - The OL 8 audit package must be installed.UnixDISA Oracle Linux 8 STIG v2r6