800-53|AU-12c.

Title

AUDIT GENERATION

Description

Generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Reference Item Details

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2 Ensure 'Enable Log on High DP Load' is enabledPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.1.2 Ensure 'Enable Log on High DP Load' is enabledPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.1.2.1 Set 'Audit Policy: Privilege Use: Sensitive Privilege Use' to 'Success and Failure'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.2 Set 'Audit Policy: Account Management: Other Account Management Events' to 'Success and Failure'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.3 Set 'Audit Policy: Logon-Logoff: IPsec Quick Mode' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.4 Set 'Audit Policy: Detailed Tracking: RPC Events' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.5 Set 'Audit Policy: DS Access: Directory Service Access' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.10 Set 'Audit Policy: Account Management: User Account Management' to 'Success and Failure'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.11 Set 'Audit Policy: Account Management: Computer Account Management' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.12 Set 'Audit Policy: System: Security System Extension' to 'Success and Failure'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.13 Set 'Audit Policy: System: Security State Change' to 'Success and Failure'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.14 Set 'Audit Policy: Logon-Logoff: Network Policy Server' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.15 Set 'Audit Policy: Detailed Tracking: DPAPI Activity' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.16 Set 'Audit Policy: System: IPsec Driver' to 'Success and Failure'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.17 Set 'Audit Policy: Account Management: Security Group Management' to 'Success and Failure'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.18 Set 'Audit Policy: Account Logon: Other Account Logon Events' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.19 Set 'Audit Policy: Object Access: Registry' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.20 Set 'Audit Policy: Privilege Use: Other Privilege Use Events' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.21 Set 'Audit Policy: Policy Change: Filtering Platform Policy Change' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.22 Set 'Audit Policy: Object Access: Central Access Policy Staging' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.23 Set 'Audit Policy: Policy Change: Authorization Policy Change' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.24 Set 'Audit Policy: Account Logon: Kerberos Authentication Service' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.25 Set 'Audit Policy: Logon-Logoff: Logoff' to 'Success'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.26 Set 'Audit Policy: Account Management: Application Group Management' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.27 Set 'Audit Policy: DS Access: Directory Service Changes' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.28 Set 'Audit Policy: Object Access: Kernel Object' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.29 Set 'Audit Policy: Policy Change: Other Policy Change Events' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.30 Set 'Audit Policy: Object Access: Application Generated' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.31 Set 'Audit Policy: Logon-Logoff: Account Lockout' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.32 Set 'Audit Policy: Policy Change: Audit Policy Change' to 'Success and Failure'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.33 Set 'Audit Policy: Object Access: File Share' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.34 Set 'Audit Policy: System: System Integrity' to 'Success and Failure'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.35 Set 'Audit Policy: System: Other System Events' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.36 Set 'Audit Policy: Logon-Logoff: Other Logon/Logoff Events' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.37 Set 'Audit Policy: DS Access: Directory Service Replication' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.38 Set 'Audit Policy: Object Access: Filtering Platform Packet Drop' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.39 Set 'Audit Policy: DS Access: Detailed Directory Service Replication' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.40 Set 'Audit Policy: Object Access: Other Object Access Events' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.41 Set 'Audit Policy: Object Access: Filtering Platform Connection' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.42 Set 'Audit Policy: Privilege Use: Non Sensitive Privilege Use' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.43 Set 'Audit Policy: Object Access: Certification Services' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.44 Set 'Audit Policy: Logon-Logoff: Special Logon' to 'Success'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.45 Set 'Audit Policy: Object Access: Handle Manipulation' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.46 Set 'Audit Policy: Object Access: Removable Storage' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.47 Set 'Audit Policy: Logon-Logoff: IPsec Main Mode' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.48 Set 'Audit Policy: Account Logon: Credential Validation' to 'Success and Failure'WindowsCIS Windows 8 L1 v1.0.0
1.1.2.49 Set 'Audit Policy: Account Logon: Kerberos Service Ticket Operations' to 'No Auditing'WindowsCIS Windows 8 L1 v1.0.0
1.1.14 Ensure that the --audit-log-path argument is set as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.15 Ensure that the --audit-log-path argument is set as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.16 Ensure that the --audit-log-path argument is set as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1