800-53|AU-14

Title

SESSION AUDIT

Description

The information system provides the capability for authorized users to select a user session to capture/record or view/hear.

Supplemental

Session audits include, for example, monitoring keystrokes, tracking websites visited, and recording information and/or file transfers. Session auditing activities are developed, integrated, and used in consultation with legal counsel in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, or standards.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-3,AU-11,AU-4,AU-5,AU-9

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P0

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
4.1.1.2 Ensure auditd service is enabled and running - running	Unix	CIS Red Hat EL7 Server L2 v3.0.1
4.1.1.2 Ensure auditd service is enabled and running - running	Unix	CIS Red Hat EL7 Workstation L2 v3.0.1
4.1.1.2 Ensure auditd service is enabled and running - running	Unix	CIS Oracle Linux 7 Workstation L2 v3.0.0
4.1.1.2 Ensure auditd service is enabled and running - running	Unix	CIS SUSE Linux Enterprise 15 Workstation L2 v1.0.0
4.1.1.2 Ensure auditd service is enabled and running - running	Unix	CIS Oracle Linux 7 Server L2 v3.0.0
4.1.1.2 Ensure auditd service is enabled and running - running	Unix	CIS SUSE Linux Enterprise 15 Server L2 v1.0.0
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Oracle Linux 8 Workstation L2 v1.0.0
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Red Hat EL7 Server L2 v3.0.1
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Oracle Linux 7 Server L2 v3.0.0
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Ubuntu Linux 20.04 LTS Workstation L2 v1.0.0
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS CentOS Linux 8 Server L2 v1.0.0
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS CentOS Linux 8 Workstation L2 v1.0.0
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Red Hat EL8 Server L2 v1.0.0
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Ubuntu Linux 20.04 LTS Server L2 v1.0.0
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Ubuntu Linux 18.04 LTS Server L2 v2.0.1
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Oracle Linux 7 Workstation L2 v3.0.0
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L2 v2.0.1
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Red Hat EL7 Workstation L2 v3.0.1
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Oracle Linux 8 Server L2 v1.0.0
4.1.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Red Hat EL8 Workstation L2 v1.0.0
4.1.1.4 Ensure audit_backlog_limit is sufficient	Unix	CIS Red Hat EL8 Server L2 v1.0.0
4.1.1.4 Ensure audit_backlog_limit is sufficient	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L2 v2.0.1
4.1.1.4 Ensure audit_backlog_limit is sufficient	Unix	CIS CentOS Linux 8 Server L2 v1.0.0
4.1.1.4 Ensure audit_backlog_limit is sufficient	Unix	CIS Ubuntu Linux 18.04 LTS Server L2 v2.0.1
4.1.1.4 Ensure audit_backlog_limit is sufficient	Unix	CIS CentOS Linux 8 Workstation L2 v1.0.0
4.1.1.4 Ensure audit_backlog_limit is sufficient	Unix	CIS Ubuntu Linux 20.04 LTS Server L2 v1.0.0
4.1.1.4 Ensure audit_backlog_limit is sufficient	Unix	CIS Ubuntu Linux 20.04 LTS Workstation L2 v1.0.0
4.1.1.4 Ensure audit_backlog_limit is sufficient	Unix	CIS Oracle Linux 8 Workstation L2 v1.0.0
4.1.1.4 Ensure audit_backlog_limit is sufficient	Unix	CIS Oracle Linux 8 Server L2 v1.0.0
4.1.1.4 Ensure audit_backlog_limit is sufficient	Unix	CIS Red Hat EL8 Workstation L2 v1.0.0
4.1.2.4 Ensure audit_backlog_limit is sufficient	Unix	CIS Oracle Linux 7 Server L2 v3.0.0
4.1.2.4 Ensure audit_backlog_limit is sufficient	Unix	CIS SUSE Linux Enterprise 15 Server L2 v1.0.0
4.1.2.4 Ensure audit_backlog_limit is sufficient	Unix	CIS SUSE Linux Enterprise 15 Workstation L2 v1.0.0
4.1.2.4 Ensure audit_backlog_limit is sufficient	Unix	CIS Oracle Linux 7 Workstation L2 v3.0.0
4.1.2.4 Ensure audit_backlog_limit is sufficient	Unix	CIS Red Hat EL7 Workstation L2 v3.0.1
4.1.2.4 Ensure audit_backlog_limit is sufficient	Unix	CIS Red Hat EL7 Server L2 v3.0.1
4.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS SUSE Linux Enterprise Server 12 L2 v2.1.0
4.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	Huawei EulerOS 2 Server L2 v1.0
4.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS CentOS 6 Server L2 v2.1.0
4.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Oracle Linux 6 Server L2 v1.1.0
4.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS SUSE Linux Enterprise Workstation 12 L2 v2.1.0
4.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Amazon Linux 2 v1.0.0 L2
4.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Oracle Linux 6 Workstation L2 v1.1.0
4.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Ubuntu Linux 16.04 LTS Server L2 v1.1.0
4.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Ubuntu Linux 16.04 LTS Workstation L2 v1.1.0
4.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS CentOS 6 Workstation L2 v2.1.0
4.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Red Hat 6 Server L2 v2.1.0
4.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	CIS Red Hat 6 Workstation L2 v2.1.0
4.1.3 Ensure auditing for processes that start prior to auditd is enabled	Unix	Huawei EulerOS 2 Workstation L2 v1.0
4.1.3 Ensure auditing for processes that start prior to auditd is enabled - '/boot/grub/grub.cfg'	Unix	CIS Ubuntu Linux 14.04 LTS Server L2 v2.0.0

Detections

Analytics