800-53|AU-14(1)

Title

SYSTEM START-UP

Description

The information system initiates session audits at system start-up.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: AUDIT AND ACCOUNTABILITY

Parent Title: SESSION AUDIT

Family: AUDIT AND ACCOUNTABILITY

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AIX7-00-002023 - AIX must start audit at boot.	Unix	DISA STIG AIX 7.x v2r9
AOSX-15-001003 - The macOS system must initiate session audits at system startup	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-13-001003 - The macOS system must produce audit records containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-14-001003 - The macOS system must enable security auditing.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-15-001003 - The macOS system must enable security auditing.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
AS24-U1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events - log_config_module	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events - LogFormat	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events.	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1
AS24-W1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events.	Windows	DISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events.	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - 800-171
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
CD12-00-008600 - PostgreSQL must initiate session auditing upon startup.	PostgreSQLDB	DISA STIG Crunchy Data PostgreSQL DB v3r1
CNTR-K8-000610 - The Kubernetes API Server must have an audit log path set.	Unix	DISA STIG Kubernetes v2r1
DB2X-00-001000 - DB2 must initiate session auditing upon startup - AUDIT	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DB2X-00-001000 - DB2 must initiate session auditing upon startup - CHECKING	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DB2X-00-001000 - DB2 must initiate session auditing upon startup - CONTEXT	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DB2X-00-001000 - DB2 must initiate session auditing upon startup - EXECUTE	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DB2X-00-001000 - DB2 must initiate session auditing upon startup - OBJMAINT	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DB2X-00-001000 - DB2 must initiate session auditing upon startup - Review user policies	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DB2X-00-001000 - DB2 must initiate session auditing upon startup - SECMAINT	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DB2X-00-001000 - DB2 must initiate session auditing upon startup - SYSADMIN	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DB2X-00-001000 - DB2 must initiate session auditing upon startup - VALIDATE	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DKER-EE-001080 - The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker paths	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v2r2
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker services	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v2r2
EP11-00-001400 - The EDB Postgres Advanced Server must initiate support of session auditing upon startup.	PostgreSQLDB	EDB PostgreSQL Advanced Server v11 DB Audit v2r4
EPAS-00-001400 - The EDB Postgres Advanced Server must initiate support of session auditing upon startup.	PostgreSQLDB	EnterpriseDB PostgreSQL Advanced Server DB v2r1
IIST-SI-000206 - Both the log file and Event Tracing for Windows (ETW) for each IIS 10.0 website must be enabled.	Windows	DISA IIS 10.0 Site v2r9
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events.	Windows	DISA IIS 10.0 Server v2r10
IIST-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled.	Windows	DISA IIS 10.0 Server v2r10
IIST-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled.	Windows	DISA IIS 10.0 Server v3r1
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session	Windows	DISA IIS 8.5 Site v2r9
IISW-SI-000206 - Both the log file and Event Tracing for Windows (ETW) for each IIS 8.5 website must be enabled.	Windows	DISA IIS 8.5 Site v2r9

Detections

Analytics

800-53|AU-14(1)

Title

Description

Reference Item Details

Audit Items