800-53|AU-3

Title

CONTENT OF AUDIT RECORDS

Description

The information system generates audit records containing information that establishes what type of event occurred, when the event occurred, where the event occurred, the source of the event, the outcome of the event, and the identity of any individuals or subjects associated with the event.

Supplemental

Audit record content that may be necessary to satisfy the requirement of this control, includes, for example, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked. Event outcomes can include indicators of event success or failure and event-specific results (e.g., the security state of the information system after the event occurred).

Reference Item Details

Related: AU-12,AU-2,AU-8,SI-11

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2 Ensure 'Enable Log on High DP Load' is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerdUnixCIS Docker v1.7.0 L1 Docker - Linux
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/dockerUnixCIS Docker v1.7.0 L1 Docker - Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/dockerUnixCIS Docker v1.7.0 L1 Docker - Linux
1.1.7 Ensure auditing is configured for Docker files and directories - docker.serviceUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sockUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.9 Ensure auditing is configured for Docker files and directories - docker.sockUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/dockerUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.jsonUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.tomlUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/dockerUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerdUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shimUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.15 Ensure that the --audit-log-path argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1UnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2UnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runcUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.37 Ensure that the AdvancedAuditing argument is not set to false - AdvancedAuditingUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.37 Ensure that the AdvancedAuditing argument is not set to false - AUDIT_POLICY_FILEUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.37 Ensure that the AdvancedAuditing argument is not set to false - audit-policy-fileUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.38 Ensure that the --request-timeout argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2.1 Ensure dm-verity is enabledUnixCIS Google Container-Optimized OS v1.2.0 L1 Server
1.2.2 Configure IP Blocking on Failed LoginsCiscoCIS Cisco NX-OS L1 v1.1.0
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Debian 10 Server L1 v2.0.0
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Debian 10 Workstation L1 v2.0.0
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1
1.2.7 Verify Package Integrity Using RPMUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.2.20 Ensure that the --audit-log-path argument is setOpenShiftCIS RedHat OpenShift Container Platform v1.6.0 L1
1.3.1 Ensure AIDE is installedUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
1.3.1 Ensure AIDE is installedUnixCIS Aliyun Linux 2 L1 v1.0.0
1.3.1 Ensure AIDE is installedUnixCIS Red Hat 6 Workstation L1 v3.0.0
1.3.1 Ensure AIDE is installedUnixCIS Debian 9 Server L1 v1.0.1
1.3.1 Ensure AIDE is installedUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.3.1 Ensure AIDE is installedUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.3.1 Ensure AIDE is installedUnixCIS CentOS 6 Workstation L1 v3.0.0
1.3.1 Ensure AIDE is installedUnixCIS Debian 9 Workstation L1 v1.0.1
1.3.1 Ensure AIDE is installedUnixCIS Distribution Independent Linux Server L1 v2.0.0
1.3.1 Ensure AIDE is installedUnixCIS CentOS 6 Server L1 v3.0.0
1.3.1 Ensure AIDE is installedUnixCIS Amazon Linux v2.1.0 L1
1.3.1 Ensure AIDE is installedUnixCIS Amazon Linux 2 STIG v1.0.0 L1
1.10.1 Ensure 'logging' is enabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.5 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.5 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.10.6 Ensure 'logging with timestamps' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.7 Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.8 Ensure 'logging buffered severity level' is greater than or equal to '3'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.9 Ensure 'logging trap severity level' is greater than or equal to '5'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0