800-53|AU-3

Title

CONTENT OF AUDIT RECORDS

Description

The information system generates audit records containing information that establishes what type of event occurred, when the event occurred, where the event occurred, the source of the event, the outcome of the event, and the identity of any individuals or subjects associated with the event.

Supplemental

Audit record content that may be necessary to satisfy the requirement of this control, includes, for example, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked. Event outcomes can include indicators of event success or failure and event-specific results (e.g., the security state of the information system after the event occurred).

Reference Item Details

Related: AU-12,AU-2,AU-8,SI-11

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 SOL-11.1-010040UnixCIS Solaris 11 X86 STIG v1.0.0 CAT II
1.1 SOL-11.1-010040UnixCIS Solaris 11 SPARC STIG v1.0.0 CAT II
1.1.2 Ensure 'Enable Log on High DP Load' is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerdUnixCIS Docker v1.8.0 L1 OS Linux
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/dockerUnixCIS Docker v1.8.0 L1 OS Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/dockerUnixCIS Docker v1.8.0 L1 OS Linux
1.1.6 Set 'aaa accounting' to log all privileged use commands using 'commands 15'CiscoCIS Cisco IOS XE 17.x v2.2.1 L1
1.1.7 Ensure auditing is configured for Docker files and directories - docker.serviceUnixCIS Docker v1.8.0 L2 OS Linux
1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sockUnixCIS Docker v1.8.0 L2 OS Linux
1.1.8 Set 'aaa accounting exec'CiscoCIS Cisco IOS XE 17.x v2.2.1 L1
1.1.9 Ensure auditing is configured for Docker files and directories - docker.sockUnixCIS Docker v1.8.0 L2 OS Linux
1.1.9 Set 'aaa accounting network'CiscoCIS Cisco IOS XE 17.x v2.2.1 L1
1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/dockerUnixCIS Docker v1.8.0 L2 OS Linux
1.1.10 Set 'aaa accounting system'CiscoCIS Cisco IOS XE 17.x v2.2.1 L1
1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.jsonUnixCIS Docker v1.8.0 L2 OS Linux
1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.tomlUnixCIS Docker v1.8.0 L2 OS Linux
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/dockerUnixCIS Docker v1.8.0 L2 OS Linux
1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerdUnixCIS Docker v1.8.0 L2 OS Linux
1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shimUnixCIS Docker v1.8.0 L2 OS Linux
1.1.15 Ensure that the --audit-log-path argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1UnixCIS Docker v1.8.0 L2 OS Linux
1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2UnixCIS Docker v1.8.0 L2 OS Linux
1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runcUnixCIS Docker v1.8.0 L2 OS Linux
1.1.37 Ensure that the AdvancedAuditing argument is not set to false - AdvancedAuditingUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.37 Ensure that the AdvancedAuditing argument is not set to false - AUDIT_POLICY_FILEUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.37 Ensure that the AdvancedAuditing argument is not set to false - audit-policy-fileUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.38 Ensure that the --request-timeout argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.10 CISC-ND-000280CiscoCIS Cisco IOS Switch NDM STIG v1.1.0 CAT II
1.10 CISC-ND-000280CiscoCIS Cisco IOS XE Switch NDM STIG v1.1.0 CAT II
1.10 CISC-ND-000290CiscoCIS Cisco NX OS Switch NDM STIG v1.0.0 CAT II
1.10 MADB-10-001000MySQLDBCIS MariaDB Enterprise 10.x STIG v1.1.0 CAT II MySQLDB
1.10 PHTN-40-000019UnixCIS VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1.0.0 CAT II
1.10 SOL-11.1-010160UnixCIS Solaris 11 SPARC STIG v1.0.0 CAT II
1.10 SOL-11.1-010160UnixCIS Solaris 11 X86 STIG v1.0.0 CAT II
1.10.1 Ensure 'logging' is enabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.5 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.10.5 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.6 Ensure 'logging with timestamps' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.7 Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.8 Ensure 'logging buffered severity level' is greater than or equal to '3'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.9 Ensure 'logging trap severity level' is greater than or equal to '5'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.100 AZLX-23-002145UnixCIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.100 OL09-00-000540UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.101 AZLX-23-002150UnixCIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.101 OL09-00-000545UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.102 AZLX-23-002155UnixCIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.102 OL09-00-000550UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.103 OL09-00-000555UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.103 WN16-CC-000100WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.103 WN16-CC-000100WindowsCIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II