800-53|AU-3(1)

Title

ADDITIONAL AUDIT INFORMATION

Description

The information system generates audit records containing the following additional information: [Assignment: organization-defined additional, more detailed information].

Supplemental

Detailed information that organizations may consider in audit records includes, for example, full text recording of privileged commands or the individual identities of group account users. Organizations consider limiting the additional audit information to only that information explicitly needed for specific audit requirements. This facilitates the use of audit trails and audit logs by not including information that could potentially be misleading or could make it more difficult to locate information of interest.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: AUDIT AND ACCOUNTABILITY

Parent Title: CONTENT OF AUDIT RECORDS

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerd	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerd	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/docker	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/docker	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/docker	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/docker	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.7 Ensure auditing is configured for Docker files and directories - docker.service	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sock	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.9 Ensure auditing is configured for Docker files and directories - docker.sock	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/docker	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.toml	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runc	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.2.1 Ensure dm-verity is enabled	Unix	CIS Google Container-Optimized OS v1.2.0 L1 Server
1.2.2 Ensure filesystem integrity is regularly checked	Unix	CIS Debian 10 Server L1 v2.0.0
1.2.2 Ensure filesystem integrity is regularly checked	Unix	CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server
1.2.2 Ensure filesystem integrity is regularly checked	Unix	CIS Debian 10 Workstation L1 v2.0.0
1.2.2 Ensure filesystem integrity is regularly checked	Unix	CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation
1.2.2 Ensure filesystem integrity is regularly checked	Unix	CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1
1.2.2 Ensure filesystem integrity is regularly checked	Unix	CIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1
1.2.20 Ensure that the --audit-log-path argument is set	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.3.3 Ensure sudo log file exists	Unix	CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
1.3.3 Ensure sudo log file exists	Unix	CIS SUSE Linux Enterprise 12 v3.1.0 L1 Workstation
1.3.3 Ensure sudo log file exists	Unix	CIS SUSE Linux Enterprise 15 Server L1 v1.1.1
1.3.3 Ensure sudo log file exists	Unix	CIS SUSE Linux Enterprise 12 v3.1.0 L1 Server
1.4.1 Enable logging	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.4.2 Set 'buffer size'	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.4.3 Set 'logging console critical'	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.4.5 Set 'logging trap informational'	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.4.6 Set logging timestamps	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.4.7 Set 'logging source interface'	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.6.1 Ensure Syslog Logging is configured	Cisco	CIS Cisco NX-OS L2 v1.1.0
1.6.4 Configure Logging Timestamps	Cisco	CIS Cisco NX-OS L1 v1.1.0
1.10.6 Ensure 'logging with timestamps' is enabled	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.7 Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.8 Ensure 'logging buffered severity level' is greater than or equal to '3'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.9 Ensure 'logging trap severity level' is greater than or equal to '5'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production	Unix	CIS Apache Tomcat 10 L1 v1.1.0
10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production	Unix	CIS Apache Tomcat 9 L1 v1.2.0
10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production - context.xml	Unix	CIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production - context.xml	Unix	CIS Apache Tomcat 10 L1 v1.1.0 Middleware
10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production - web.xml	Unix	CIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production - web.xml	Unix	CIS Apache Tomcat 10 L1 v1.1.0 Middleware
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'	Windows	CIS Windows Server 2012 R2 DC L1 v3.0.0
17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS

Detections

Analytics