800-53|AU-3(2)

Title

CENTRALIZED MANAGEMENT OF PLANNED AUDIT RECORD CONTENT

Description

The information system provides centralized management and configuration of the content to be captured in audit records generated by [Assignment: organization-defined information system components].

Supplemental

This control enhancement requires that the content to be captured in audit records be configured from a central location (necessitating automation). Organizations coordinate the selection of required audit content to support the centralized management and configuration capability provided by the information system.

Reference Item Details

Related: AU-6,AU-7

Category: AUDIT AND ACCOUNTABILITY

Parent Title: CONTENT OF AUDIT RECORDS

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 12 L1 v4.0.0
AS24-W1-000700 - An Apache web server that is part of a web server cluster must route all remote management through a centrally managed access control point - mod_proxyWindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000700 - An Apache web server that is part of a web server cluster must route all remote management through a centrally managed access control point - ProxyPassWindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W1-000700 - An Apache web server that is part of a web server cluster must route all remote management through a centrally managed access control point - ProxyPassWindowsDISA STIG Apache Server 2.4 Windows Server v2r1
AS24-W1-000700 - An Apache web server that is part of a web server cluster must route all remote management through a centrally managed access control point - ProxyPassWindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000560 - The Apache web server must be configured to provide clustering - mod_proxyWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000560 - The Apache web server must be configured to provide clustering - ProxyPassWindowsDISA STIG Apache Server 2.4 Windows Site v1r3
AS24-W2-000560 - The Apache web server must be configured to provide clustering - ProxyPassWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
DB2X-00-007300 - DB2 must utilize centralized management of the content captured in audit records generated by all components of DB2.UnixDISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DB2X-00-007300 - DB2 must utilize centralized management of the content captured in audit records generated by all components of DB2.UnixDISA STIG IBM DB2 v10.5 LUW v1r4 OS Linux
DB2X-00-007300 - DB2 must utilize centralized management of the content captured in audit records generated by all components of DB2.WindowsDISA STIG IBM DB2 v10.5 LUW v1r4 OS Windows
DB2X-00-007300 - DB2 must utilize centralized management of the content captured in audit records generated by all components of DB2.WindowsDISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
EP11-00-007700 - The EDB Postgres Advanced Server must utilize centralized management of the content captured in audit records generated by all components of the EDB Postgres Advanced Server.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r4
EP11-00-007800 - The EDB Postgres Advanced Server must provide centralized configuration of the content to be captured in audit records generated by all components of the EDB Postgres Advanced Server.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r4
GEN002870 - The system must be configured to send audit records to a remote audit server - '/boot/grub/grub.conf audit=1'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/audisp/plugins.d/syslog.conf active=yes'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/rsyslog.conf contains *.* @<server>'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/security/audit/config streammode=on'UnixDISA STIG AIX 5.3 v1r2
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/security/audit/config streammode=on'UnixDISA STIG AIX 6.1 v1r14
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/security/audit/streamcmds is configured'UnixDISA STIG AIX 5.3 v1r2
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/security/audit/streamcmds is configured'UnixDISA STIG AIX 6.1 v1r14
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/syslog.conf contains *.* @<server>'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/syslog.conf has been configured'UnixDISA STIG AIX 6.1 v1r14
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/syslog.conf has been configured'UnixDISA STIG AIX 5.3 v1r2
GEN002870 - The system must be configured to send audit/system records to a remote audit server - '/boot/grub/grub.conf audit=1'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002870 - The system must be configured to send audit/system records to a remote audit server - '/etc/audisp/plugins.d/syslog.conf active=yes'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002870 - The system must be configured to send audit/system records to a remote audit server - 'contains *.* @<server>'UnixDISA STIG for Oracle Linux 5 v2r1
GEN005450 - The system must use a remote syslog server (log host).UnixDISA STIG AIX 6.1 v1r14
GEN005450 - The system must use a remote syslog server (log host).UnixDISA STIG AIX 5.3 v1r2
GEN005450 - The system must use a remote syslog server (loghost) - rsyslog.confUnixDISA STIG for Oracle Linux 5 v2r1
GEN005450 - The system must use a remote syslog server (loghost) - rsyslog.confUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN005450 - The system must use a remote syslog server (loghost) - syslog.confUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN005450 - The system must use a remote syslog server (loghost) - syslog.confUnixDISA STIG for Oracle Linux 5 v2r1
MADB-10-007100 - MariaDB must utilize centralized management of the content captured in audit records generated by all components of the DBMS.MySQLDBDISA MariaDB Enterprise 10.x v2r1 DB
MADB-10-007200 - MariaDB must provide centralized configuration of the content to be captured in audit records generated by all components of the DBMS.MySQLDBDISA MariaDB Enterprise 10.x v2r1 DB
MD3X-00-000040 - MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS
MD3X-00-000600 - MongoDB must utilize centralized management of the content captured in audit records generated by all components of MongoDB.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS
MD4X-00-000100 - MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS
MD4X-00-004800 - MongoDB must utilize centralized management of the content captured in audit records generated by all components of MongoDB.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS
PGS9-00-003800 - PostgreSQL must utilize centralized management of the content captured in audit records generated by all components of PostgreSQL.PostgreSQLDBDISA STIG PostgreSQL 9.x on RHEL DB v2r5
PPS9-00-007700 - The EDB Postgres Advanced Server must utilize centralized management of the content captured in audit records generated by all components of the EDB Postgres Advanced Server.PostgreSQLDBEDB PostgreSQL Advanced Server DB Audit v2r3
PPS9-00-007800 - The EDB Postgres Advanced Server must provide centralized configuration of the content to be captured in audit records generated by all components of the EDB Postgres Advanced Server.PostgreSQLDBEDB PostgreSQL Advanced Server DB Audit v2r3
SQL4-00-032800 - SQL Server must utilize centralized management of the content captured in audit records generated by all components of the DBMS.MS_SQLDBDISA STIG SQL Server 2014 Instance DB Audit v2r4
SYMP-AG-000210 - Symantec ProxySG must use a centralized log server.BlueCoatDISA Symantec ProxySG Benchmark ALG v1r1
SYMP-AG-000220 - Symantec ProxySG must be configured to send the access logs to the centralized log server continuously.BlueCoatDISA Symantec ProxySG Benchmark ALG v1r1
VCPG-67-000020 - VMware Postgres must have log collection enabled.UnixDISA STIG VMware vSphere 6.7 PostgreSQL v1r2
VCPG-70-000017 - VMware Postgres must have log collection enabled.UnixDISA STIG VMware vSphere 7.0 PostgreSQL v1r2