800-53|AU-6

Title

AUDIT REVIEW, ANALYSIS, AND REPORTING

Description

The organization:

Supplemental

Audit review, analysis, and reporting covers information security-related auditing performed by organizations including, for example, auditing that results from monitoring of account usage, remote access, wireless connectivity, mobile device connection, configuration settings, system component inventory, use of maintenance tools and nonlocal maintenance, physical access, temperature and humidity, equipment delivery and removal, communications at the information system boundaries, use of mobile code, and use of VoIP. Findings can be reported to organizational entities that include, for example, incident response team, help desk, information security group/department. If organizations are prohibited from reviewing and analyzing audit information or unable to conduct such activities (e.g., in certain national security applications or systems), the review/analysis may be carried out by other organizations granted such authority.

Reference Item Details

Related: AC-17,AC-2,AC-3,AC-6,AT-3,AU-16,AU-7,CA-7,CM-10,CM-11,CM-5,IA-3,IA-5,IR-5,IR-6,MA-4,MP-4,PE-14,PE-16,PE-3,PE-6,RA-5,SC-18,SC-19,SC-7,SI-3,SI-4,SI-7

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.2 Configure IP Blocking on Failed LoginsCiscoCIS Cisco NX-OS v1.2.0 L1
1.2.15 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes v2.0.1 L1 Master Node
1.2.17 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.17 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.20 Ensure that the --profiling argument is set to falseUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.4.3 SNMP TrapsArubaOSCIS HPE Aruba Networking CX Switch v1.0.1 L2
1.4.3 SNMP TrapsArubaOSCIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations
1.4.4 Set IP address for 'logging host'CiscoCIS Cisco IOS XR 7.x v1.0.1 L1
1.5.3 Configure Netflow on Strategic PortsCiscoCIS Cisco NX-OS v1.2.0 L2
1.7 Ensure logging data is monitoredJuniperCIS Juniper OS Benchmark v2.1.0 L1
1.7 EX19-ED-000040WindowsCIS Microsoft Exchange 2019 Edge Server STIG v1.0.0 CAT II
1.10.10 Ensure email logging is configured for critical to emergencyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.13 UBTU-24-100400UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.14 UBTU-24-100410UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.15 EX19-MB-000048WindowsCIS Microsoft Exchange 2019 Mailbox Server STIG v1.0.0 CAT II
1.24 AZLX-23-001025UnixCIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.25 AZLX-23-001030UnixCIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.27 AZLX-23-001040UnixCIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.55 RHEL-10-200640UnixCIS Red Hat Enterprise Linux 10 STIG v1.0.0 CAT II
1.65 RHEL-10-200660UnixCIS Red Hat Enterprise Linux 10 STIG v1.0.0 CAT II
1.66 RHEL-10-200661UnixCIS Red Hat Enterprise Linux 10 STIG v1.0.0 CAT II
1.73 OL09-00-000350UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.84 OL09-00-000440UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.85 OL09-00-000441UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.108 SLES-15-030050UnixCIS SUSE Linux Enterprise Server 15 STIG v1.0.0 CAT II
1.119 UBTU-22-653010UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.120 UBTU-22-653015UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.138 APPL-26-005001UnixCIS Apple macOS 26 Tahoe STIG v1.0.0 CAT I
1.139 APPL-14-005001UnixCIS Apple macOS 14 Sonoma STIG v1.0.0 CAT I
1.147 OL09-00-000775UnixCIS Oracle Linux 9 STIG v1.0.0 CAT II
1.181 RHEL-10-500125UnixCIS Red Hat Enterprise Linux 10 STIG v1.0.0 CAT II
1.229 OL08-00-030180UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.230 OL08-00-030181UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.357 RHEL-09-652010UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.361 ALMA-09-047100UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT II
1.367 RHEL-09-653010UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.368 RHEL-09-653015UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.384 RHEL-09-653095UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.424 ALMA-09-054690UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT II
1.425 ALMA-09-054910UnixCIS Cloud Linux AlmaLinux OS 9 STIG v1.0.0 CAT II
2.1 Ensure monitoring and alerting exist for ACCOUNTADMIN and SECURITYADMIN role grantsSnowflakeCIS Snowflake Foundations v1.0.0 L1
2.1 Ensure That Cloud Audit Logging Is Configured ProperlyGCPCIS Google Cloud Platform Foundation v5.0.0 L1
2.1.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1
2.1.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1
2.1.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1
2.12.8 - Miscellaneous Config - enable sar accounting - 'activity reports are generated every 20 minutes or less on weekday 8a-5p'UnixCIS AIX 5.3/6.1 L2 v1.1.0
2.12.8 - Miscellaneous Config - enable sar accounting - 'activity reports are generated hourly on weekday 6p-7a'UnixCIS AIX 5.3/6.1 L2 v1.1.0
2.12.8 - Miscellaneous Config - enable sar accounting - 'activity reports are generated hourly on weekends'UnixCIS AIX 5.3/6.1 L2 v1.1.0
2.12.8 - Miscellaneous Config - enable sar accounting - 'daily summaries are being prepared'UnixCIS AIX 5.3/6.1 L2 v1.1.0
2.13 Ensure That Cloud DNS Logging Is Enabled for All VPC NetworksGCPCIS Google Cloud Platform Foundation v5.0.0 L1