800-53|AU-6(3)

Title

CORRELATE AUDIT REPOSITORIES

Description

The organization analyzes and correlates audit records across different repositories to gain organization-wide situational awareness.

Supplemental

Organization-wide situational awareness includes awareness across all three tiers of risk management (i.e., organizational, mission/business process, and information system) and supports cross-organization awareness.

Reference Item Details

Related: AU-12,IR-4

Category: AUDIT AND ACCOUNTABILITY

Parent Title: AUDIT REVIEW, ANALYSIS, AND REPORTING

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.2 Configure IP Blocking on Failed LoginsCiscoCIS Cisco NX-OS L1 v1.1.0
1.10.10 Ensure email logging is configured for critical to emergencyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 15 L1 v4.1.1
2.13 Ensure centralized and remote logging is configuredUnixCIS Docker v1.7.0 L2 Docker - Linux
3.1 (L1) Ensure a centralized location is configured to collect ESXi host core dumpsUnixCIS VMware ESXi 7.0 v1.4.0 L1 Bare Metal
3.1 Ensure a centralized location is configured to collect ESXi host core dumpsUnixCIS VMware ESXi 6.7 v1.3.0 Level 1 Bare Metal
3.3 (L1) Ensure remote logging is configured for ESXi hostsVMwareCIS VMware ESXi 7.0 v1.4.0 L1
3.3 Ensure remote logging is configured for ESXi hostsVMwareCIS VMware ESXi 6.7 v1.3.0 Level 1
3.5 Ensure error logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.1.0 L2 Webserver
3.5 Ensure error logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.1.0 L2 Loadbalancer
3.5 Ensure error logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.1.0 L2 Proxy
3.6 Ensure access logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.1.0 L2 Loadbalancer
3.6 Ensure access logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.1.0 L2 Proxy
3.6 Ensure access logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.1.0 L2 Webserver
4.2 (L1) Host must transmit system logs to a remote log collectorVMwareCIS VMware ESXi 8.0 v1.1.0 L1
4.2.1.3 Ensure journald is configured to send logs to rsyslogUnixCIS CentOS Linux 8 Workstation L1 v2.0.0
4.2.1.3 Ensure journald is configured to send logs to rsyslogUnixCIS Debian Family Server L1 v1.0.0
4.2.1.3 Ensure journald is configured to send logs to rsyslogUnixCIS Fedora 28 Family Linux Server L1 v2.0.0
4.2.1.3 Ensure journald is configured to send logs to rsyslogUnixCIS Fedora 28 Family Linux Workstation L1 v2.0.0
4.2.1.3 Ensure journald is configured to send logs to rsyslogUnixCIS CentOS Linux 8 Server L1 v2.0.0
4.2.1.3 Ensure journald is configured to send logs to rsyslogUnixCIS Debian Family Workstation L1 v1.0.0
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
4.2.1.4 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise 15 Server L1 v1.1.1
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise 12 v3.1.0 L1 Server
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise 12 v3.1.0 L1 Workstation
4.2.1.5 Ensure rsyslog is configured to send logs to a remote log hostUnixCIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS SUSE Linux Enterprise 15 Server L1 v1.1.1
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS SUSE Linux Enterprise 12 v3.1.0 L1 Workstation
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS SUSE Linux Enterprise 12 v3.1.0 L1 Server
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
4.2.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - destination logserverUnixCIS Debian 8 Server L1 v2.0.2
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - destination logserverUnixCIS Debian 8 Workstation L1 v2.0.2
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - log srcUnixCIS Debian 8 Workstation L1 v2.0.2
4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - log srcUnixCIS Debian 8 Server L1 v2.0.2
4.2.2.5 Ensure journald is not configured to send logs to rsyslogUnixCIS CentOS Linux 8 Workstation L1 v2.0.0
4.2.2.5 Ensure journald is not configured to send logs to rsyslogUnixCIS Fedora 28 Family Linux Server L1 v2.0.0
4.2.2.5 Ensure journald is not configured to send logs to rsyslogUnixCIS Fedora 28 Family Linux Workstation L1 v2.0.0
4.2.2.5 Ensure journald is not configured to send logs to rsyslogUnixCIS CentOS Linux 8 Server L1 v2.0.0
4.2.2.5 Ensure remote syslog-ng messages are only accepted on designated log hostsUnixCIS Debian 8 Workstation L1 v2.0.2
20.13 Ensure 'Audit records must be backed up to a different system or media than the system being audited'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS
20.13 Ensure 'Audit records must be backed up to a different system or media than the system being audited'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
20.13 Ensure 'Audit records must be backed up to a different system or media than the system being audited'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS
20.13 Ensure 'Audit records must be backed up to a different system or media than the system being audited'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
20.39 Ensure 'Off-load of audit records of interconnected systems in real time and off-load standalone systems weekly'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS
20.39 Ensure 'Off-load of audit records of interconnected systems in real time and off-load standalone systems weekly'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
20.39 Ensure 'Off-load of audit records of interconnected systems in real time and off-load standalone systems weekly'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
20.39 Ensure 'Off-load of audit records of interconnected systems in real time and off-load standalone systems weekly'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS