800-53|AU-7

Title

AUDIT REDUCTION AND REPORT GENERATION

Description

The information system provides an audit reduction and report generation capability that:

Supplemental

Audit reduction is a process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts. Audit reduction and report generation capabilities do not always emanate from the same information system or from the same organizational entities conducting auditing activities. Audit reduction capability can include, for example, modern data mining techniques with advanced data filters to identify anomalous behavior in audit records. The report generation capability provided by the information system can generate customizable reports. Time ordering of audit records can be a significant issue if the granularity of the timestamp in the record is insufficient.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AU-6

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P2

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.3 Ensure auditing is configured for the Docker daemon	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.3 Ensure auditing is configured for the Docker daemon	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerd	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerd	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.4.1 exec accounting	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.2 command accounting	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.3 network accounting	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.4 system accounting	Cisco	CIS Cisco IOS XR 7.x v1.0.0 L1
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/docker	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/docker	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/docker	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/docker	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.6 Set 'aaa accounting' to log all privileged use commands using 'commands 15'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
1.1.6 Set 'aaa accounting' to log all privileged use commands using 'commands 15'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
1.1.7 Ensure auditing is configured for Docker files and directories - docker.service	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sock	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.8 Set 'aaa accounting exec'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
1.1.8 Set 'aaa accounting exec'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
1.1.9 Ensure auditing is configured for Docker files and directories - docker.sock	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.9 Set 'aaa accounting exec'	Cisco	CIS Cisco IOS 15 L2 v4.1.1
1.1.9 Set 'aaa accounting network'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
1.1.9 Set 'aaa accounting network'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/docker	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.10 Set 'aaa accounting network'	Cisco	CIS Cisco IOS 15 L2 v4.1.1
1.1.10 Set 'aaa accounting system'	Cisco	CIS Cisco IOS XE 17.x v2.1.0 L2
1.1.10 Set 'aaa accounting system'	Cisco	CIS Cisco IOS XE 16.x v2.1.0 L2
1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.11 Set 'aaa accounting system'	Cisco	CIS Cisco IOS 15 L2 v4.1.1
1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.toml	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runc	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.2.1 Ensure dm-verity is enabled	Unix	CIS Google Container-Optimized OS v1.2.0 L1 Server
1.2.2 Ensure filesystem integrity is regularly checked	Unix	CIS Debian 10 Server L1 v2.0.0
1.2.2 Ensure filesystem integrity is regularly checked	Unix	CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server
1.2.2 Ensure filesystem integrity is regularly checked	Unix	CIS Debian 10 Workstation L1 v2.0.0
1.2.16 Ensure that the --audit-log-path argument is set	Unix	CIS Kubernetes v1.10.0 L1 Master
1.2.18 Ensure that the --audit-log-path argument is set	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.18 Ensure that the --audit-log-path argument is set	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.10.1 Ensure 'logging' is enabled	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.2 Ensure 'logging to monitor' is disabled	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.3 Ensure 'syslog hosts' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.4 Ensure 'logging with the device ID' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.6 Ensure 'logging with timestamps' is enabled	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.7 Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.8 Ensure 'logging buffered severity level' is greater than or equal to '3'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.9 Ensure 'logging trap severity level' is greater than or equal to '5'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0

Detections

Analytics