800-53|AU-7

Title

AUDIT REDUCTION AND REPORT GENERATION

Description

The information system provides an audit reduction and report generation capability that:

Supplemental

Audit reduction is a process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts. Audit reduction and report generation capabilities do not always emanate from the same information system or from the same organizational entities conducting auditing activities. Audit reduction capability can include, for example, modern data mining techniques with advanced data filters to identify anomalous behavior in audit records. The report generation capability provided by the information system can generate customizable reports. Time ordering of audit records can be a significant issue if the granularity of the timestamp in the record is insufficient.

Reference Item Details

Related: AU-6

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P2

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3 Ensure auditing is configured for the Docker daemonUnixCIS Docker v1.7.0 L1 Docker - Linux
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerdUnixCIS Docker v1.7.0 L1 Docker - Linux
1.1.4.1 exec accountingCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.2 command accountingCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.3 network accountingCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.4.4 system accountingCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/dockerUnixCIS Docker v1.7.0 L1 Docker - Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/dockerUnixCIS Docker v1.7.0 L1 Docker - Linux
1.1.6 Set 'aaa accounting' to log all privileged use commands using 'commands 15'CiscoCIS Cisco IOS XE 16.x v2.1.0 L2
1.1.6 Set 'aaa accounting' to log all privileged use commands using 'commands 15'CiscoCIS Cisco IOS XE 17.x v2.1.0 L2
1.1.7 Ensure auditing is configured for Docker files and directories - docker.serviceUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sockUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.8 Set 'aaa accounting exec'CiscoCIS Cisco IOS XE 16.x v2.1.0 L2
1.1.8 Set 'aaa accounting exec'CiscoCIS Cisco IOS XE 17.x v2.1.0 L2
1.1.9 Ensure auditing is configured for Docker files and directories - docker.sockUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.9 Set 'aaa accounting exec'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.1.9 Set 'aaa accounting network'CiscoCIS Cisco IOS XE 16.x v2.1.0 L2
1.1.9 Set 'aaa accounting network'CiscoCIS Cisco IOS XE 17.x v2.1.0 L2
1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/dockerUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.10 Set 'aaa accounting network'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.1.10 Set 'aaa accounting system'CiscoCIS Cisco IOS XE 17.x v2.1.0 L2
1.1.10 Set 'aaa accounting system'CiscoCIS Cisco IOS XE 16.x v2.1.0 L2
1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.jsonUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.11 Set 'aaa accounting system'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.tomlUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/dockerUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerdUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shimUnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1UnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2UnixCIS Docker v1.7.0 L2 Docker - Linux
1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runcUnixCIS Docker v1.7.0 L2 Docker - Linux
1.2.1 Ensure dm-verity is enabledUnixCIS Google Container-Optimized OS v1.2.0 L1 Server
1.2.2 Configure IP Blocking on Failed LoginsCiscoCIS Cisco NX-OS L1 v1.1.0
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Debian 10 Server L1 v2.0.0
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Debian 10 Workstation L1 v2.0.0
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation
1.2.16 Ensure that the --audit-log-path argument is setUnixCIS Kubernetes v1.10.0 L1 Master
1.2.18 Ensure that the --audit-log-path argument is setUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.18 Ensure that the --audit-log-path argument is setUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.10.1 Ensure 'logging' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.2 Ensure 'logging to monitor' is disabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.3 Ensure 'syslog hosts' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.4 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.6 Ensure 'logging with timestamps' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.7 Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.8 Ensure 'logging buffered severity level' is greater than or equal to '3'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.9 Ensure 'logging trap severity level' is greater than or equal to '5'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0