800-53|AU-9

Title

PROTECTION OF AUDIT INFORMATION

Description

The information system protects audit information and audit tools from unauthorized access, modification, and deletion.

Supplemental

Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity. This control focuses on technical protection of audit information. Physical protection of audit information is addressed by media protection controls and physical and environmental protection controls.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-3,AC-6,MP-2,MP-4,PE-2,PE-3,PE-6

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS CentOS Linux 8 Server L2 v1.0.0
1.1.11 Ensure separate partition exists for /var/log	Unix	CIS CentOS Linux 8 Workstation L2 v1.0.0
1.1.11 Ensure separate partition exists for /var/log/audit	Unix	CIS Ubuntu Linux 16.04 LTS Workstation L2 v1.1.0
1.1.11 Ensure separate partition exists for /var/log/audit	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.1.11 Ensure separate partition exists for /var/log/audit	Unix	CIS Debian 8 Server L2 v2.0.1
1.1.11 Ensure separate partition exists for /var/log/audit	Unix	CIS Debian 8 Workstation L2 v2.0.1
1.1.11 Ensure separate partition exists for /var/log/audit	Unix	CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.1.11 Ensure separate partition exists for /var/log/audit	Unix	CIS Ubuntu Linux 16.04 LTS Server L2 v1.1.0
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS Debian 9 Workstation L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS Oracle Linux 6 Workstation L2 v1.1.0
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS Debian 9 Server L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS CentOS 6 Workstation L2 v2.1.0
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS Ubuntu Linux 18.04 LTS Server L2 v2.0.1
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS Oracle Linux 8 Workstation L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS CentOS Linux 8 Server L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L2 v2.0.1
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS Red Hat EL8 Workstation L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS CentOS Linux 8 Workstation L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS Red Hat EL8 Server L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS CentOS 6 Server L2 v2.1.0
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS Oracle Linux 6 Server L2 v1.1.0
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS Oracle Linux 8 Server L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS Red Hat 6 Server L2 v2.1.0
1.1.12 Ensure separate partition exists for /var/log/audit	Unix	CIS Red Hat 6 Workstation L2 v2.1.0
1.1.13 Ensure separate partition exists for /var/log/audit	Unix	CIS Amazon Linux 2 STIG v1.0.0 L2
1.1.15 Ensure separate partition exists for /var/log	Unix	CIS Oracle Linux 7 Server L2 v3.0.0
1.1.15 Ensure separate partition exists for /var/log	Unix	CIS Oracle Linux 7 Workstation L2 v3.0.0
1.1.15 Ensure separate partition exists for /var/log	Unix	CIS Red Hat EL7 Server L2 v3.0.1
1.1.15 Ensure separate partition exists for /var/log	Unix	CIS Red Hat EL7 Workstation L2 v3.0.1
1.1.15 Ensure separate partition exists for /var/log	Unix	CIS Distribution Independent Linux Workstation L2 v1.1.0
1.1.15 Ensure separate partition exists for /var/log	Unix	CIS Distribution Independent Linux Server L2 v1.1.0
1.1.16 Ensure separate partition exists for /var/log/audit	Unix	CIS Red Hat EL7 Workstation L2 v3.0.1
1.1.16 Ensure separate partition exists for /var/log/audit	Unix	CIS Ubuntu Linux 20.04 LTS Workstation L2 v1.0.0
1.1.16 Ensure separate partition exists for /var/log/audit	Unix	CIS SUSE Linux Enterprise 15 Workstation L2 v1.0.0
1.1.16 Ensure separate partition exists for /var/log/audit	Unix	CIS Ubuntu Linux 20.04 LTS Server L2 v1.0.0
1.1.16 Ensure separate partition exists for /var/log/audit	Unix	CIS Distribution Independent Linux Workstation L2 v1.1.0
1.1.16 Ensure separate partition exists for /var/log/audit	Unix	CIS SUSE Linux Enterprise 15 Server L2 v1.0.0
1.1.16 Ensure separate partition exists for /var/log/audit	Unix	CIS Oracle Linux 7 Workstation L2 v3.0.0
1.1.16 Ensure separate partition exists for /var/log/audit	Unix	CIS Distribution Independent Linux Server L2 v1.1.0
1.1.16 Ensure separate partition exists for /var/log/audit	Unix	CIS Oracle Linux 7 Server L2 v3.0.0
1.1.16 Ensure separate partition exists for /var/log/audit	Unix	CIS Red Hat EL7 Server L2 v3.0.1
1.10.4 Ensure 'syslog hosts' is configured correctly	Cisco	CIS Cisco Firewall ASA 8 L1 v4.1.0
1.10.4 Ensure 'syslog hosts' is configured correctly	Cisco	CIS Cisco Firewall v8.x L1 v4.2.0
1.10.4 Ensure 'syslog hosts' is configured correctly	Cisco	CIS Cisco Firewall ASA 9 L1 v4.0.0
1.14 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.15 Ensure IAM Users Receive Permissions Only Through Groups	amazon_aws	CIS Amazon Web Services Foundations L1 3.0.0
1.15 Ensure that 'Guest invite restrictions' is set to 'Only users assigned to specific admin roles can invite guest users'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L2
1.16 Ensure That 'Restrict access to Microsoft Entra admin center' is Set to 'Yes'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.17 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L2
1.18 Ensure IAM instance roles are used for AWS resource access from instances	amazon_aws	CIS Amazon Web Services Foundations L2 3.0.0

Detections

Analytics