CCI|CCI-000163

Title

Protect audit information from unauthorized modification.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.001 - Permissions for event logs must conform to minimum requirements - application.evtxWindowsDISA Windows Vista STIG v6r41
2.001 - Permissions for event logs must conform to minimum requirements - security.evtxWindowsDISA Windows Vista STIG v6r41
2.001 - Permissions for event logs must conform to minimum requirements - system.evtxWindowsDISA Windows Vista STIG v6r41
4.1.4.1 Ensure Audit logs are owned by root and mode 0600 or less permissiveUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-002013 - Audit logs on the AIX system must be owned by root.UnixDISA STIG AIX 7.x v3r1
AIX7-00-002014 - Audit logs on the AIX system must be group-owned by system.UnixDISA STIG AIX 7.x v3r1
AIX7-00-002015 - Audit logs on the AIX system must be set to 660 or less permissive.UnixDISA STIG AIX 7.x v3r1
AOSX-13-000336 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.UnixDISA STIG Apple macOS 11 v1r8
APPL-12-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.UnixDISA STIG Apple macOS 13 v1r4
APPL-14-000030 - The macOS system must configure audit log files to not contain access control lists.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-000031 - The macOS system must configure audit log folders to not contain access control lists.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001012 - The macOS system must configure audit log files to be owned by root.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001013 - The macOS system must configure audit log folders to be owned by root.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001014 - The macOS system must configure audit log files group to wheel.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001015 - The macOS system must configure audit log folders group to wheel.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001016 - The macOS system must configure audit log files to mode 440 or less permissive.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001017 - The macOS system must configure audit log folders to mode 700 or less permissive.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001020 - The macOS system must be configured to audit all deletions of object attributes.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001021 - The macOS system must be configured to audit all changes of object attributes.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001110 - The macOS system must configure audit_control group to wheel.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001120 - The macOS system must configure audit_control owner to root.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001130 - The macOS system must configure audit_control to mode 440 or less permissive.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-001140 - The macOS system must configure audit_control to not contain access control lists.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-005001 - The macOS system must ensure System Integrity Protection is enabled.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-000030 - The macOS system must configure audit log files to not contain access control lists (ACLs).UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-000031 - The macOS system must configure the audit log folder to not contain access control lists (ACLs).UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-001012 - The macOS system must configure audit log files to be owned by root.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-001013 - The macOS system must configure audit log folders to be owned by root.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-001014 - The macOS system must configure the audit log files group to wheel.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-001015 - The macOS system must configure the audit log folders group to wheel.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-001016 - The macOS system must configure audit log files to mode 440 or less permissive.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-001017 - The macOS system must configure audit log folders to mode 700 or less permissive.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-001020 - The macOS system must be configured to audit all deletions of object attributes.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-001021 - The macOS system must be configured to audit all changes of object attributes.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-001022 - The macOS system must be configured to audit all failed read actions on the system.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-001023 - The macOS system must be configured to audit all failed write actions on the system.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-001110 - The macOS system must configure audit_control group to wheel.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-001120 - The macOS system must configure audit_control owner to root.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-001130 - The macOS system must configure audit_control owner to mode 440 or less permissive.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-001140 - The macOS system must configure audit_control to not contain access control lists (ACLs).UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-005001 - The macOS system must ensure System Integrity Protection is enabled.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
ARST-ND-000850 - The Arista network Arista device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.AristaDISA STIG Arista MLS EOS 4.2x NDM v2r1
AS24-U1-000190 - The log information from the Apache web server must be protected from unauthorized modification or deletion.UnixDISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000190 - The log information from the Apache web server must be protected from unauthorized modification or deletion.UnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-W1-000200 - The log information from the Apache web server must be protected from unauthorized deletion and modification.WindowsDISA STIG Apache Server 2.4 Windows Server v3r1