CCI|CCI-000171

Title

The information system allows organization-defined personnel or roles to select which auditable events are to be audited by specific components of the information system.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2009

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AIX7-00-002200 - The AIX audit configuration files must be owned by root.	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002200 - The AIX audit configuration files must be owned by root.	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-002200 - The AIX audit configuration files must be owned by root.	Unix	DISA STIG AIX 7.x v2r8
AIX7-00-002200 - The AIX audit configuration files must be owned by root.	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002200 - The AIX audit configuration files must be owned by root.	Unix	DISA STIG AIX 7.x v2r5
AIX7-00-002200 - The AIX audit configuration files must be owned by root.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-002201 - The AIX audit configuration files must be group-owned by audit.	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-002201 - The AIX audit configuration files must be group-owned by audit.	Unix	DISA STIG AIX 7.x v2r5
AIX7-00-002201 - The AIX audit configuration files must be group-owned by audit.	Unix	DISA STIG AIX 7.x v2r8
AIX7-00-002201 - The AIX audit configuration files must be group-owned by audit.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-002201 - The AIX audit configuration files must be group-owned by audit.	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002201 - The AIX audit configuration files must be group-owned by audit.	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002202 - The AIX audit configuration files must be set to 640 or less permissive.	Unix	DISA STIG AIX 7.x v2r8
AIX7-00-002202 - The AIX audit configuration files must be set to 640 or less permissive.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-002202 - The AIX audit configuration files must be set to 640 or less permissive.	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002202 - The AIX audit configuration files must be set to 640 or less permissive.	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002202 - The AIX audit configuration files must be set to 640 or less permissive.	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-002202 - The AIX audit configuration files must be set to 640 or less permissive.	Unix	DISA STIG AIX 7.x v2r5
APPL-14-001110 - The macOS system must configure audit_control group to wheel.	Unix	DISA Apple macOS 14 (Sonoma) STIG v1r2
APPL-14-001120 - The macOS system must configure audit_control owner to root.	Unix	DISA Apple macOS 14 (Sonoma) STIG v1r2
APPL-14-001130 - The macOS system must configure audit_control to mode 440 or less permissive.	Unix	DISA Apple macOS 14 (Sonoma) STIG v1r2
APPL-14-001140 - The macOS system must configure audit_control to not contain access control lists.	Unix	DISA Apple macOS 14 (Sonoma) STIG v1r2
Big Sur - Only allow authorized users to select auditable events	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Only allow authorized users to select auditable events	Unix	NIST macOS Catalina v1.5.0 - All Profiles
DB2X-00-000700 - DB2 must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v2r1 Database
DB2X-00-000700 - DB2 must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - DBAUTH	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v1r4 Database
DB2X-00-000700 - DB2 must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - SYSADM_GROUP	IBM_DB2DB	DISA STIG IBM DB2 v10.5 LUW v1r4 Database
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker paths	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v2r1
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker services	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v2r1
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set. - docker paths	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v1r1
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set. - docker services	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v1r1
DKER-EE-001370 - log-opts on all Docker Engine - Enterprise nodes must be configured.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v1r1
DKER-EE-001370 - log-opts on all Docker Engine - Enterprise nodes must be configured.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v2r1
EP11-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - data dir	Windows	EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r2
EP11-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - data dir	Windows	EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r1
EP11-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - data\*	Windows	EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r1
EP11-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - data\*	Windows	EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r2
EP11-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - postgresql.conf	Windows	EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r1
EP11-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - postgresql.conf	Windows	EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r2
EP11-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.	Windows	EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r3
EP11-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. - data dir	Windows	EDB PostgreSQL Advanced Server v11 Windows OS Audit v1r1
EP11-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. - data\*	Windows	EDB PostgreSQL Advanced Server v11 Windows OS Audit v1r1
EP11-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. - postgresql.conf	Windows	EDB PostgreSQL Advanced Server v11 Windows OS Audit v1r1
EPAS-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.	Unix	EnterpriseDB PostgreSQL Advanced Server OS Linux v1r1
ESXI-06-100030 - The VMM must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.	VMware	DISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-06-100030 - The VMM must allow only the ISSM to select which auditable events are to be audited.	VMware	DISA STIG VMware vSphere 6.x ESXi v1r4
ESXI-67-000030 - The ESXi host must produce audit records containing information to establish what type of events occurred.	VMware	DISA STIG VMware vSphere 6.7 ESXi v1r2
ESXI-67-000030 - The ESXi host must produce audit records containing information to establish what type of events occurred.	VMware	DISA STIG VMware vSphere 6.7 ESXi v1r1
ESXI-67-000030 - The ESXi host must produce audit records containing information to establish what type of events occurred.	VMware	DISA STIG VMware vSphere 6.7 ESXi v1r3
ESXI-70-000030 - The ESXi host must produce audit records containing information to establish what type of events occurred.	VMware	DISA STIG VMware vSphere 7.0 ESXi v1r2

Detections

Analytics

CCI|CCI-000171

Title

Reference Item Details

Audit Items