CCI|CCI-001851

Title

Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full.	Unix	DISA STIG AIX 7.x v3r1
AIX7-00-002131 - AIX must implement a remote syslog server that is documented using site-defined procedures.	Unix	DISA STIG AIX 7.x v3r1
AMLS-NM-000400 - The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time - logging host	Arista	DISA STIG Arista MLS DCS-7000 Series NDM v1r4
AMLS-NM-000400 - The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time - trap logging	Arista	DISA STIG Arista MLS DCS-7000 Series NDM v1r4
ARST-ND-000850 - The Arista network Arista device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.	Arista	DISA STIG Arista MLS EOS 4.2x NDM v2r1
AS24-U1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server.	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server.	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000730 - The Apache web server must be configured to integrate with an organizations security infrastructure.	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000730 - The Apache web server must be configured to integrate with an organizations security infrastructure.	Unix	DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-W1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server.	Windows	DISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server.	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000730 - The Apache web server must be configurable to integrate with an organizations security infrastructure.	Windows	DISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000730 - The Apache web server must be configurable to integrate with an organizations security infrastructure.	Windows	DISA STIG Apache Server 2.4 Windows Server v2r3
Big Sur - Off-Load Audit Records	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Off-Load Audit Records	Unix	NIST macOS Catalina v1.5.0 - All Profiles
CISC-ND-001310 - The Cisco router must be configured to off-load log records onto a different system than the system being audited.	Cisco	DISA STIG Cisco IOS-XR Router NDM v3r2
CISC-ND-001310 - The Cisco switch must be configured to off-load log records onto a different system than the system being audited.	Cisco	DISA STIG Cisco NX-OS Switch NDM v3r2
CISC-ND-001450 - The Cisco router must be configured to send log data to at least two syslog servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).	Cisco	DISA STIG Cisco IOS XE Router NDM v3r2
CISC-ND-001450 - The Cisco router must be configured to send log data to at least two syslog servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).	Cisco	DISA STIG Cisco IOS-XR Router NDM v3r2
CISC-ND-001450 - The Cisco router must be configured to send log data to at least two syslog servers for the purpose of forwarding alerts to the administrators and the ISSO.	Cisco	DISA STIG Cisco IOS Router NDM v3r2
CISC-ND-001450 - The Cisco switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).	Cisco	DISA STIG Cisco IOS Switch NDM v3r2
CISC-ND-001450 - The Cisco switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).	Cisco	DISA STIG Cisco IOS XE Switch NDM v3r2
CISC-ND-001450 - The Cisco switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).	Cisco	DISA STIG Cisco NX-OS Switch NDM v3r2
DB2X-00-012600 - DB2 must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.	Windows	DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-012600 - DB2 must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.	Unix	DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
F5BI-DM-000257 - The BIG-IP appliance must be configured to off-load audit records onto a different system or media than the system being audited.	F5	DISA F5 BIG-IP Device Management STIG v2r3
GEN005450 - The system must use a remote syslog server (loghost) - rsyslog.conf	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN005450 - The system must use a remote syslog server (loghost) - syslog.conf	Unix	DISA STIG for Oracle Linux 5 v2r1
GOOG-09-005505 - The Google Android Pie must be configured to enable audit logging.	MDM	AirWatch - DISA Google Android 9.x v2r1
GOOG-09-005505 - The Google Android Pie must be configured to enable audit logging.	MDM	MobileIron - DISA Google Android 9.x v2r1
GOOG-10-005505 - Google Android 10 must be configured to enable audit logging.	MDM	MobileIron - DISA Google Android 10.x v2r1
GOOG-10-005505 - Google Android 10 must be configured to enable audit logging.	MDM	AirWatch - DISA Google Android 10.x v2r1
GOOG-11-005505 - Google Android 11 must be configured to enable audit logging.	MDM	AirWatch - DISA Google Android 11 COPE v2r1
GOOG-11-005505 - Google Android 11 must be configured to enable audit logging.	MDM	MobileIron - DISA Google Android 11 COBO v2r1
GOOG-11-005505 - Google Android 11 must be configured to enable audit logging.	MDM	AirWatch - DISA Google Android 11 COBO v2r1
GOOG-11-005505 - Google Android 11 must be configured to enable audit logging.	MDM	MobileIron - DISA Google Android 11 COPE v2r1
HONW-09-005505 - The Honeywell Mobility Edge Android Pie device must be configured to enable audit logging.	MDM	AirWatch - DISA Honeywell Android 9.x COPE v1r2
HONW-09-005505 - The Honeywell Mobility Edge Android Pie device must be configured to enable audit logging.	MDM	AirWatch - DISA Honeywell Android 9.x COBO v1r2
HONW-09-005505 - The Honeywell Mobility Edge Android Pie device must be configured to enable audit logging.	MDM	MobileIron - DISA Honeywell Android 9.x COBO v1r2
HONW-09-005505 - The Honeywell Mobility Edge Android Pie device must be configured to enable audit logging.	MDM	MobileIron - DISA Honeywell Android 9.x COPE v1r2
IIST-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled.	Windows	DISA IIS 10.0 Server v2r10
IIST-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled.	Windows	DISA IIS 10.0 Server v3r2
IISW-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 8.5 web server must be enabled.	Windows	DISA IIS 8.5 Server v2r7
JUEX-NM-000670 - The Juniper EX switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).	Juniper	DISA Juniper EX Series Network Device Management v2r2
JUNI-ND-001300 - The Juniper router must be configured to off-load log records onto a different system than the system being audited.	Juniper	DISA STIG Juniper Router NDM v3r1
JUNI-ND-001440 - The Juniper router must be configured to send log data to at least two syslog servers for the purpose of forwarding alerts to the administrators and the Information System Security Officers (ISSO) - ISSO	Juniper	DISA STIG Juniper Router NDM v3r1
MOTO-09-005505 - The Motorola Android Pie must be configured to enable audit logging.	MDM	MobileIron - DISA Motorola Android Pie.x COBO v1r2
MOTO-09-005505 - The Motorola Android Pie must be configured to enable audit logging.	MDM	MobileIron - DISA Motorola Android Pie.x COPE v1r2
MOTO-09-005505 - The Motorola Android Pie must be configured to enable audit logging.	MDM	AirWatch - DISA Motorola Android Pie.x COBO v1r2
MOTO-09-005505 - The Motorola Android Pie must be configured to enable audit logging.	MDM	AirWatch - DISA Motorola Android Pie.x COPE v1r2

Detections

Analytics

CCI|CCI-001851

Title

Reference Item Details

Audit Items