CCI|CCI-001914

Title

Provide the capability for organization-defined individuals or roles to change the logging to be performed on organization-defined system components based on organization-defined selectable event criteria within organization-defined time thresholds.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AIX7-00-002032 - AIX must provide the function for assigned ISSOs or designated SAs to change the auditing to be performed on all operating system components, based on all selectable event criteria in near real time.	Unix	DISA STIG AIX 7.x v2r9
AOSX-15-001003 - The macOS system must initiate session audits at system startup	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-13-001003 - The macOS system must produce audit records containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-14-001003 - The macOS system must enable security auditing.	Unix	DISA Apple macOS 14 (Sonoma) STIG v2r1
APPL-15-001003 - The macOS system must enable security auditing.	Unix	DISA Apple macOS 15 (Sequoia) STIG v1r1
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - 800-171
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Enable Security Auditing	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
CD12-00-010000 - PostgreSQL must provide the means for individuals in authorized roles to change the auditing to be performed on all application components, based on all selectable event criteria within organization-defined time thresholds.	PostgreSQLDB	DISA STIG Crunchy Data PostgreSQL DB v3r1
Monterey - Enable Security Auditing	Unix	NIST macOS Monterey v1.0.0 - All Profiles
Monterey - Enable Security Auditing	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Enable Security Auditing	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 Low
Monterey - Enable Security Auditing	Unix	NIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Enable Security Auditing	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Enable Security Auditing	Unix	NIST macOS Monterey v1.0.0 - 800-171
Monterey - Enable Security Auditing	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Enable Security Auditing	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Enable Security Auditing	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 High
OL08-00-030180 - The OL 8 audit package must be installed.	Unix	DISA Oracle Linux 8 STIG v2r1
OL08-00-030181 - OL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.	Unix	DISA Oracle Linux 8 STIG v2r1
RHEL-09-653010 - RHEL 9 audit package must be installed.	Unix	DISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-653015 - RHEL 9 audit service must be enabled.	Unix	DISA Red Hat Enterprise Linux 9 STIG v2r2
SLES-12-020000 - The SUSE operating system must have the auditing package installed.	Unix	DISA SLES 12 STIG v2r13
SLES-12-020240 - The SUSE operating system must generate audit records for all uses of the privileged functions.	Unix	DISA SLES 12 STIG v2r13
SLES-15-030640 - The SUSE operating system must generate audit records for all uses of the privileged functions.	Unix	DISA SLES 15 STIG v2r1
SLES-15-030650 - The SUSE operating system must have the auditing package installed.	Unix	DISA SLES 15 STIG v2r1
SPLK-CL-000120 - The System Administrator (SA) and Information System Security Manager (ISSM) must configure the retention of the log records based on the defined security plan.	Unix	DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG OS
SPLK-CL-000260 - The System Administrator (SA) and Information System Security Officer (ISSO) must configure the retention of the log records based on the defined security plan.	Splunk	DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API
UBTU-16-020000 - Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events - enabled	Unix	DISA STIG Ubuntu 16.04 LTS v2r3
UBTU-16-020000 - Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events - installed	Unix	DISA STIG Ubuntu 16.04 LTS v2r3
UBTU-18-010250 - The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.	Unix	DISA STIG Ubuntu 18.04 LTS v2r15
UBTU-20-010182 - The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.	Unix	DISA STIG Ubuntu 20.04 LTS v2r1
UBTU-22-653010 - Ubuntu 22.04 LTS must have the 'auditd' package installed.	Unix	DISA STIG Canonical Ubuntu 22.04 LTS v2r2
UBTU-22-653015 - Ubuntu 22.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.	Unix	DISA STIG Canonical Ubuntu 22.04 LTS v2r2
WN10-UR-000130 - The Manage auditing and security log user right must only be assigned to the Administrators group.	Windows	DISA Windows 10 STIG v3r2

Detections

Analytics

CCI|CCI-001914

Title

Reference Item Details

Audit Items