Detections
Analytics

800-53|AC-6(9)

Title

AUDITING USE OF PRIVILEGED FUNCTIONS

Description

The information system audits the execution of privileged functions.

Supplemental

Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse, and in doing so, help mitigate the risk from insider threats and the advanced persistent threat (APT).

Reference Item Details

Related: AU-2

Category: ACCESS CONTROL

Parent Title: LEAST PRIVILEGE

Family: ACCESS CONTROL

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.1 Ensure AIDE is installedUnixCIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1
1.2.1 Ensure AIDE is installedUnixCIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1
1.2.1 Ensure AIDE is installedUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server
1.2.1 Ensure AIDE is installedUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation
1.2.1 Ensure AIDE is installedUnixCIS Debian 10 Server L1 v2.0.0
1.2.1 Ensure AIDE is installedUnixCIS Debian 10 Workstation L1 v2.0.0
1.2.1 Ensure dm-verity is enabledUnixCIS Google Container-Optimized OS L1 Server v1.1.0
1.3.1 Ensure AIDE is installedUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
1.3.1 Ensure AIDE is installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.3.1 Ensure AIDE is installedUnixCIS Amazon Linux 2023 Server L1 v1.0.0
1.3.1 Ensure AIDE is installedUnixCIS CentOS Linux 8 Server L1 v2.0.0
1.3.1 Ensure AIDE is installedUnixCIS Fedora 28 Family Linux Server L1 v2.0.0
1.3.1 Ensure AIDE is installedUnixCIS CentOS Linux 8 Workstation L1 v2.0.0
1.3.1 Ensure AIDE is installedUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
1.3.1 Ensure AIDE is installedUnixCIS Fedora 28 Family Linux Workstation L1 v2.0.0
1.3.1 Ensure AIDE is installedUnixCIS Debian 8 Workstation L1 v2.0.2
1.3.1 Ensure AIDE is installedUnixCIS Debian 8 Server L1 v2.0.2
1.3.1 Ensure AIDE is installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Amazon Linux 2023 Server L1 v1.0.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS CentOS Linux 8 Server L1 v2.0.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS CentOS Linux 8 Workstation L1 v2.0.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Fedora 28 Family Linux Workstation L1 v2.0.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Debian 8 Workstation L1 v2.0.2
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Debian 8 Server L1 v2.0.2
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Fedora 28 Family Linux Server L1 v2.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit toolsUnixCIS Amazon Linux 2023 Server L1 v1.0.0
1.4.1 Ensure AIDE is installedUnixCIS SUSE Linux Enterprise 15 Server L1 v1.1.1
1.4.1 Ensure AIDE is installedUnixCIS SUSE Linux Enterprise 12 v3.1.0 L1 Server
1.4.1 Ensure AIDE is installedUnixCIS SUSE Linux Enterprise 12 v3.1.0 L1 Workstation
1.4.1 Ensure AIDE is installedUnixCIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
1.4.2 Ensure filesystem integrity is regularly checkedUnixCIS SUSE Linux Enterprise 15 Server L1 v1.1.1
1.4.2 Ensure filesystem integrity is regularly checkedUnixCIS SUSE Linux Enterprise 12 v3.1.0 L1 Workstation
1.4.2 Ensure filesystem integrity is regularly checkedUnixCIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
1.4.2 Ensure filesystem integrity is regularly checkedUnixCIS SUSE Linux Enterprise 12 v3.1.0 L1 Server
1.4.3 Set password lifetime, warning time and grace time for local credentialsCiscoCIS Cisco NX-OS L1 v1.1.0
1.5.1 Ensure prelink is not installedUnixCIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1
1.5.1 Ensure prelink is not installedUnixCIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1
1.5.3 Ensure prelink is not installedUnixCIS Debian 10 Server L1 v2.0.0
1.5.3 Ensure prelink is not installedUnixCIS Debian 10 Workstation L1 v2.0.0
1.5.4 Ensure prelink is disabledUnixCIS Debian 8 Workstation L1 v2.0.2
1.5.4 Ensure prelink is disabledUnixCIS Debian 8 Server L1 v2.0.2
1.5.4 Ensure prelink is not installedUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation
1.5.4 Ensure prelink is not installedUnixCIS Debian Linux 11 v2.0.0 L1 Workstation
1.5.4 Ensure prelink is not installedUnixCIS Debian Linux 11 v2.0.0 L1 Server
1.5.4 Ensure prelink is not installedUnixCIS Debian Linux 12 v1.0.1 L1 Workstation
1.5.4 Ensure prelink is not installedUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server