Detections
Analytics

800-53|AU-1

Title

AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES

Description

The organization:

Supplemental

This control addresses the establishment of policy and procedures for the effective implementation of selected security controls and control enhancements in the AU family. Policy and procedures reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance. Security program policies and procedures at the organization level may make the need for system-specific policies and procedures unnecessary. The policy can be included as part of the general information security policy for organizations or conversely, can be represented by multiple policies reflecting the complex nature of certain organizations. The procedures can be established for the security program in general and for particular information systems, if needed. The organizational risk management strategy is a key factor in establishing policy and procedures.

Reference Item Details

Related: PM-9

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1.1 Syslog logging should be configuredPalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L1
1.1.1.1 Syslog logging should be configured - configurationPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - configurationPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - hip matchPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - hip matchPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - hostPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - hostPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - ip-tagPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - ip-tagPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - systemPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - systemPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - user-idPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.1.1.1 Syslog logging should be configured - user-idPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.1.1.2 SNMPv3 traps should be configuredPalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L2
1.1.1.2 SNMPv3 traps should be configured - configurationPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - configurationPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - hip matchPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - hip matchPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - hostPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - hostPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - ip-tagPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - ip-tagPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - user-idPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L2
1.1.1.2 SNMPv3 traps should be configured - user-idPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L2
1.1.3 Ensure 'Enable Log on High DP Load' is enabledPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.1.3 Ensure 'Enable Log on High DP Load' is enabledPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.1.3 Ensure 'Enable Log on High DP Load' is enabledPalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L1
1.2.21 Ensure that the audit logs are forwarded off the cluster for retentionOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
2.6 Turn off TRACEUnixCIS Apache Tomcat 10 L1 v1.1.0
2.6 Turn off TRACEUnixCIS Apache Tomcat 10 L1 v1.1.0 Middleware
2.13 Ensure centralized and remote logging is configuredUnixCIS Docker v1.6.0 L2 Docker Linux
3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum SizeUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum SizeUnixCIS Apple macOS 13.0 Ventura v2.0.0 L1
3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum SizeUnixCIS Apple macOS 14.0 Sonoma v1.0.0 L1
3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum SizeUnixCIS Apple macOS 12.0 Monterey v3.0.0 L1
3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size - all_maxUnixCIS Apple macOS 10.14 v2.0.0 L1
3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size - all_maxUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size - ttlUnixCIS Apple macOS 10.14 v2.0.0 L1
3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size - ttlUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
3.4 Ensure logging is enabled on all firewall policiesFortiGateCIS Fortigate 7.0.x Level 1 v1.2.0
3.4 Ensure Security Auditing Retention Is EnabledUnixCIS Apple macOS 10.14 v2.0.0 L1
3.4 Ensure Security Auditing Retention Is EnabledUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
3.4 Ensure Security Auditing Retention Is EnabledUnixCIS Apple macOS 14.0 Sonoma v1.0.0 L1
3.4 Ensure Security Auditing Retention Is EnabledUnixCIS Apple macOS 13.0 Ventura v2.0.0 L1
3.4 Ensure Security Auditing Retention Is EnabledUnixCIS Apple macOS 10.15 Catalina v3.0.0 L1
3.4 Ensure Security Auditing Retention Is EnabledUnixCIS Apple macOS 12.0 Monterey v3.0.0 L1
4.1.2 Ensure auditd service is enabledUnixCIS Debian 8 Server L2 v2.0.2
4.1.2 Ensure auditd service is enabledUnixCIS Debian 8 Workstation L2 v2.0.2
4.1.18 Ensure the audit configuration is immutableUnixCIS Debian 8 Server L2 v2.0.2
4.1.18 Ensure the audit configuration is immutableUnixCIS Debian 8 Workstation L2 v2.0.2