800-53|AU-12

Title

AUDIT GENERATION

Description

The information system:

Supplemental

Audit records can be generated from many different information system components. The list of audited events is the set of events for which audits are to be generated. These events are typically a subset of all events for which the information system is capable of generating audit records.

Reference Item Details

Related: AC-3,AU-2,AU-3,AU-6,AU-7

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2 Ensure 'Enable Log on High DP Load' is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.1.3 Ensure auditing is configured for the Docker daemonUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.3.2.2 Enable 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings'WindowsCIS Windows 8 L1 v1.0.0
1.1.7 Set 'aaa accounting' to log all privileged use commands using 'commands 15'CiscoCIS Cisco IOS 12 L2 v4.0.0
1.1.8 Set 'aaa accounting connection'CiscoCIS Cisco IOS 12 L2 v4.0.0
1.1.9 Set 'aaa accounting exec'CiscoCIS Cisco IOS 12 L2 v4.0.0
1.1.9 Set 'aaa accounting exec'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.1.9 Set 'aaa accounting exec'CiscoCIS Cisco IOS 17 L2 v1.0.0
1.1.10 Set 'aaa accounting network'CiscoCIS Cisco IOS 17 L2 v1.0.0
1.1.10 Set 'aaa accounting network'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.1.10 Set 'aaa accounting network'CiscoCIS Cisco IOS 12 L2 v4.0.0
1.1.11 Set 'aaa accounting system'CiscoCIS Cisco IOS 12 L2 v4.0.0
1.1.11 Set 'aaa accounting system'CiscoCIS Cisco IOS 17 L2 v1.0.0
1.1.11 Set 'aaa accounting system'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.1.15 Ensure that the --audit-log-path argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2.1 Ensure dm-verity is enabledUnixCIS Google Container-Optimized OS L1 Server v1.0.0
1.2.18 Ensure that the --audit-log-path argument is setUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.18 Ensure that the --audit-log-path argument is setUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.21 Ensure that the --audit-log-path argument is setUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.22 Ensure that the --audit-log-path argument is setUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.3 Configure SSH - Check if MaxAuthTriesLog is set to 0 and not commented for server.UnixCIS Solaris 9 v1.3
1.3.1 Ensure AIDE is installedUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.1
1.3.1 Ensure AIDE is installedUnixCIS Oracle Linux 7 Server L1 v3.1.1
1.3.1 Ensure AIDE is installedUnixCIS Oracle Linux 7 Workstation L1 v3.1.1
1.10 Set receive connector 'Configure Protocol logging' to 'Verbose'WindowsCIS Microsoft Exchange Server 2013 Edge v1.1.0
1.10 Set receive connector 'Configure Protocol logging' to 'Verbose'WindowsCIS Microsoft Exchange Server 2016 Edge v1.0.0
1.10.1 Ensure 'logging' is enabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.1 Ensure 'logging' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.5 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.10.5 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.5 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.6 Ensure 'logging history severity level' is set to greater than or equal to '5'CiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.10.6 Ensure 'logging history severity level' is set to greater than or equal to '5'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.6 Ensure 'logging history severity level' is set to greater than or equal to '5'CiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.7 Ensure 'logging with timestamps' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.7 Ensure 'logging with timestamps' is enabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.9 Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)CiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.10.9 Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.9 Ensure 'logging buffered severity level' is greater than or equal to '3'CiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.10 Ensure 'logging buffered severity level' is greater than or equal to '3'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.10 Ensure 'logging buffered severity level' is greater than or equal to '3'CiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.10.10 Ensure 'logging trap severity level' is greater than or equal to '5'CiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.11 Set send connector 'Configure Protocol logging' to 'Verbose'WindowsCIS Microsoft Exchange Server 2013 Edge v1.1.0
1.11 Set send connector 'Configure Protocol logging' to 'Verbose'WindowsCIS Microsoft Exchange Server 2016 Edge v1.0.0
1.13 Set 'Message tracking logging - Transport' to 'True'WindowsCIS Microsoft Exchange Server 2016 Hub v1.0.0
1.13 Set 'Message tracking logging - Transport' to 'True'WindowsCIS Microsoft Exchange Server 2013 Hub v1.1.0
1.14 Set 'Message tracking logging - Mailbox' to 'True'WindowsCIS Microsoft Exchange Server 2013 Mailbox v1.1.0
1.14 Set 'Message tracking logging - Mailbox' to 'True'WindowsCIS Microsoft Exchange Server 2016 Mailbox v1.0.0
1.16 Set 'Turn on Connectivity logging' to 'True'WindowsCIS Microsoft Exchange Server 2016 Edge v1.0.0
1.16 Set 'Turn on Connectivity logging' to 'True'WindowsCIS Microsoft Exchange Server 2013 Edge v1.1.0