Detections
Analytics

800-53|AU-12

Title

AUDIT GENERATION

Description

The information system:

Supplemental

Audit records can be generated from many different information system components. The list of audited events is the set of events for which audits are to be generated. These events are typically a subset of all events for which the information system is capable of generating audit records.

Reference Item Details

Related: AC-3,AU-2,AU-3,AU-6,AU-7

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2 Ensure 'Enable Log on High DP Load' is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.1.3 Ensure auditing is configured for the Docker daemonUnixCIS Docker v1.6.0 L1 Docker Linux
1.1.3 Ensure auditing is configured for the Docker daemonUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.3.2.2 Enable 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings'WindowsCIS Windows 8 L1 v1.0.0
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerdUnixCIS Docker v1.6.0 L1 Docker Linux
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerdUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/dockerUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/dockerUnixCIS Docker v1.6.0 L1 Docker Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/dockerUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/dockerUnixCIS Docker v1.6.0 L1 Docker Linux
1.1.7 Ensure auditing is configured for Docker files and directories - docker.serviceUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.7 Set 'aaa accounting' to log all privileged use commands using 'commands 15'CiscoCIS Cisco IOS 12 L2 v4.0.0
1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sockUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.8 Set 'aaa accounting connection'CiscoCIS Cisco IOS 12 L2 v4.0.0
1.1.8 Set 'aaa accounting exec'CiscoCIS Cisco IOS 17 L2 v2.0.0
1.1.8 Set 'aaa accounting exec' - aaa accounting execCiscoCIS Cisco IOS 16 L2 v2.0.0
1.1.9 Ensure auditing is configured for Docker files and directories - docker.sockUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.9 Set 'aaa accounting exec'CiscoCIS Cisco IOS 12 L2 v4.0.0
1.1.9 Set 'aaa accounting exec'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.1.9 Set 'aaa accounting network'CiscoCIS Cisco IOS 17 L2 v2.0.0
1.1.9 Set 'aaa accounting network' - aaa accounting networkCiscoCIS Cisco IOS 16 L2 v2.0.0
1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/dockerUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.10 Set 'aaa accounting network'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.1.10 Set 'aaa accounting network'CiscoCIS Cisco IOS 12 L2 v4.0.0
1.1.10 Set 'aaa accounting system'CiscoCIS Cisco IOS 17 L2 v2.0.0
1.1.10 Set 'aaa accounting system' - aaa accounting systemCiscoCIS Cisco IOS 16 L2 v2.0.0
1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.jsonUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.11 Set 'aaa accounting system'CiscoCIS Cisco IOS 12 L2 v4.0.0
1.1.11 Set 'aaa accounting system'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.tomlUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/dockerUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerdUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shimUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.15 Ensure that the --audit-log-path argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1UnixCIS Docker v1.6.0 L2 Docker Linux
1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2UnixCIS Docker v1.6.0 L2 Docker Linux
1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runcUnixCIS Docker v1.6.0 L2 Docker Linux
1.10 Set receive connector 'Configure Protocol logging' to 'Verbose'WindowsCIS Microsoft Exchange Server 2013 Edge v1.1.0
1.10 Set receive connector 'Configure Protocol logging' to 'Verbose'WindowsCIS Microsoft Exchange Server 2016 Edge v1.0.0
1.10.1 Ensure 'logging' is enabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.1 Ensure 'logging' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.5 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.10.5 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.5 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.6 Ensure 'logging history severity level' is set to greater than or equal to '5'CiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.10.6 Ensure 'logging history severity level' is set to greater than or equal to '5'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.6 Ensure 'logging history severity level' is set to greater than or equal to '5'CiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.10 Ensure 'logging buffered severity level' is greater than or equal to '3'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.10 Ensure 'logging buffered severity level' is greater than or equal to '3'CiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.10.10 Ensure 'logging trap severity level' is greater than or equal to '5'CiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0