800-53|AU-12(3)

Title

CHANGES BY AUTHORIZED INDIVIDUALS

Description

The information system provides the capability for [Assignment: organization-defined individuals or roles] to change the auditing to be performed on [Assignment: organization-defined information system components] based on [Assignment: organization-defined selectable event criteria] within [Assignment: organization-defined time thresholds].

Supplemental

This control enhancement enables organizations to extend or limit auditing as necessary to meet organizational requirements. Auditing that is limited to conserve information system resources may be extended to address certain threat situations. In addition, auditing may be limited to a specific set of events to facilitate audit reduction, analysis, and reporting. Organizations can establish time thresholds in which audit actions are changed, for example, near real-time, within minutes, or within hours.

Reference Item Details

Related: AU-7

Category: AUDIT AND ACCOUNTABILITY

Parent Title: AUDIT GENERATION

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AIX7-00-002032 - AIX must provide the function for assigned ISSOs or designated SAs to change the auditing to be performed on all operating system components, based on all selectable event criteria in near real time.UnixDISA STIG AIX 7.x v2r6
APPL-12-001003 - The macOS system must initiate session audits at system startupUnixDISA STIG Apple macOS 12 v1r3
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enable Security AuditingUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enable Security AuditingUnixNIST macOS Catalina v1.5.0 - All Profiles
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - 800-53r5 Low
Monterey - Enable Security AuditingUnixNIST macOS Monterey v1.0.0 - 800-171
OL08-00-030180 - The OL 8 audit package must be installed.UnixDISA Oracle Linux 8 STIG v1r2
OL08-00-030181 - OL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.UnixDISA Oracle Linux 8 STIG v1r2
SLES-12-020000 - The SUSE operating system must have the auditing package installed.UnixDISA SLES 12 STIG v2r7
SLES-12-020240 - The SUSE operating system must generate audit records for all uses of the privileged functions - setgid arch=b32UnixDISA SLES 12 STIG v2r7
SLES-12-020240 - The SUSE operating system must generate audit records for all uses of the privileged functions - setgid arch=b64UnixDISA SLES 12 STIG v2r7
SLES-12-020240 - The SUSE operating system must generate audit records for all uses of the privileged functions - setuid arch=b32UnixDISA SLES 12 STIG v2r7
SLES-12-020240 - The SUSE operating system must generate audit records for all uses of the privileged functions - setuid arch=b64UnixDISA SLES 12 STIG v2r7
SLES-15-030640 - The SUSE operating system must generate audit records for all uses of the privileged functions - setgid arch=b32UnixDISA SLES 15 STIG v1r6
SLES-15-030640 - The SUSE operating system must generate audit records for all uses of the privileged functions - setgid arch=b64UnixDISA SLES 15 STIG v1r6
SLES-15-030640 - The SUSE operating system must generate audit records for all uses of the privileged functions - setuid arch=b32UnixDISA SLES 15 STIG v1r6
SLES-15-030640 - The SUSE operating system must generate audit records for all uses of the privileged functions - setuid arch=b64UnixDISA SLES 15 STIG v1r6
SLES-15-030650 - The SUSE operating system must have the auditing package installed.UnixDISA SLES 15 STIG v1r6
UBTU-16-020000 - Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events - enabledUnixDISA STIG Ubuntu 16.04 LTS v2r3
UBTU-16-020000 - Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events - installedUnixDISA STIG Ubuntu 16.04 LTS v2r3
UBTU-18-010250 - The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time - activeUnixDISA STIG Ubuntu 18.04 LTS v2r8
UBTU-18-010250 - The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time - enabledUnixDISA STIG Ubuntu 18.04 LTS v2r8
UBTU-18-010250 - The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time - installedUnixDISA STIG Ubuntu 18.04 LTS v2r8
UBTU-20-010182 - The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time - auditd activeUnixDISA STIG Ubuntu 20.04 LTS v1r5
UBTU-20-010182 - The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time - auditd enabledUnixDISA STIG Ubuntu 20.04 LTS v1r5
WN10-UR-000130 - The Manage auditing and security log user right must only be assigned to the Administrators group.WindowsDISA Windows 10 STIG v2r4
WN12-UR-000032 - The Manage auditing and security log user right must only be assigned to the Administrators group.WindowsDISA Windows Server 2012 and 2012 R2 MS STIG v3r4