Detections
Analytics

800-53|AU-12b.

Title

AUDIT GENERATION

Description

Allows [Assignment: organization-defined personnel or roles] to select which auditable events are to be audited by specific components of the information system; and

Reference Item Details

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.53 APPL-14-001110UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.54 APPL-14-001120UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.55 APPL-14-001130UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.56 APPL-14-001140UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT II
1.130 UBTU-22-653065UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.131 UBTU-22-653070UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.132 UBTU-22-653075UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.132 UBTU-24-900040UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.133 UBTU-24-900050UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.134 UBTU-24-900060UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.270 OL08-00-030610UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.387 RHEL-09-653110UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.388 RHEL-09-653115UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS Red Hat Enterprise Linux 8 STIG v2.0.0 L2 Server
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS Rocky Linux 10 v1.0.0 L2 Server
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS AlmaLinux OS 10 v1.0.0 L2 Workstation
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS Oracle Linux 10 v1.0.0 L2 Server
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS Oracle Linux 8 v4.0.0 L2 Workstation
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS Red Hat Enterprise Linux 10 v1.0.1 L2 Server
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS Rocky Linux 8 v3.0.0 L2 Server
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS Rocky Linux 10 v1.0.0 L2 Workstation
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS Red Hat Enterprise Linux 8 STIG v2.0.0 L2 Workstation
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS AlmaLinux OS 8 v4.0.0 L2 Server
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS Oracle Linux 8 v4.0.0 L2 Server
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS Red Hat Enterprise Linux 8 v4.0.0 L2 Workstation
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS AlmaLinux OS 8 v4.0.0 L2 Workstation
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS Red Hat Enterprise Linux 10 v1.0.1 L2 Workstation
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS Red Hat Enterprise Linux 8 v4.0.0 L2 Server
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS Oracle Linux 10 v1.0.0 L2 Workstation
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS AlmaLinux OS 10 v1.0.0 L2 Server
6.3.4.5 Ensure audit configuration files mode is configuredUnixCIS Rocky Linux 8 v3.0.0 L2 Workstation
AIX7-00-002200 - The AIX audit configuration files must be owned by root.UnixDISA STIG AIX 7.x v3r1
AIX7-00-002201 - The AIX audit configuration files must be group-owned by audit.UnixDISA STIG AIX 7.x v3r1
AIX7-00-002202 - The AIX audit configuration files must be set to 640 or less permissive.UnixDISA STIG AIX 7.x v3r1
ALMA-09-045780 - AlmaLinux OS 9 /etc/audit/auditd.conf file must have 0640 or less permissive to prevent unauthorized access.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
ALMA-09-045890 - AlmaLinux OS 9 must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
APPL-14-001110 - The macOS system must configure audit_control group to wheel.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-14-001120 - The macOS system must configure audit_control owner to root.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-14-001130 - The macOS system must configure audit_control to mode 440 or less permissive.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-14-001140 - The macOS system must configure audit_control to not contain access control lists.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-15-001110 - The macOS system must configure audit_control group to wheel.UnixDISA Apple macOS 15 Sequoia STIG v1r5
APPL-15-001120 - The macOS system must configure audit_control owner to root.UnixDISA Apple macOS 15 Sequoia STIG v1r5
APPL-15-001130 - The macOS system must configure audit_control owner to mode 440 or less permissive.UnixDISA Apple macOS 15 Sequoia STIG v1r5
APPL-15-001140 - The macOS system must configure audit_control to not contain access control lists (ACLs).UnixDISA Apple macOS 15 Sequoia STIG v1r5
APPL-26-001110 - The macOS system must configure audit_control group to wheel.UnixDISA Apple macOS 26 Tahoe STIG v1r1
APPL-26-001120 - The macOS system must configure audit_control owner to root.UnixDISA Apple macOS 26 Tahoe STIG v1r1
APPL-26-001130 - The macOS system must configure audit_control owner to mode 440 or less permissive.UnixDISA Apple macOS 26 Tahoe STIG v1r1
APPL-26-001140 - The macOS system must configure audit_control to not contain access control lists (ACLs).UnixDISA Apple macOS 26 Tahoe STIG v1r1
AZLX-23-002240 - Amazon Linux 2023 must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.UnixDISA Amazon Linux 2023 STIG v1r2