800-53|AU-14(2)

Title

CAPTURE/RECORD AND LOG CONTENT

Description

The information system provides the capability for authorized users to capture/record and log content related to a user session.

Reference Item Details

Category: AUDIT AND ACCOUNTABILITY

Parent Title: SESSION AUDIT

Family: AUDIT AND ACCOUNTABILITY

Audit Items

View all Reference Audit Items

NamePluginAudit Name
DKER-EE-001080 - The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
FNFG-FW-000155 - The FortiGate firewall must allow authorized users to record a packet-capture-based IP, traffic type (TCP, UDP, or ICMP), or protocol.FortiGateDISA Fortigate Firewall STIG v1r1
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Field DateWindowsDISA IIS 10.0 Server v2r5
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Field IPWindowsDISA IIS 10.0 Server v2r5
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Field MethodWindowsDISA IIS 10.0 Server v2r5
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Field QueryWindowsDISA IIS 10.0 Server v2r5
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Field RefererWindowsDISA IIS 10.0 Server v2r5
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Field StatusWindowsDISA IIS 10.0 Server v2r5
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Field TimeWindowsDISA IIS 10.0 Server v2r5
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Field UserWindowsDISA IIS 10.0 Server v2r5
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Format W3CWindowsDISA IIS 10.0 Server v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Client IP AddressWindowsDISA IIS 8.5 Site v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field DateWindowsDISA IIS 8.5 Site v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field MethodWindowsDISA IIS 8.5 Site v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Protocol StatusWindowsDISA IIS 8.5 Site v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field RefererWindowsDISA IIS 8.5 Site v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field TimeWindowsDISA IIS 8.5 Site v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field URI QueryWindowsDISA IIS 8.5 Site v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field User NameWindowsDISA IIS 8.5 Site v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Format W3CWindowsDISA IIS 8.5 Site v2r5
IISW-SV-000102 - The enhanced logging for the IIS 8.5 web server must be enabled and capture all user and web server events - Field DateWindowsDISA IIS 8.5 Server v2r3
IISW-SV-000102 - The enhanced logging for the IIS 8.5 web server must be enabled and capture all user and web server events - Field IPWindowsDISA IIS 8.5 Server v2r3
IISW-SV-000102 - The enhanced logging for the IIS 8.5 web server must be enabled and capture all user and web server events - Field MethodWindowsDISA IIS 8.5 Server v2r3
IISW-SV-000102 - The enhanced logging for the IIS 8.5 web server must be enabled and capture all user and web server events - Field QueryWindowsDISA IIS 8.5 Server v2r3
IISW-SV-000102 - The enhanced logging for the IIS 8.5 web server must be enabled and capture all user and web server events - Field RefererWindowsDISA IIS 8.5 Server v2r3
IISW-SV-000102 - The enhanced logging for the IIS 8.5 web server must be enabled and capture all user and web server events - Field StatusWindowsDISA IIS 8.5 Server v2r3
IISW-SV-000102 - The enhanced logging for the IIS 8.5 web server must be enabled and capture all user and web server events - Field TimeWindowsDISA IIS 8.5 Server v2r3
IISW-SV-000102 - The enhanced logging for the IIS 8.5 web server must be enabled and capture all user and web server events - Field UserWindowsDISA IIS 8.5 Server v2r3
IISW-SV-000102 - The enhanced logging for the IIS 8.5 web server must be enabled and capture all user and web server events - Format W3CWindowsDISA IIS 8.5 Server v2r3
MD3X-00-000040 - MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r1 OS
VCEM-67-000005 - ESX Agent Manager must record user access in a format that enables monitoring of remote access.UnixDISA STIG VMware vSphere 6.7 EAM Tomcat v1r2
VCFL-67-000009 - vSphere Client must record user access in a format that enables monitoring of remote access.UnixDISA STIG VMware vSphere 6.7 Virgo Client v1r1
VCLD-67-000004 - VAMI must be configured to monitor remote access.UnixDISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r2
VCPF-67-000005 - Performance Charts must record user access in a format that enables monitoring of remote access.UnixDISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r2
VCST-67-000005 - The Security Token Service must record user access in a format that enables monitoring of remote access.UnixDISA STIG VMware vSphere 6.7 STS Tomcat v1r2
VCUI-67-000005 - vSphere UI must record user access in a format that enables monitoring of remote access.UnixDISA STIG VMware vSphere 6.7 UI Tomcat v1r2
WBSP-AS-000100 - The WebSphere Application Server audit event type filters must be configured.UnixDISA IBM WebSphere Traditional 9 STIG v1r1
WBSP-AS-000100 - The WebSphere Application Server audit event type filters must be configured.WindowsDISA IBM WebSphere Traditional 9 Windows STIG v1r1
WBSP-AS-000100 - The WebSphere Application Server audit event type filters must be configured.UnixDISA IBM WebSphere Traditional 9 STIG v1r1 Middleware
WNFWA-000011 - The Windows Firewall with Advanced Security must log successful connections when connected to a domain.WindowsDISA Microsoft Windows Firewall v2r1
WNFWA-000019 - The Windows Firewall with Advanced Security must log successful connections when connected to a private network.WindowsDISA Microsoft Windows Firewall v2r1
WNFWA-000029 - The Windows Firewall with Advanced Security must log successful connections when connected to a public network.WindowsDISA Microsoft Windows Firewall v2r1