Detections
Analytics

800-53|AU-3

Title

CONTENT OF AUDIT RECORDS

Description

The information system generates audit records containing information that establishes what type of event occurred, when the event occurred, where the event occurred, the source of the event, the outcome of the event, and the identity of any individuals or subjects associated with the event.

Supplemental

Audit record content that may be necessary to satisfy the requirement of this control, includes, for example, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked. Event outcomes can include indicators of event success or failure and event-specific results (e.g., the security state of the information system after the event occurred).

Reference Item Details

Related: AU-12,AU-2,AU-8,SI-11

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2 Ensure 'Enable Log on High DP Load' is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerdUnixCIS Docker v1.8.0 L1 OS Linux
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/dockerUnixCIS Docker v1.8.0 L1 OS Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/dockerUnixCIS Docker v1.8.0 L1 OS Linux
1.1.6 Set 'aaa accounting' to log all privileged use commands using 'commands 15'CiscoCIS Cisco IOS XE 17.x v2.2.1 L1
1.1.7 Ensure auditing is configured for Docker files and directories - docker.serviceUnixCIS Docker v1.8.0 L2 OS Linux
1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sockUnixCIS Docker v1.8.0 L2 OS Linux
1.1.8 Set 'aaa accounting exec'CiscoCIS Cisco IOS XE 17.x v2.2.1 L1
1.1.9 Ensure auditing is configured for Docker files and directories - docker.sockUnixCIS Docker v1.8.0 L2 OS Linux
1.1.9 Set 'aaa accounting network'CiscoCIS Cisco IOS XE 17.x v2.2.1 L1
1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/dockerUnixCIS Docker v1.8.0 L2 OS Linux
1.1.10 Set 'aaa accounting system'CiscoCIS Cisco IOS XE 17.x v2.2.1 L1
1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.jsonUnixCIS Docker v1.8.0 L2 OS Linux
1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.tomlUnixCIS Docker v1.8.0 L2 OS Linux
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/dockerUnixCIS Docker v1.8.0 L2 OS Linux
1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerdUnixCIS Docker v1.8.0 L2 OS Linux
1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shimUnixCIS Docker v1.8.0 L2 OS Linux
1.1.15 Ensure that the --audit-log-path argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1UnixCIS Docker v1.8.0 L2 OS Linux
1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2UnixCIS Docker v1.8.0 L2 OS Linux
1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runcUnixCIS Docker v1.8.0 L2 OS Linux
1.1.37 Ensure that the AdvancedAuditing argument is not set to false - AdvancedAuditingUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.37 Ensure that the AdvancedAuditing argument is not set to false - AUDIT_POLICY_FILEUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.37 Ensure that the AdvancedAuditing argument is not set to false - audit-policy-fileUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.38 Ensure that the --request-timeout argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2.1 Ensure dm-verity is enabledUnixCIS Google Container-Optimized OS v1.2.0 L1 Server
1.2.2 Configure IP Blocking on Failed LoginsCiscoCIS Cisco NX-OS v1.2.0 L1
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Debian Linux 10 v2.0.0 L1 Workstation
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Debian Linux 10 v2.0.0 L1 Server
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation
1.2.7 Verify Package Integrity Using RPMUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.2.18 Ensure that the --audit-log-path argument is setOpenShiftCIS Red Hat OpenShift Container Platform v1.8.0 L1 OpenShift
1.10.1 Ensure 'logging' is enabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.5 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.5 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.10.6 Ensure 'logging with timestamps' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.7 Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.8 Ensure 'logging buffered severity level' is greater than or equal to '3'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.9 Ensure 'logging trap severity level' is greater than or equal to '5'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.13 UBTU-24-100400UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.14 UBTU-24-100410UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.20 RHEL-09-212055UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT III
1.119 UBTU-22-653010UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.120 UBTU-22-653015UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.184 OL08-00-020240UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.222 OL08-00-030130UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.223 OL08-00-030140UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.224 OL08-00-030150UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.225 OL08-00-030160UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II