800-53|AU-3(1)

Title

ADDITIONAL AUDIT INFORMATION

Description

The information system generates audit records containing the following additional information: [Assignment: organization-defined additional, more detailed information].

Supplemental

Detailed information that organizations may consider in audit records includes, for example, full text recording of privileged commands or the individual identities of group account users. Organizations consider limiting the additional audit information to only that information explicitly needed for specific audit requirements. This facilitates the use of audit trails and audit logs by not including information that could potentially be misleading or could make it more difficult to locate information of interest.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: AUDIT AND ACCOUNTABILITY

Parent Title: CONTENT OF AUDIT RECORDS

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerd	Unix	CIS Docker v1.8.0 L1 OS Linux
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/docker	Unix	CIS Docker v1.8.0 L1 OS Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/docker	Unix	CIS Docker v1.8.0 L1 OS Linux
1.1.6 Set 'aaa accounting' to log all privileged use commands using 'commands 15'	Cisco	CIS Cisco IOS XE 17.x v2.2.1 L1
1.1.7 Ensure auditing is configured for Docker files and directories - docker.service	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sock	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.8 Set 'aaa accounting exec'	Cisco	CIS Cisco IOS XE 17.x v2.2.1 L1
1.1.9 Ensure auditing is configured for Docker files and directories - docker.sock	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.9 Set 'aaa accounting network'	Cisco	CIS Cisco IOS XE 17.x v2.2.1 L1
1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/docker	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.10 Set 'aaa accounting system'	Cisco	CIS Cisco IOS XE 17.x v2.2.1 L1
1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.toml	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runc	Unix	CIS Docker v1.8.0 L2 OS Linux
1.2.1 Ensure dm-verity is enabled	Unix	CIS Google Container-Optimized OS v1.2.0 L1 Server
1.2.2 Configure IP Blocking on Failed Logins	Cisco	CIS Cisco NX-OS v1.2.0 L1
1.2.2 Ensure filesystem integrity is regularly checked	Unix	CIS Debian Linux 10 v2.0.0 L1 Server
1.2.2 Ensure filesystem integrity is regularly checked	Unix	CIS Debian Linux 10 v2.0.0 L1 Workstation
1.2.2 Ensure filesystem integrity is regularly checked	Unix	CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server
1.2.2 Ensure filesystem integrity is regularly checked	Unix	CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation
1.2.18 Ensure that the --audit-log-path argument is set	OpenShift	CIS Red Hat OpenShift Container Platform v1.8.0 L1 OpenShift
1.10.6 Ensure 'logging with timestamps' is enabled	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.7 Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.8 Ensure 'logging buffered severity level' is greater than or equal to '3'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.9 Ensure 'logging trap severity level' is greater than or equal to '5'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.13 UBTU-24-100400	Unix	CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.14 UBTU-24-100410	Unix	CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.20 RHEL-09-212055	Unix	CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT III
1.119 UBTU-22-653010	Unix	CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.120 UBTU-22-653015	Unix	CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.184 OL08-00-020240	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.222 OL08-00-030130	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.223 OL08-00-030140	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.224 OL08-00-030150	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.225 OL08-00-030160	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.226 OL08-00-030170	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.227 OL08-00-030171	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.228 OL08-00-030172	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.229 OL08-00-030180	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.230 OL08-00-030181	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.231 OL08-00-030190	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.232 OL08-00-030200	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.233 OL08-00-030250	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.234 OL08-00-030260	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II
1.235 OL08-00-030280	Unix	CIS Oracle Linux 8 STIG v1.0.0 CAT II

Detections

Analytics