800-53|AU-3(1)

Title

ADDITIONAL AUDIT INFORMATION

Description

The information system generates audit records containing the following additional information: [Assignment: organization-defined additional, more detailed information].

Supplemental

Detailed information that organizations may consider in audit records includes, for example, full text recording of privileged commands or the individual identities of group account users. Organizations consider limiting the additional audit information to only that information explicitly needed for specific audit requirements. This facilitates the use of audit trails and audit logs by not including information that could potentially be misleading or could make it more difficult to locate information of interest.

Reference Item Details

Category: AUDIT AND ACCOUNTABILITY

Parent Title: CONTENT OF AUDIT RECORDS

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerdUnixCIS Docker v1.3.1 L2 Linux Host OS
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/dockerUnixCIS Docker v1.3.1 L2 Linux Host OS
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/dockerUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.7 Ensure auditing is configured for Docker files and directories - docker.serviceUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sockUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.9 Ensure auditing is configured for Docker files and directories - docker.socketUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/dockerUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.jsonUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.tomlUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/dockerUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerdUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shimUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1UnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2UnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runcUnixCIS Docker v1.3.1 L1 Linux Host OS
1.2.1 Ensure dm-verity is enabledUnixCIS Google Container-Optimized OS L1 Server v1.0.0
1.3.3 Ensure sudo log file existsUnixCIS Oracle Linux 8 Workstation L1 v1.0.1
1.3.3 Ensure sudo log file existsUnixCIS Oracle Linux 8 Server L1 v1.0.1
1.3.3 Ensure sudo log file existsUnixCIS SUSE Linux Enterprise 15 Server L1 v1.1.1
1.3.3 Ensure sudo log file existsUnixCIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L1 MS
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2019 MS L1 v1.3.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2019 DC L1 v1.3.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L1 DC
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Windows Server 2012 R2 MS L1 v2.5.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Windows Server 2012 R2 DC L1 v2.5.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
17.1.2 Ensure 'Audit Kerberos Authentication Service' is set to 'Success and Failure' (DC Only)WindowsCIS Microsoft Windows Server 2022 v1.0.0 L1 DC
17.1.2 Ensure 'Audit Kerberos Authentication Service' is set to 'Success and Failure' (DC Only)WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0