800-53|AU-3(1)

Title

ADDITIONAL AUDIT INFORMATION

Description

The information system generates audit records containing the following additional information: [Assignment: organization-defined additional, more detailed information].

Supplemental

Detailed information that organizations may consider in audit records includes, for example, full text recording of privileged commands or the individual identities of group account users. Organizations consider limiting the additional audit information to only that information explicitly needed for specific audit requirements. This facilitates the use of audit trails and audit logs by not including information that could potentially be misleading or could make it more difficult to locate information of interest.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: AUDIT AND ACCOUNTABILITY

Parent Title: CONTENT OF AUDIT RECORDS

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerd	Unix	CIS Docker v1.8.0 L1 OS Linux
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/docker	Unix	CIS Docker v1.8.0 L1 OS Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/docker	Unix	CIS Docker v1.8.0 L1 OS Linux
1.1.6 Set 'aaa accounting' to log all privileged use commands using 'commands 15'	Cisco	CIS Cisco IOS XE 17.x v2.2.1 L1
1.1.7 Ensure auditing is configured for Docker files and directories - docker.service	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sock	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.8 Set 'aaa accounting exec'	Cisco	CIS Cisco IOS XE 17.x v2.2.1 L1
1.1.9 Ensure auditing is configured for Docker files and directories - docker.sock	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.9 Set 'aaa accounting network'	Cisco	CIS Cisco IOS XE 17.x v2.2.1 L1
1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/docker	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.10 Set 'aaa accounting system'	Cisco	CIS Cisco IOS XE 17.x v2.2.1 L1
1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.toml	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2	Unix	CIS Docker v1.8.0 L2 OS Linux
1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runc	Unix	CIS Docker v1.8.0 L2 OS Linux
1.10 PHTN-40-000019	Unix	CIS VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v1.0.0 CAT II
1.10.6 Ensure 'logging with timestamps' is enabled	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.7 Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.8 Ensure 'logging buffered severity level' is greater than or equal to '3'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.9 Ensure 'logging trap severity level' is greater than or equal to '5'	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11 CISC-ND-000330	Cisco	CIS Cisco NX OS Switch NDM STIG v1.0.0 CAT II
1.11 O19C-00-005600	OracleDB	CIS Oracle Database 19c STIG v1.1.0 CAT II OracleDB
1.11.2 Configure syslog-client to log using TLS	ArubaOS	CIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations
1.12 CISC-ND-000330	Cisco	CIS Cisco IOS XE Switch NDM STIG v1.1.0 CAT II
1.12.2 Ensure 'Configure whether to report Dynamic Signature dropped events' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation
1.12.2 Ensure 'Configure whether to report Dynamic Signature dropped events' is set to 'Enabled'	Windows	CIS Microsoft Defender Antivirus v1.0.0 L1 Server
1.13 CISC-ND-000330	Cisco	CIS Cisco IOS Switch NDM STIG v1.1.0 CAT II
1.100 AZLX-23-002145	Unix	CIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.101 AZLX-23-002150	Unix	CIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.102 AZLX-23-002155	Unix	CIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.103 WN16-CC-000100	Windows	CIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II
1.103 WN16-CC-000100	Windows	CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II
1.103 WN19-CC-000090	Windows	CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II
1.103 WN19-CC-000090	Windows	CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II
1.103 WN22-CC-000090	Windows	CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II
1.103 WN22-CC-000090	Windows	CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II
1.104 AZLX-23-002165	Unix	CIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.108 SLES-15-030050	Unix	CIS SUSE Linux Enterprise Server 15 STIG v1.0.0 CAT II
1.111 AZLX-23-002205	Unix	CIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.112 AZLX-23-002210	Unix	CIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.116 WN10-CC-000066	Windows	CIS Microsoft Windows 10 STIG v1.0.0 CAT II
1.119 AZLX-23-002245	Unix	CIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.119 UBTU-22-653010	Unix	CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.120 AZLX-23-002250	Unix	CIS Amazon Linux 2023 STIG v1.0.0 CAT II
1.120 UBTU-22-653015	Unix	CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.121 AZLX-23-002255	Unix	CIS Amazon Linux 2023 STIG v1.0.0 CAT II

Detections

Analytics