800-53|AU-3(2)

Title

CENTRALIZED MANAGEMENT OF PLANNED AUDIT RECORD CONTENT

Description

The information system provides centralized management and configuration of the content to be captured in audit records generated by [Assignment: organization-defined information system components].

Supplemental

This control enhancement requires that the content to be captured in audit records be configured from a central location (necessitating automation). Organizations coordinate the selection of required audit content to support the centralized management and configuration capability provided by the information system.

Reference Item Details

Related: AU-6,AU-7

Category: AUDIT AND ACCOUNTABILITY

Parent Title: CONTENT OF AUDIT RECORDS

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 12 L1 v4.0.0
AS24-W1-000700 - An Apache web server that is part of a web server cluster must route all remote management through a centrally managed access control point - mod_proxyWindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W1-000700 - An Apache web server that is part of a web server cluster must route all remote management through a centrally managed access control point - ProxyPassWindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W2-000560 - The Apache web server must be configured to provide clustering - mod_proxyWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000560 - The Apache web server must be configured to provide clustering - ProxyPassWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
DB2X-00-007300 - DB2 must utilize centralized management of the content captured in audit records generated by all components of DB2.UnixDISA STIG IBM DB2 v10.5 LUW v1r4 OS Linux
DB2X-00-007300 - DB2 must utilize centralized management of the content captured in audit records generated by all components of DB2.WindowsDISA STIG IBM DB2 v10.5 LUW v1r4 OS Windows
FNFG-FW-000100 - The FortiGate firewall must send traffic log entries to a central audit server for management and configuration of the traffic log entries. - fortianalyzer statusFortiGateDISA Fortigate Firewall STIG v1r1
FNFG-FW-000100 - The FortiGate firewall must send traffic log entries to a central audit server for management and configuration of the traffic log entries. - syslogd statusFortiGateDISA Fortigate Firewall STIG v1r1
GEN002870 - The system must be configured to send audit records to a remote audit server - '/boot/grub/grub.conf audit=1'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/audisp/plugins.d/syslog.conf active=yes'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/rsyslog.conf contains *.* @<server>'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/security/audit/config streammode=on'UnixDISA STIG AIX 5.3 v1r2
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/security/audit/config streammode=on'UnixDISA STIG AIX 6.1 v1r14
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/security/audit/streamcmds is configured'UnixDISA STIG AIX 5.3 v1r2
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/security/audit/streamcmds is configured'UnixDISA STIG AIX 6.1 v1r14
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/syslog.conf contains *.* @<server>'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/syslog.conf has been configured'UnixDISA STIG AIX 5.3 v1r2
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/syslog.conf has been configured'UnixDISA STIG AIX 6.1 v1r14
GEN002870 - The system must be configured to send audit/system records to a remote audit server - '/boot/grub/grub.conf audit=1'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002870 - The system must be configured to send audit/system records to a remote audit server - '/etc/audisp/plugins.d/syslog.conf active=yes'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002870 - The system must be configured to send audit/system records to a remote audit server - 'contains *.* @<server>'UnixDISA STIG for Oracle Linux 5 v2r1
GEN005450 - The system must use a remote syslog server (log host).UnixDISA STIG AIX 5.3 v1r2
GEN005450 - The system must use a remote syslog server (log host).UnixDISA STIG AIX 6.1 v1r14
GEN005450 - The system must use a remote syslog server (loghost) - rsyslog.confUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN005450 - The system must use a remote syslog server (loghost) - rsyslog.confUnixDISA STIG for Oracle Linux 5 v2r1
GEN005450 - The system must use a remote syslog server (loghost) - syslog.confUnixDISA STIG for Oracle Linux 5 v2r1
GEN005450 - The system must use a remote syslog server (loghost) - syslog.confUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
MD3X-00-000040 - MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r1 OS
MD3X-00-000600 - MongoDB must utilize centralized management of the content captured in audit records generated by all components of MongoDB.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r1 OS
MD4X-00-000100 - MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r1 OS
MD4X-00-004800 - MongoDB must utilize centralized management of the content captured in audit records generated by all components of MongoDB.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r1 OS
VCPG-67-000020 - VMware Postgres must have log collection enabled.UnixDISA STIG VMware vSphere 6.7 PostgreSQL v1r1