800-53|AU-3(2)

Title

CENTRALIZED MANAGEMENT OF PLANNED AUDIT RECORD CONTENT

Description

The information system provides centralized management and configuration of the content to be captured in audit records generated by [Assignment: organization-defined information system components].

Supplemental

This control enhancement requires that the content to be captured in audit records be configured from a central location (necessitating automation). Organizations coordinate the selection of required audit content to support the centralized management and configuration capability provided by the information system.

Reference Item Details

Related: AU-6,AU-7

Category: AUDIT AND ACCOUNTABILITY

Parent Title: CONTENT OF AUDIT RECORDS

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 12 L1 v4.0.0
AS24-W1-000700 - An Apache web server that is part of a web server cluster must route all remote management through a centrally managed access control point - mod_proxyWindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000700 - An Apache web server that is part of a web server cluster must route all remote management through a centrally managed access control point - ProxyPassWindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000560 - The Apache web server must be configured to provide clustering - mod_proxyWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000560 - The Apache web server must be configured to provide clustering - ProxyPassWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
CNTR-K8-000700 - Kubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event.UnixDISA STIG Kubernetes v1r11
DB2X-00-007300 - DB2 must utilize centralized management of the content captured in audit records generated by all components of DB2.WindowsDISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-007300 - DB2 must utilize centralized management of the content captured in audit records generated by all components of DB2.UnixDISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
EP11-00-007700 - The EDB Postgres Advanced Server must utilize centralized management of the content captured in audit records generated by all components of the EDB Postgres Advanced Server.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r2
EP11-00-007800 - The EDB Postgres Advanced Server must provide centralized configuration of the content to be captured in audit records generated by all components of the EDB Postgres Advanced Server.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r2
GEN002870 - The system must be configured to send audit records to a remote audit server - '/boot/grub/grub.conf audit=1'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/audisp/plugins.d/syslog.conf active=yes'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/rsyslog.conf contains *.* @<server>'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/security/audit/config streammode=on'UnixDISA STIG AIX 5.3 v1r2
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/security/audit/config streammode=on'UnixDISA STIG AIX 6.1 v1r14
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/security/audit/streamcmds is configured'UnixDISA STIG AIX 6.1 v1r14
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/security/audit/streamcmds is configured'UnixDISA STIG AIX 5.3 v1r2
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/syslog.conf contains *.* @<server>'UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/syslog.conf has been configured'UnixDISA STIG AIX 6.1 v1r14
GEN002870 - The system must be configured to send audit records to a remote audit server - '/etc/syslog.conf has been configured'UnixDISA STIG AIX 5.3 v1r2
GEN002870 - The system must be configured to send audit/system records to a remote audit server - '/boot/grub/grub.conf audit=1'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002870 - The system must be configured to send audit/system records to a remote audit server - '/etc/audisp/plugins.d/syslog.conf active=yes'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002870 - The system must be configured to send audit/system records to a remote audit server - 'contains *.* @<server>'UnixDISA STIG for Oracle Linux 5 v2r1
GEN005450 - The system must use a remote syslog server (log host).UnixDISA STIG AIX 6.1 v1r14
GEN005450 - The system must use a remote syslog server (log host).UnixDISA STIG AIX 5.3 v1r2
GEN005450 - The system must use a remote syslog server (loghost) - rsyslog.confUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN005450 - The system must use a remote syslog server (loghost) - rsyslog.confUnixDISA STIG for Oracle Linux 5 v2r1
GEN005450 - The system must use a remote syslog server (loghost) - syslog.confUnixDISA STIG for Oracle Linux 5 v2r1
GEN005450 - The system must use a remote syslog server (loghost) - syslog.confUnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
JUSX-AG-000057 - The Juniper SRX Services Gateway Firewall must be configured to support centralized management and configuration of the audit log.JuniperDISA Juniper SRX Services Gateway ALG v2r1
MADB-10-007100 - MariaDB must utilize centralized management of the content captured in audit records generated by all components of the DBMS.MySQLDBDISA MariaDB Enterprise 10.x v1r2 DB
MADB-10-007200 - MariaDB must provide centralized configuration of the content to be captured in audit records generated by all components of the DBMS.MySQLDBDISA MariaDB Enterprise 10.x v1r2 DB
MD3X-00-000040 - MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r1 OS
MD3X-00-000600 - MongoDB must utilize centralized management of the content captured in audit records generated by all components of MongoDB.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r1 OS
MD4X-00-000100 - MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r2 OS
MD4X-00-004800 - MongoDB must utilize centralized management of the content captured in audit records generated by all components of MongoDB.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r2 OS
MYS8-00-009400 - The MySQL Database Server 8.0 must utilize centralized management of the content captured in audit records generated by all components of the MySQL Database Server 8.0.MySQLDBDISA Oracle MySQL 8.0 v1r4 DB
MYS8-00-009500 - The MySQL Database Server 8.0 must provide centralized configuration of the content to be captured in audit records generated by all components of the MySQL Database Server 8.0.MySQLDBDISA Oracle MySQL 8.0 v1r4 DB
PGS9-00-003800 - PostgreSQL must utilize centralized management of the content captured in audit records generated by all components of PostgreSQL - log_destinationPostgreSQLDBDISA STIG PostgreSQL 9.x on RHEL DB v2r3
PGS9-00-003800 - PostgreSQL must utilize centralized management of the content captured in audit records generated by all components of PostgreSQL - syslog_facilityPostgreSQLDBDISA STIG PostgreSQL 9.x on RHEL DB v2r3
PPS9-00-007700 - The EDB Postgres Advanced Server must utilize centralized management of the content captured in audit records generated by all components of the EDB Postgres Advanced Server.PostgreSQLDBEDB PostgreSQL Advanced Server DB Audit v2r2
PPS9-00-007800 - The EDB Postgres Advanced Server must provide centralized configuration of the content to be captured in audit records generated by all components of the EDB Postgres Advanced Server.PostgreSQLDBEDB PostgreSQL Advanced Server DB Audit v2r2
SQL4-00-032800 - SQL Server must utilize centralized management of the content captured in audit records generated by all components of the DBMS.MS_SQLDBDISA STIG SQL Server 2014 Instance DB Audit v2r3
SQL6-D0-010700 - SQL Server must utilize centralized management of the content captured in audit records generated by all components of SQL Server.MS_SQLDBDISA STIG SQL Server 2016 Instance DB Audit v2r10
SQL6-D0-010800 - SQL Server must provide centralized configuration of the content to be captured in audit records generated by all components of SQL Server.MS_SQLDBDISA STIG SQL Server 2016 Instance DB Audit v2r10
VCPG-67-000020 - VMware Postgres must have log collection enabled.UnixDISA STIG VMware vSphere 6.7 PostgreSQL v1r2
VCPG-70-000017 - VMware Postgres must have log collection enabled.UnixDISA STIG VMware vSphere 7.0 PostgreSQL v1r2