800-53|AU-6(1)

Title

PROCESS INTEGRATION

Description

The organization employs automated mechanisms to integrate audit review, analysis, and reporting processes to support organizational processes for investigation and response to suspicious activities.

Supplemental

Organizational processes benefiting from integrated audit review, analysis, and reporting include, for example, incident response, continuous monitoring, contingency planning, and Inspector General audits.

Reference Item Details

Related: AU-12,PM-7

Category: AUDIT AND ACCOUNTABILITY

Parent Title: AUDIT REVIEW, ANALYSIS, AND REPORTING

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 17 L1 v1.0.0
2.2.4 Set IP address for 'logging host'CiscoCIS Cisco IOS 16 L1 v1.1.2
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 12.0 Monterey v1.1.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 11 v2.1.0 L1
2.5.2.1 Ensure Firewall Is EnabledUnixCIS Apple macOS 10.15 v2.1.0 L1
2.5.2.2 Ensure Firewall Is EnabledUnixCIS Apple macOS 10.14 v2.0.0 L1
2.12.8 - Miscellaneous Config - enable sar accounting - 'activity reports are generated every 20 minutes or less on weekday 8a-5p'UnixCIS AIX 5.3/6.1 L2 v1.1.0
2.12.8 - Miscellaneous Config - enable sar accounting - 'activity reports are generated hourly on weekday 6p-7a'UnixCIS AIX 5.3/6.1 L2 v1.1.0
2.12.8 - Miscellaneous Config - enable sar accounting - 'activity reports are generated hourly on weekends'UnixCIS AIX 5.3/6.1 L2 v1.1.0
2.12.8 - Miscellaneous Config - enable sar accounting - 'daily summaries are being prepared'UnixCIS AIX 5.3/6.1 L2 v1.1.0
3.2 Ensure CloudTrail log file validation is enabledamazon_awsCIS Amazon Web Services Foundations L2 1.4.0
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.4 Ensure a log metric filter and alarm exist for IAM policy changes - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.4 Ensure a log metric filter and alarm exist for IAM policy changes - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.4 Ensure a log metric filter and alarm exist for IAM policy changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
4.10 Ensure a log metric filter and alarm exist for security group changes - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
4.10 Ensure a log metric filter and alarm exist for security group changes - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
4.10 Ensure a log metric filter and alarm exist for security group changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
4.12 Ensure a log metric filter and alarm exist for changes to network gateways - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.12 Ensure a log metric filter and alarm exist for changes to network gateways - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.12 Ensure a log metric filter and alarm exist for changes to network gateways - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.13 Ensure a log metric filter and alarm exist for route table changes - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.13 Ensure a log metric filter and alarm exist for route table changes - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.13 Ensure a log metric filter and alarm exist for route table changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.14 Ensure a log metric filter and alarm exist for VPC changes - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.14 Ensure a log metric filter and alarm exist for VPC changes - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.14 Ensure a log metric filter and alarm exist for VPC changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0
4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.4.0