800-53|AU-7

Title

AUDIT REDUCTION AND REPORT GENERATION

Description

The information system provides an audit reduction and report generation capability that:

Supplemental

Audit reduction is a process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts. Audit reduction and report generation capabilities do not always emanate from the same information system or from the same organizational entities conducting auditing activities. Audit reduction capability can include, for example, modern data mining techniques with advanced data filters to identify anomalous behavior in audit records. The report generation capability provided by the information system can generate customizable reports. Time ordering of audit records can be a significant issue if the granularity of the timestamp in the record is insufficient.

Reference Item Details

Related: AU-6

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P2

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
17.2.2 Ensure 'Audit Security Group Management' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
17.2.2 Ensure 'Audit Security Group Management' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
17.2.2 Ensure 'Audit Security Group Management' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
17.2.2 Ensure 'Audit Security Group Management' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
17.2.2 Ensure 'Audit Security Group Management' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
17.2.2 Ensure 'Audit Security Group Management' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
17.2.2 Ensure 'Audit Security Group Management' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
17.2.2 Ensure 'Audit Security Group Management' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
17.2.3 Ensure 'Audit User Account Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
17.2.3 Ensure 'Audit User Account Management' is set to 'Success and Failure'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
17.2.3 Ensure 'Audit User Account Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
17.2.3 Ensure 'Audit User Account Management' is set to 'Success and Failure'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
17.2.3 Ensure 'Audit User Account Management' is set to 'Success and Failure'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
17.2.3 Ensure 'Audit User Account Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
17.2.3 Ensure 'Audit User Account Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
17.2.3 Ensure 'Audit User Account Management' is set to 'Success and Failure'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
17.3.1 Ensure 'Audit PNP Activity' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
17.3.1 Ensure 'Audit PNP Activity' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
17.3.1 Ensure 'Audit PNP Activity' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
17.3.1 Ensure 'Audit PNP Activity' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
17.3.1 Ensure 'Audit PNP Activity' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
17.3.1 Ensure 'Audit PNP Activity' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
17.3.1 Ensure 'Audit PNP Activity' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
17.3.1 Ensure 'Audit PNP Activity' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
17.3.2 Ensure 'Audit Process Creation' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
17.3.2 Ensure 'Audit Process Creation' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
17.3.2 Ensure 'Audit Process Creation' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
17.3.2 Ensure 'Audit Process Creation' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
17.3.2 Ensure 'Audit Process Creation' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
17.3.2 Ensure 'Audit Process Creation' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
17.3.2 Ensure 'Audit Process Creation' is set to include 'Success'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
17.3.2 Ensure 'Audit Process Creation' is set to include 'Success'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
17.5.1 Ensure 'Audit Account Lockout' is set to include 'Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
17.5.1 Ensure 'Audit Account Lockout' is set to include 'Failure'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL