800-53|AU-7

Title

AUDIT REDUCTION AND REPORT GENERATION

Description

The information system provides an audit reduction and report generation capability that:

Supplemental

Audit reduction is a process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts. Audit reduction and report generation capabilities do not always emanate from the same information system or from the same organizational entities conducting auditing activities. Audit reduction capability can include, for example, modern data mining techniques with advanced data filters to identify anomalous behavior in audit records. The report generation capability provided by the information system can generate customizable reports. Time ordering of audit records can be a significant issue if the granularity of the timestamp in the record is insufficient.

Reference Item Details

Related: AU-6

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P2

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3 Ensure auditing is configured for the Docker daemonUnixCIS Docker v1.6.0 L1 Docker Linux
1.1.3 Ensure auditing is configured for the Docker daemonUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerdUnixCIS Docker v1.6.0 L1 Docker Linux
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerdUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/dockerUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/dockerUnixCIS Docker v1.6.0 L1 Docker Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/dockerUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/dockerUnixCIS Docker v1.6.0 L1 Docker Linux
1.1.7 Ensure auditing is configured for Docker files and directories - docker.serviceUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sockUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.8 Set 'aaa accounting exec'CiscoCIS Cisco IOS 17 L2 v2.0.0
1.1.8 Set 'aaa accounting exec' - aaa accounting execCiscoCIS Cisco IOS 16 L2 v2.0.0
1.1.9 Ensure auditing is configured for Docker files and directories - docker.sockUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.9 Set 'aaa accounting exec'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.1.9 Set 'aaa accounting network'CiscoCIS Cisco IOS 17 L2 v2.0.0
1.1.9 Set 'aaa accounting network' - aaa accounting networkCiscoCIS Cisco IOS 16 L2 v2.0.0
1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/dockerUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.10 Set 'aaa accounting network'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.1.10 Set 'aaa accounting system'CiscoCIS Cisco IOS 17 L2 v2.0.0
1.1.10 Set 'aaa accounting system' - aaa accounting systemCiscoCIS Cisco IOS 16 L2 v2.0.0
1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.jsonUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.11 Set 'aaa accounting system'CiscoCIS Cisco IOS 15 L2 v4.1.1
1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.tomlUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/dockerUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerdUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shimUnixCIS Docker v1.6.0 L2 Docker Linux
1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1UnixCIS Docker v1.6.0 L2 Docker Linux
1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2UnixCIS Docker v1.6.0 L2 Docker Linux
1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runcUnixCIS Docker v1.6.0 L2 Docker Linux
1.2.1 Ensure dm-verity is enabledUnixCIS Google Container-Optimized OS L1 Server v1.1.0
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Debian 10 Workstation L1 v2.0.0
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Debian 10 Server L1 v2.0.0
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1
1.2.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1
1.2.17 Ensure that the --audit-log-path argument is setUnixCIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.18 Ensure that the --audit-log-path argument is setUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.18 Ensure that the --audit-log-path argument is setUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.20 Ensure that the --audit-log-path argument is setOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.21 Ensure that the --audit-log-path argument is setUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 22.04 LTS Workstation L1 v1.0.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 22.04 LTS Server L1 v1.0.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Debian Linux 11 Workstation L1 v1.0.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Debian Linux 11 Server L1 v1.0.0
1.3.3 Ensure sudo log file existsUnixCIS SUSE Linux Enterprise Workstation 12 L1 v3.1.0
1.3.3 Ensure sudo log file existsUnixCIS SUSE Linux Enterprise 15 Server L1 v1.1.1
1.3.3 Ensure sudo log file existsUnixCIS SUSE Linux Enterprise Server 12 L1 v3.1.0
1.3.3 Ensure sudo log file existsUnixCIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.4 Ensure 'Allow queries to a Google time service' is set to 'Enabled'WindowsCIS Google Chrome L1 v2.1.0
1.40 Ensure 'Allow queries to a Browser Network Time service' is set to 'Enabled'WindowsCIS Microsoft Edge L1 v2.0.0