800-53|AU-7

Title

AUDIT REDUCTION AND REPORT GENERATION

Description

The information system provides an audit reduction and report generation capability that:

Supplemental

Audit reduction is a process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts. Audit reduction and report generation capabilities do not always emanate from the same information system or from the same organizational entities conducting auditing activities. Audit reduction capability can include, for example, modern data mining techniques with advanced data filters to identify anomalous behavior in audit records. The report generation capability provided by the information system can generate customizable reports. Time ordering of audit records can be a significant issue if the granularity of the timestamp in the record is insufficient.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AU-6

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P2

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.3 Ensure auditing is configured for the Docker daemon	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.3 Ensure auditing is configured for the Docker daemon	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerd	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.4 Ensure auditing is configured for Docker files and directories - /run/containerd	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/docker	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.5 Ensure auditing is configured for Docker files and directories - /var/lib/docker	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/docker	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.6 Ensure auditing is configured for Docker files and directories - /etc/docker	Unix	CIS Docker v1.6.0 L1 Docker Linux
1.1.7 Ensure auditing is configured for Docker files and directories - docker.service	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.8 Ensure auditing is configured for Docker files and directories - containerd.sock	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.8 Set 'aaa accounting exec'	Cisco	CIS Cisco IOS 17 L2 v2.0.0
1.1.8 Set 'aaa accounting exec' - aaa accounting exec	Cisco	CIS Cisco IOS 16 L2 v2.0.0
1.1.9 Ensure auditing is configured for Docker files and directories - docker.sock	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.9 Set 'aaa accounting exec'	Cisco	CIS Cisco IOS 15 L2 v4.1.1
1.1.9 Set 'aaa accounting network'	Cisco	CIS Cisco IOS 17 L2 v2.0.0
1.1.9 Set 'aaa accounting network' - aaa accounting network	Cisco	CIS Cisco IOS 16 L2 v2.0.0
1.1.10 Ensure auditing is configured for Docker files and directories - /etc/default/docker	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.10 Set 'aaa accounting network'	Cisco	CIS Cisco IOS 15 L2 v4.1.1
1.1.10 Set 'aaa accounting system'	Cisco	CIS Cisco IOS 17 L2 v2.0.0
1.1.10 Set 'aaa accounting system' - aaa accounting system	Cisco	CIS Cisco IOS 16 L2 v2.0.0
1.1.11 Ensure auditing is configured for Docker files and directories - /etc/docker/daemon.json	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.11 Set 'aaa accounting system'	Cisco	CIS Cisco IOS 15 L2 v4.1.1
1.1.12 Ensure auditing is configured for Docker files and directories - /etc/containerd/config.toml	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.13 Ensure auditing is configured for Docker files and directories - /etc/sysconfig/docker	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.14 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.16 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v1	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.1.18 Ensure auditing is configured for Docker files and directories - /usr/bin/runc	Unix	CIS Docker v1.6.0 L2 Docker Linux
1.2.1 Ensure dm-verity is enabled	Unix	CIS Google Container-Optimized OS L1 Server v1.1.0
1.2.2 Ensure filesystem integrity is regularly checked	Unix	CIS Debian 10 Workstation L1 v2.0.0
1.2.2 Ensure filesystem integrity is regularly checked	Unix	CIS Debian 10 Server L1 v2.0.0
1.2.2 Ensure filesystem integrity is regularly checked	Unix	CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1
1.2.2 Ensure filesystem integrity is regularly checked	Unix	CIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1
1.2.17 Ensure that the --audit-log-path argument is set	Unix	CIS Kubernetes Benchmark v1.8.0 L1 Master
1.2.18 Ensure that the --audit-log-path argument is set	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.18 Ensure that the --audit-log-path argument is set	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.20 Ensure that the --audit-log-path argument is set	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.2.21 Ensure that the --audit-log-path argument is set	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.3.2 Ensure filesystem integrity is regularly checked	Unix	CIS Ubuntu Linux 22.04 LTS Workstation L1 v1.0.0
1.3.2 Ensure filesystem integrity is regularly checked	Unix	CIS Ubuntu Linux 22.04 LTS Server L1 v1.0.0
1.3.2 Ensure filesystem integrity is regularly checked	Unix	CIS Debian Linux 11 Workstation L1 v1.0.0
1.3.2 Ensure filesystem integrity is regularly checked	Unix	CIS Debian Linux 11 Server L1 v1.0.0
1.3.3 Ensure sudo log file exists	Unix	CIS SUSE Linux Enterprise Workstation 12 L1 v3.1.0
1.3.3 Ensure sudo log file exists	Unix	CIS SUSE Linux Enterprise Server 12 L1 v3.1.0
1.3.3 Ensure sudo log file exists	Unix	CIS SUSE Linux Enterprise 15 Server L1 v1.1.1
1.3.3 Ensure sudo log file exists	Unix	CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.4 Ensure 'Allow queries to a Google time service' is set to 'Enabled'	Windows	CIS Google Chrome L1 v3.0.0
1.40 Ensure 'Allow queries to a Browser Network Time service' is set to 'Enabled'	Windows	CIS Microsoft Edge L1 v2.0.0

Detections

Analytics