Detections
Analytics

800-53|AU-7(1)

Title

AUTOMATIC PROCESSING

Description

The information system provides the capability to process audit records for events of interest based on [Assignment: organization-defined audit fields within audit records].

Supplemental

Events of interest can be identified by the content of specific audit record fields including, for example, identities of individuals, event types, event locations, event times, event dates, system resources involved, IP addresses involved, or information objects accessed. Organizations may define audit event criteria to any degree of granularity required, for example, locations selectable by general networking location (e.g., by network or subnetwork) or selectable by specific information system component.

Reference Item Details

Related: AU-12,AU-2

Category: AUDIT AND ACCOUNTABILITY

Parent Title: AUDIT REDUCTION AND REPORT GENERATION

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.13 UBTU-24-100400UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.14 UBTU-24-100410UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.119 UBTU-22-653010UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.120 UBTU-22-653015UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.139 APPL-14-005001UnixCIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT I
1.229 OL08-00-030180UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.230 OL08-00-030181UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.367 RHEL-09-653010UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.368 RHEL-09-653015UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
2.1 Ensure monitoring and alerting exist for ACCOUNTADMIN and SECURITYADMIN role grantsSnowflakeCIS Snowflake Foundations v1.0.0 L1
2.1 Ensure That Cloud Audit Logging Is Configured ProperlyGCPCIS Google Cloud Platform Foundation v4.0.0 L1
2.2 Ensure monitoring and alerting exist for MANAGE GRANTS privilege grantsSnowflakeCIS Snowflake Foundations v1.0.0 L1
2.3 Ensure monitoring and alerting exist for password sign-ins of SSO usersSnowflakeCIS Snowflake Foundations v1.0.0 L1
2.4 Ensure monitoring and alerting exist for password sign-in without MFASnowflakeCIS Snowflake Foundations v1.0.0 L1
2.5 Ensure monitoring and alerting exist for creation, update and deletion of security integrationsSnowflakeCIS Snowflake Foundations v1.0.0 L1
2.6 Ensure monitoring and alerting exist for changes to network policies and associated objectsSnowflakeCIS Snowflake Foundations v1.0.0 L1
2.7 Ensure monitoring and alerting exist for SCIM token creationSnowflakeCIS Snowflake Foundations v1.0.0 L1
2.8 Ensure monitoring and alerting exists for new share exposuresSnowflakeCIS Snowflake Foundations v1.0.0 L1
2.9 Ensure monitoring and alerting exists for sessions from unsupported Snowflake Connector for Python and JDBC and ODBC driversSnowflakeCIS Snowflake Foundations v1.0.0 L2
2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC NetworksGCPCIS Google Cloud Platform Foundation v4.0.0 L1
3.7 Ensure proxies pass source IP information - X-Real-IPUnixCIS NGINX Benchmark v2.1.0 L1 Loadbalancer
3.7 Ensure proxies pass source IP information - X-Real-IPUnixCIS NGINX Benchmark v2.1.0 L1 Proxy
4.2 Ensure CloudTrail log file validation is enabledamazon_awsCIS Amazon Web Services Foundations v6.0.0 L2
5.1 Ensure unauthorized API calls are monitoredamazon_awsCIS Amazon Web Services Foundations v6.0.0 L2
5.2 Ensure management console sign-in without MFA is monitoredamazon_awsCIS Amazon Web Services Foundations v6.0.0 L1
5.3 Ensure usage of the 'root' account is monitoredamazon_awsCIS Amazon Web Services Foundations v6.0.0 L1
5.4 Ensure IAM policy changes are monitoredamazon_awsCIS Amazon Web Services Foundations v6.0.0 L1
5.5 Ensure CloudTrail configuration changes are monitoredamazon_awsCIS Amazon Web Services Foundations v6.0.0 L1
5.6 Ensure AWS Management Console authentication failures are monitoredamazon_awsCIS Amazon Web Services Foundations v6.0.0 L2
5.7 Ensure disabling or scheduled deletion of customer created CMKs is monitoredamazon_awsCIS Amazon Web Services Foundations v6.0.0 L2
5.8 Ensure S3 bucket policy changes are monitoredamazon_awsCIS Amazon Web Services Foundations v6.0.0 L1
5.9 Ensure AWS Config configuration changes are monitoredamazon_awsCIS Amazon Web Services Foundations v6.0.0 L2
5.10 Ensure security group changes are monitoredamazon_awsCIS Amazon Web Services Foundations v6.0.0 L2
5.11 Ensure Network Access Control List (NACL) changes are monitoredamazon_awsCIS Amazon Web Services Foundations v6.0.0 L2
5.12 Ensure changes to network gateways are monitoredamazon_awsCIS Amazon Web Services Foundations v6.0.0 L1
5.13 Ensure route table changes are monitoredamazon_awsCIS Amazon Web Services Foundations v6.0.0 L1
5.14 Ensure VPC changes are monitoredamazon_awsCIS Amazon Web Services Foundations v6.0.0 L1
5.15 Ensure AWS Organizations changes are monitoredamazon_awsCIS Amazon Web Services Foundations v6.0.0 L1
ALMA-09-047100 - The audit package must be installed on AlmaLinux OS 9.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
ALMA-09-054910 - The auditd service must be enabled on AlmaLinux OS 9.UnixDISA CloudLinux AlmaLinux OS 9 STIG v1r4
AOSX-13-000240 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 11 v1r8
APPL-11-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 11 v1r5
APPL-12-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 13 v1r5
APPL-14-005001 - The macOS system must ensure System Integrity Protection is enabled.UnixDISA Apple macOS 14 Sonoma STIG v2r4
APPL-15-005001 - The macOS system must ensure System Integrity Protection is enabled.UnixDISA Apple macOS 15 Sequoia STIG v1r5
APPL-26-005001 - The macOS system must ensure System Integrity Protection (SIP) is enabled.UnixDISA Apple macOS 26 Tahoe STIG v1r1