800-53|AU-7(1)

Title

AUTOMATIC PROCESSING

Description

The information system provides the capability to process audit records for events of interest based on [Assignment: organization-defined audit fields within audit records].

Supplemental

Events of interest can be identified by the content of specific audit record fields including, for example, identities of individuals, event types, event locations, event times, event dates, system resources involved, IP addresses involved, or information objects accessed. Organizations may define audit event criteria to any degree of granularity required, for example, locations selectable by general networking location (e.g., by network or subnetwork) or selectable by specific information system component.

Reference Item Details

Related: AU-12,AU-2

Category: AUDIT AND ACCOUNTABILITY

Parent Title: AUDIT REDUCTION AND REPORT GENERATION

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
5.3 Ensure the Azure AD 'Risky sign-ins' report is reviewed at least weeklymicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
5.4 Ensure the Application Usage report is reviewed at least weeklymicrosoft_azureCIS Microsoft 365 Foundations E3 L2 v1.4.0
5.5 Ensure the self-service password reset activity report is reviewed at least weeklymicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
5.6 Ensure user role group changes are reviewed at least weeklymicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
5.7 Ensure mail forwarding rules are reviewed at least weeklymicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
5.8 Ensure the Mailbox Access by Non-Owners Report is reviewed at least biweeklymicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
5.9 Ensure the Malware Detections report is reviewed at least weeklymicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
5.10 Ensure the Account Provisioning Activity report is reviewed at least weeklymicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
5.11 Ensure non-global administrator role group assignments are reviewed at least weeklymicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
5.12 Ensure the spoofed domains report is review weeklymicrosoft_azureCIS Microsoft 365 Foundations E5 L1 v1.4.0
5.14 Ensure the report of users who have had their email privileges restricted due to spamming is reviewedmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v1.4.0
AOSX-13-000240 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.15 v1r8
APPL-11-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 11 v1r6
Big Sur - Audit Record Reduction and Report Generation - processingUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Audit Record Reduction and Report Generation - processingUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Audit Record Reduction and Report Generation - processingUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Audit Record Reduction and Report Generation - processingUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Audit Record Reduction and Report Generation - processingUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Audit Record Reduction and Report Generation - processingUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Audit Record Reduction and Report Generation - processingUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Audit Record Reduction and Report Generation - processingUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - All Profiles
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker pathsUnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r1
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker servicesUnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r1
Monterey - Audit Record Reduction and Report Generation - processingUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Audit Record Reduction and Report Generation - processingUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Audit Record Reduction and Report Generation - processingUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Audit Record Reduction and Report Generation - processingUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Ensure System Integrity Protection is EnabledUnixNIST macOS Monterey v1.0.0 - 800-171
Monterey - Ensure System Integrity Protection is EnabledUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate