Theme

800-53|AU-7(1)

Title

AUTOMATIC PROCESSING

Description

The information system provides the capability to process audit records for events of interest based on [Assignment: organization-defined audit fields within audit records].

Supplemental

Events of interest can be identified by the content of specific audit record fields including, for example, identities of individuals, event types, event locations, event times, event dates, system resources involved, IP addresses involved, or information objects accessed. Organizations may define audit event criteria to any degree of granularity required, for example, locations selectable by general networking location (e.g., by network or subnetwork) or selectable by specific information system component.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AU-12,AU-2

Category: AUDIT AND ACCOUNTABILITY

Parent Title: AUDIT REDUCTION AND REPORT GENERATION

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
2.1 Ensure That Cloud Audit Logging Is Configured Properly Across All Services and All Users From a Project - allServices	GCP	CIS Google Cloud Platform v1.3.0 L1
2.1 Ensure That Cloud Audit Logging Is Configured Properly Across All Services and All Users From a Project - exemptedMembers	GCP	CIS Google Cloud Platform v1.3.0 L1
2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC Networks - dns policies	GCP	CIS Google Cloud Platform v1.3.0 L1
2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC Networks - vpc networks	GCP	CIS Google Cloud Platform v1.3.0 L1
3.2 Ensure CloudTrail log file validation is enabled	amazon_aws	CIS Amazon Web Services Foundations L2 1.5.0
3.7 Ensure proxies pass source IP information	Unix	CIS NGINX Benchmark v2.0.0 L1 Loadbalancer
3.7 Ensure proxies pass source IP information	Unix	CIS NGINX Benchmark v2.0.0 L1 Proxy
3.7 Ensure proxies pass source IP information - X-Real-IP	Unix	CIS NGINX Benchmark v2.0.0 L1 Proxy
3.7 Ensure proxies pass source IP information - X-Real-IP	Unix	CIS NGINX Benchmark v2.0.0 L1 Loadbalancer
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'alarm exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'metric filter exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'subscription exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'alarm exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'metric filter exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'subscription exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'alarm exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'metric filter exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'subscription exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.4 Ensure a log metric filter and alarm exist for IAM policy changes - 'alarm exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.4 Ensure a log metric filter and alarm exist for IAM policy changes - 'metric filter exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.4 Ensure a log metric filter and alarm exist for IAM policy changes - 'subscription exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes - 'alarm exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes - 'metric filter exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes - 'subscription exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures - 'alarm exists'	amazon_aws	CIS Amazon Web Services Foundations L2 1.5.0
4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures - 'metric filter exists'	amazon_aws	CIS Amazon Web Services Foundations L2 1.5.0
4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures - 'subscription exists'	amazon_aws	CIS Amazon Web Services Foundations L2 1.5.0
4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs - 'alarm exists'	amazon_aws	CIS Amazon Web Services Foundations L2 1.5.0
4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs - 'metric filter exists'	amazon_aws	CIS Amazon Web Services Foundations L2 1.5.0
4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs - 'subscription exists'	amazon_aws	CIS Amazon Web Services Foundations L2 1.5.0
4.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes - 'alarm exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes - 'metric filter exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.10 Ensure a log metric filter and alarm exist for security group changes - 'alarm exists'	amazon_aws	CIS Amazon Web Services Foundations L2 1.5.0
4.10 Ensure a log metric filter and alarm exist for security group changes - 'metric filter exists'	amazon_aws	CIS Amazon Web Services Foundations L2 1.5.0
4.10 Ensure a log metric filter and alarm exist for security group changes - 'subscription exists'	amazon_aws	CIS Amazon Web Services Foundations L2 1.5.0
4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - 'alarm exists'	amazon_aws	CIS Amazon Web Services Foundations L2 1.5.0
4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - 'metric filter exists'	amazon_aws	CIS Amazon Web Services Foundations L2 1.5.0
4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - 'subscription exists'	amazon_aws	CIS Amazon Web Services Foundations L2 1.5.0
4.12 Ensure a log metric filter and alarm exist for changes to network gateways - 'alarm exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.12 Ensure a log metric filter and alarm exist for changes to network gateways - 'metric filter exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.12 Ensure a log metric filter and alarm exist for changes to network gateways - 'subscription exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.13 Ensure a log metric filter and alarm exist for route table changes - 'alarm exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.13 Ensure a log metric filter and alarm exist for route table changes - 'metric filter exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.13 Ensure a log metric filter and alarm exist for route table changes - 'subscription exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.14 Ensure a log metric filter and alarm exist for VPC changes - 'alarm exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.14 Ensure a log metric filter and alarm exist for VPC changes - 'metric filter exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.14 Ensure a log metric filter and alarm exist for VPC changes - 'subscription exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes - 'alarm exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes - 'metric filter exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0
4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes - 'subscription exists'	amazon_aws	CIS Amazon Web Services Foundations L1 1.5.0