800-53|AU-7(1)

Title

AUTOMATIC PROCESSING

Description

The information system provides the capability to process audit records for events of interest based on [Assignment: organization-defined audit fields within audit records].

Supplemental

Events of interest can be identified by the content of specific audit record fields including, for example, identities of individuals, event types, event locations, event times, event dates, system resources involved, IP addresses involved, or information objects accessed. Organizations may define audit event criteria to any degree of granularity required, for example, locations selectable by general networking location (e.g., by network or subnetwork) or selectable by specific information system component.

Reference Item Details

Related: AU-12,AU-2

Category: AUDIT AND ACCOUNTABILITY

Parent Title: AUDIT REDUCTION AND REPORT GENERATION

Family: AUDIT AND ACCOUNTABILITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.1 Ensure That Cloud Audit Logging Is Configured Properly Across All Services and All Users From a Project - allServicesGCPCIS Google Cloud Platform v1.3.0 L1
2.1 Ensure That Cloud Audit Logging Is Configured Properly Across All Services and All Users From a Project - exemptedMembersGCPCIS Google Cloud Platform v1.3.0 L1
2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC Networks - dns policiesGCPCIS Google Cloud Platform v1.3.0 L1
2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC Networks - vpc networksGCPCIS Google Cloud Platform v1.3.0 L1
3.2 Ensure CloudTrail log file validation is enabledamazon_awsCIS Amazon Web Services Foundations L2 1.5.0
3.7 Ensure proxies pass source IP informationUnixCIS NGINX Benchmark v2.0.0 L1 Loadbalancer
3.7 Ensure proxies pass source IP informationUnixCIS NGINX Benchmark v2.0.0 L1 Proxy
3.7 Ensure proxies pass source IP information - X-Real-IPUnixCIS NGINX Benchmark v2.0.0 L1 Proxy
3.7 Ensure proxies pass source IP information - X-Real-IPUnixCIS NGINX Benchmark v2.0.0 L1 Loadbalancer
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.4 Ensure a log metric filter and alarm exist for IAM policy changes - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.4 Ensure a log metric filter and alarm exist for IAM policy changes - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.4 Ensure a log metric filter and alarm exist for IAM policy changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L2 1.5.0
4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L2 1.5.0
4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L2 1.5.0
4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L2 1.5.0
4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L2 1.5.0
4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L2 1.5.0
4.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.10 Ensure a log metric filter and alarm exist for security group changes - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L2 1.5.0
4.10 Ensure a log metric filter and alarm exist for security group changes - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L2 1.5.0
4.10 Ensure a log metric filter and alarm exist for security group changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L2 1.5.0
4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L2 1.5.0
4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L2 1.5.0
4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L2 1.5.0
4.12 Ensure a log metric filter and alarm exist for changes to network gateways - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.12 Ensure a log metric filter and alarm exist for changes to network gateways - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.12 Ensure a log metric filter and alarm exist for changes to network gateways - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.13 Ensure a log metric filter and alarm exist for route table changes - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.13 Ensure a log metric filter and alarm exist for route table changes - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.13 Ensure a log metric filter and alarm exist for route table changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.14 Ensure a log metric filter and alarm exist for VPC changes - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.14 Ensure a log metric filter and alarm exist for VPC changes - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.14 Ensure a log metric filter and alarm exist for VPC changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes - 'alarm exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes - 'metric filter exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0
4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes - 'subscription exists'amazon_awsCIS Amazon Web Services Foundations L1 1.5.0