Detections
Analytics

800-53|AU-9

Title

PROTECTION OF AUDIT INFORMATION

Description

The information system protects audit information and audit tools from unauthorized access, modification, and deletion.

Supplemental

Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity. This control focuses on technical protection of audit information. Physical protection of audit information is addressed by media protection controls and physical and environmental protection controls.

Reference Item Details

Related: AC-3,AC-6,MP-2,MP-4,PE-2,PE-3,PE-6

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 UBTU-24-90890UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.2 Ensure Snowflake SCIM integration is configured to automatically provision and deprovision users and groups (i.e. roles)SnowflakeCIS Snowflake Foundations v1.0.0 L2
1.2.6 Verify that RBAC is enabledOpenShiftCIS Red Hat OpenShift Container Platform v1.8.0 L1 OpenShift
1.2.8 Ensure that the --authorization-mode argument includes RBACUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.8 Ensure that the --authorization-mode argument includes RBACUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.8 Ensure that the --authorization-mode argument includes RBACUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.8 Ensure that the --authorization-mode argument includes RBACUnixCIS Kubernetes v1.11.1 L1 Master Node
1.2.17 Ensure that the healthz endpoint is protected by RBACOpenShiftCIS Red Hat OpenShift Container Platform v1.8.0 L1 OpenShift
1.10.4 Ensure 'syslog hosts' is configured correctlyCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.14 Ensure IAM users receive permissions only through groupsamazon_awsCIS Amazon Web Services Foundations v5.0.0 L1
1.17 Ensure IAM instance roles are used for AWS resource access from instancesamazon_awsCIS Amazon Web Services Foundations v5.0.0 L2
1.17 UBTU-22-232010UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.24 UBTU-22-232035UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.25 UBTU-22-232040UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.26 UBTU-22-232045UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.113 RHEL-09-232035UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.115 UBTU-22-651030UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.126 UBTU-22-653045UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.127 RHEL-09-232103UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.127 UBTU-22-653050UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.128 RHEL-09-232104UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.128 UBTU-22-653055UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.129 UBTU-22-653060UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.152 RHEL-09-232220UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.153 RHEL-09-232225UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.178 UBTU-24-901230UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.179 UBTU-24-901240UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.180 UBTU-24-901250UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.181 UBTU-24-901260UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.182 UBTU-24-901270UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.183 UBTU-24-901280UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.184 UBTU-24-901300UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.185 UBTU-24-901310UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.186 UBTU-24-901350UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.187 UBTU-24-901380UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.188 UBTU-24-909000UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.214 OL08-00-030070UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.215 OL08-00-030080UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.216 OL08-00-030090UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.217 OL08-00-030100UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.218 OL08-00-030110UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.219 OL08-00-030120UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.220 OL08-00-030121UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.221 OL08-00-030122UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.271 OL08-00-030620UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.272 OL08-00-030630UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.273 OL08-00-030640UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II
1.274 OL08-00-030650UnixCIS Oracle Linux 8 STIG v1.0.0 CAT II