800-53|AU-9

Title

PROTECTION OF AUDIT INFORMATION

Description

The information system protects audit information and audit tools from unauthorized access, modification, and deletion.

Supplemental

Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity. This control focuses on technical protection of audit information. Physical protection of audit information is addressed by media protection controls and physical and environmental protection controls.

Reference Item Details

Related: AC-3,AC-6,MP-2,MP-4,PE-2,PE-3,PE-6

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.11 Ensure separate partition exists for /var/logUnixCIS SUSE Linux Enterprise Server 11 L2 v2.1.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.0
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS SUSE Linux Enterprise Workstation 11 L2 v2.1.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS SUSE Linux Enterprise Server 11 L2 v2.1.0
1.1.13 Ensure separate partition exists for /var/log/auditUnixCIS Amazon Linux 2 STIG v1.0.0 L2
1.5.7 Ensure that the --wal-dir argument is set as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.5.7 Ensure that the --wal-dir argument is set as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.5.8 Ensure that the --max-wals argument is set to 0UnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.5.8 Ensure that the --max-wals argument is set to 0UnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.10.4 Ensure 'syslog hosts' is configured correctlyCiscoCIS Cisco Firewall v8.x L1 v4.2.0
17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.9.2 (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.9.2 (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.9.3 (L1) Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.9.3 (L1) Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.9.4 (L1) Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.9.4 (L1) Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.9.4 Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.9.4 Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.9.4 Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0
17.9.4 Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.9.4 Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.9.4 Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0
17.9.5 (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.9.5 (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.9.5 Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0
17.9.5 Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.9.5 Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.2.0
17.9.5 Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.2.0