800-53|AU-9

Title

PROTECTION OF AUDIT INFORMATION

Description

The information system protects audit information and audit tools from unauthorized access, modification, and deletion.

Supplemental

Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity. This control focuses on technical protection of audit information. Physical protection of audit information is addressed by media protection controls and physical and environmental protection controls.

Reference Item Details

Related: AC-3,AC-6,MP-2,MP-4,PE-2,PE-3,PE-6

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.11 Ensure separate partition exists for /var/logUnixCIS CentOS Linux 8 Server L2 v1.0.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS CentOS Linux 8 Workstation L2 v1.0.0
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 16.04 LTS Workstation L2 v1.1.0
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Debian 8 Server L2 v2.0.1
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Debian 8 Workstation L2 v2.0.1
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 16.04 LTS Server L2 v1.1.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Debian 9 Workstation L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Oracle Linux 6 Workstation L2 v1.1.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Debian 9 Server L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS CentOS 6 Workstation L2 v2.1.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Oracle Linux 8 Workstation L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 18.04 LTS Server L2 v2.0.1
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS CentOS Linux 8 Server L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.0.1
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Red Hat EL8 Workstation L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS CentOS Linux 8 Workstation L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Red Hat EL8 Server L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS CentOS 6 Server L2 v2.1.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Oracle Linux 8 Server L2 v1.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Oracle Linux 6 Server L2 v1.1.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Red Hat 6 Server L2 v2.1.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Red Hat 6 Workstation L2 v2.1.0
1.1.13 Ensure separate partition exists for /var/log/auditUnixCIS Amazon Linux 2 STIG v1.0.0 L2
1.1.15 Ensure separate partition exists for /var/logUnixCIS Oracle Linux 7 Server L2 v3.0.0
1.1.15 Ensure separate partition exists for /var/logUnixCIS Oracle Linux 7 Workstation L2 v3.0.0
1.1.15 Ensure separate partition exists for /var/logUnixCIS Red Hat EL7 Server L2 v3.0.1
1.1.15 Ensure separate partition exists for /var/logUnixCIS Red Hat EL7 Workstation L2 v3.0.1
1.1.15 Ensure separate partition exists for /var/logUnixCIS Distribution Independent Linux Workstation L2 v1.1.0
1.1.15 Ensure separate partition exists for /var/logUnixCIS Distribution Independent Linux Server L2 v1.1.0
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 20.04 LTS Workstation L2 v1.0.0
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Red Hat EL7 Workstation L2 v3.0.1
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 20.04 LTS Server L2 v1.0.0
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS SUSE Linux Enterprise 15 Workstation L2 v1.0.0
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Distribution Independent Linux Workstation L2 v1.1.0
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS SUSE Linux Enterprise 15 Server L2 v1.0.0
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Oracle Linux 7 Workstation L2 v3.0.0
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Distribution Independent Linux Server L2 v1.1.0
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Oracle Linux 7 Server L2 v3.0.0
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Red Hat EL7 Server L2 v3.0.1
1.10.4 Ensure 'syslog hosts' is configured correctlyCiscoCIS Cisco Firewall ASA 8 L1 v4.1.0
1.10.4 Ensure 'syslog hosts' is configured correctlyCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.10.4 Ensure 'syslog hosts' is configured correctlyCiscoCIS Cisco Firewall ASA 9 L1 v4.0.0
1.14 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'microsoft_azureCIS Microsoft Azure Foundations v2.1.0 L1
1.15 Ensure IAM Users Receive Permissions Only Through Groupsamazon_awsCIS Amazon Web Services Foundations L1 3.0.0
1.15 Ensure that 'Guest invite restrictions' is set to 'Only users assigned to specific admin roles can invite guest users'microsoft_azureCIS Microsoft Azure Foundations v2.1.0 L2
1.16 Ensure That 'Restrict access to Microsoft Entra admin center' is Set to 'Yes'microsoft_azureCIS Microsoft Azure Foundations v2.1.0 L1
1.17 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'microsoft_azureCIS Microsoft Azure Foundations v2.1.0 L2
1.18 Ensure IAM instance roles are used for AWS resource access from instancesamazon_awsCIS Amazon Web Services Foundations L2 3.0.0