CCI|CCI-000135

Title

The information system generates audit records containing the organization-defined additional, more detailed information that is to be included in the audit records.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2009

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
3.740 - The system must audit all uses of the mount command and syscall - 32 bit	Unix	Tenable Fedora Linux Best Practices v2.0.0
3.740 - The system must audit all uses of the mount command and syscall - 64 bit	Unix	Tenable Fedora Linux Best Practices v2.0.0
3.740 - The system must audit all uses of the mount command and syscall.	Unix	Tenable Fedora Linux Best Practices v2.0.0
4.1.3.8 Ensure changes to system administration scope (sudoers) is collected - sudoers	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.8 Ensure changes to system administration scope (sudoers) is collected - sudoers.d	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.10 Ensure use of privileged commands is collected	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.15 Ensure all uses of the passwd command are audited.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.16 Ensure auditing of the unix_chkpwd command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.17 Ensure audit of the gpasswd command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.18 Ensure audit all uses of chage	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.19 Ensure audit all uses of the chsh command.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.20 Ensure audit the umount command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.21 Ensure audit of postdrop command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.22 Ensure audit of postqueue command.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.23 Ensure audit ssh-keysign command.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.24 Ensure audit of crontab command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.36 Ensure audit of the userhelper command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.37 Ensure audit of the mount command and syscall	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.37 Ensure audit of the mount command and syscall - 32 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.37 Ensure audit of the mount command and syscall - 64 bit	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.38 Ensure audit of the su command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.3.40 Ensure audit all uses of the newgrp command	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-002006 - AIX must produce audit records containing the full-text recording of privileged commands.	Unix	DISA STIG AIX 7.x v2r5
AIX7-00-002006 - AIX must produce audit records containing the full-text recording of privileged commands.	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002006 - AIX must produce audit records containing the full-text recording of privileged commands.	Unix	DISA STIG AIX 7.x v2r9
AIX7-00-002006 - AIX must produce audit records containing the full-text recording of privileged commands.	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-002006 - AIX must produce audit records containing the full-text recording of privileged commands.	Unix	DISA STIG AIX 7.x v2r8
AIX7-00-002006 - AIX must produce audit records containing the full-text recording of privileged commands.	Unix	DISA STIG AIX 7.x v2r1
AMLS-NM-000200 - Arista MLS must generate audit records containing the full-text recording of privileged commands.	Arista	DISA STIG Arista MLS DCS-7000 Series NDM V1R2
AMLS-NM-000200 - The Arista Multilayer Switch must generate audit records containing the full-text recording of privileged commands.	Arista	DISA STIG Arista MLS DCS-7000 Series NDM v1r3
AOSX-12-000230 - The OS X system must initiate session audits at system startup.	Unix	DISA STIG Apple Mac OSX 10.12 v1r6
AOSX-15-001003 - The macOS system must initiate session audits at system startup	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-12-001003 - The macOS system must initiate session audits at system startup	Unix	DISA STIG Apple macOS 12 V1R2
APPL-12-001003 - The macOS system must initiate session audits at system startup	Unix	DISA STIG Apple macOS 12 v1r3
APPL-12-001003 - The macOS system must initiate session audits at system startup	Unix	DISA STIG Apple macOS 12 v1r7
APPL-12-001003 - The macOS system must initiate session audits at system startup	Unix	DISA STIG Apple macOS 12 v1r4
APPL-12-001003 - The macOS system must initiate session audits at system startup	Unix	DISA STIG Apple macOS 12 v1r5
APPL-13-001003 - The macOS system must produce audit records containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions.	Unix	DISA STIG Apple macOS 13 v1r1
APPL-13-001003 - The macOS system must produce audit records containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions.	Unix	DISA STIG Apple macOS 13 v1r3
APPL-13-001003 - The macOS system must produce audit records containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions.	Unix	DISA STIG Apple macOS 13 v1r2
APPL-13-001003 - The macOS system must produce audit records containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions.	Unix	DISA STIG Apple macOS 13 v1r4
APPL-14-001003 - The macOS system must enable security auditing.	Unix	DISA Apple macOS 14 (Sonoma) STIG v1r2
ARST-ND-000150 - The Arista network device must be configured to audit all administrator activity.	Arista	DISA STIG Arista MLS EOS 4.2x NDM v1r1
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enable Security Auditing	Unix	NIST macOS Big Sur v1.4.0 - 800-171

Detections

Analytics

CCI|CCI-000135

Title

Reference Item Details

Audit Items