CCI|CCI-000163

Title

The information system protects audit information from unauthorized modification.

Reference Item Details

Category: 2009

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.001 - Permissions for event logs must conform to minimum requirements - application.evtxWindowsDISA Windows Vista STIG v6r41
2.001 - Permissions for event logs must conform to minimum requirements - security.evtxWindowsDISA Windows Vista STIG v6r41
2.001 - Permissions for event logs must conform to minimum requirements - system.evtxWindowsDISA Windows Vista STIG v6r41
4.1.4.1 Ensure Audit logs are owned by root and mode 0600 or less permissiveUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-002013 - Audit logs on the AIX system must be owned by root.UnixDISA STIG AIX 7.x v2r5
AIX7-00-002014 - Audit logs on the AIX system must be group-owned by system.UnixDISA STIG AIX 7.x v2r5
AIX7-00-002015 - Audit logs on the AIX system must be set to 660 or less permissive.UnixDISA STIG AIX 7.x v2r5
AOSX-13-000336 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.UnixDISA STIG Apple Mac OSX 10.15 v1r8
APPL-11-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.UnixDISA STIG Apple macOS 11 v1r6
APPL-11-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.UnixDISA STIG Apple macOS 11 v1r5
AS24-U1-000190 - The log information from the Apache web server must be protected from unauthorized modification or deletion.UnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000190 - The log information from the Apache web server must be protected from unauthorized modification or deletion.UnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-W1-000200 - The log information from the Apache web server must be protected from unauthorized deletion and modification.WindowsDISA STIG Apache Server 2.4 Windows Server v2r2
Big Sur - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Catalina - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure Audit Log Folders to Mode 700 or Less PermissiveUnixNIST macOS Catalina v1.5.0 - All Profiles
CISC-ND-000380 - The Cisco router must be configured to protect audit information from unauthorized modification.CiscoDISA STIG Cisco IOS XE Router NDM v2r3
CISC-ND-000380 - The Cisco router must be configured to protect audit information from unauthorized modification.CiscoDISA STIG Cisco IOS Router NDM v2r3
CISC-ND-000380 - The Cisco switch must be configured to protect audit information from unauthorized modification.CiscoDISA STIG Cisco IOS XE Switch NDM v2r2
CISC-ND-000380 - The Cisco switch must be configured to protect audit information from unauthorized modification.CiscoDISA STIG Cisco IOS Switch NDM v2r3
DB2X-00-002300 - The audit information produced by DB2 must be protected from unauthorized modification - ownershipUnixDISA STIG IBM DB2 v10.5 LUW v1r4 OS Linux
DB2X-00-002300 - The audit information produced by DB2 must be protected from unauthorized modification - ownershipWindowsDISA STIG IBM DB2 v10.5 LUW v1r4 OS Windows
DB2X-00-002300 - The audit information produced by DB2 must be protected from unauthorized modification - verify settingWindowsDISA STIG IBM DB2 v10.5 LUW v1r4 OS Windows
DB2X-00-002300 - The audit information produced by DB2 must be protected from unauthorized modification - verify settingUnixDISA STIG IBM DB2 v10.5 LUW v1r4 OS Linux
EP11-00-002700 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized modification.WindowsEDB PostgreSQL Advanced Server v11 Windows OS Audit v2r1
ESXI-06-200004 - The VMM must protect audit information from unauthorized modification by configuring remote logging.VMwareDISA STIG VMware vSphere 6.x ESXi v1r5
EX13-CA-000075 - Exchange must have Audit data protected against unauthorized modification.WindowsDISA Microsoft Exchange 2013 Client Access Server STIG v2r1
EX13-EG-000060 - Exchange audit data must be protected against unauthorized access for modification.WindowsDISA Microsoft Exchange 2013 Edge Transport Server STIG v1r5
EX13-MB-000070 - Exchange must protect audit data against unauthorized access.WindowsDISA Microsoft Exchange 2013 Mailbox Server STIG v2r2
EX16-ED-000120 - Exchange audit data must be protected against unauthorized access for modification.WindowsDISA Microsoft Exchange 2016 Edge Transport Server STIG v2r3
EX16-MB-000140 - Exchange must protect audit data against unauthorized access.WindowsDISA Microsoft Exchange 2016 Mailbox Server STIG v2r4
F5BI-DM-000075 - The BIG-IP appliance must be configured to protect audit information from unauthorized modification.F5DISA F5 BIG-IP Device Management 11.x STIG v2r1
F5BI-LT-000057 - The BIG-IP Core implementation must be configured to protect audit information from unauthorized modification.F5DISA F5 BIG-IP Local Traffic Manager 11.x STIG v2r1