Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Policies
Overview
Search
AWS Resources
Azure Resources
GCP Resources
Kubernetes Resources
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-000163
CCI
CCI|CCI-000163
Title
The information system protects audit information from unauthorized modification.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2009
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
2.001 - Permissions for event logs must conform to minimum requirements - application.evtx
Windows
DISA Windows Vista STIG v6r41
2.001 - Permissions for event logs must conform to minimum requirements - security.evtx
Windows
DISA Windows Vista STIG v6r41
2.001 - Permissions for event logs must conform to minimum requirements - system.evtx
Windows
DISA Windows Vista STIG v6r41
4.1.4.1 Ensure Audit logs are owned by root and mode 0600 or less permissive
Unix
CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-002013 - Audit logs on the AIX system must be owned by root.
Unix
DISA STIG AIX 7.x v2r9
AIX7-00-002014 - Audit logs on the AIX system must be group-owned by system.
Unix
DISA STIG AIX 7.x v2r9
AIX7-00-002015 - Audit logs on the AIX system must be set to 660 or less permissive.
Unix
DISA STIG AIX 7.x v2r9
AOSX-13-000336 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.
Unix
DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.
Unix
DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.
Unix
DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.
Unix
DISA STIG Apple macOS 11 v1r8
APPL-11-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.
Unix
DISA STIG Apple macOS 11 v1r5
APPL-12-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.
Unix
DISA STIG Apple macOS 12 v1r8
APPL-13-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive.
Unix
DISA STIG Apple macOS 13 v1r3
ARST-ND-000850 - The Arista network Arista device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.
Arista
DISA STIG Arista MLS EOS 4.2x NDM v1r1
AS24-U1-000190 - The log information from the Apache web server must be protected from unauthorized modification or deletion.
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000190 - The log information from the Apache web server must be protected from unauthorized modification or deletion.
Unix
DISA STIG Apache Server 2.4 Unix Server v2r6
AS24-W1-000200 - The log information from the Apache web server must be protected from unauthorized deletion and modification.
Windows
DISA STIG Apache Server 2.4 Windows Server v2r3
Big Sur - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Catalina v1.5.0 - 800-171
Catalina - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Configure Audit Log Folders to Mode 700 or Less Permissive
Unix
NIST macOS Catalina v1.5.0 - 800-53r4 Low
CISC-ND-000380 - The Cisco router must be configured to protect audit information from unauthorized modification.
Cisco
DISA STIG Cisco IOS XE Router NDM v2r9
CISC-ND-000380 - The Cisco router must be configured to protect audit information from unauthorized modification.
Cisco
DISA STIG Cisco IOS Router NDM v2r8
CISC-ND-000380 - The Cisco switch must be configured to protect audit information from unauthorized modification.
Cisco
DISA STIG Cisco IOS XE Switch NDM v2r8
CISC-ND-000380 - The Cisco switch must be configured to protect audit information from unauthorized modification.
Cisco
DISA STIG Cisco IOS Switch NDM v2r8
DB2X-00-002300 - The audit information produced by DB2 must be protected from unauthorized modification
Windows
DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-002300 - The audit information produced by DB2 must be protected from unauthorized modification
Unix
DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
EP11-00-002700 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized modification.
Windows
EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r2
ESXI-06-200004 - The VMM must protect audit information from unauthorized modification by configuring remote logging.
VMware
DISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-70-000004 - Remote logging for ESXi hosts must be configured.
VMware
DISA STIG VMware vSphere 7.0 ESXi v1r2
EX13-CA-000075 - Exchange must have Audit data protected against unauthorized modification.
Windows
DISA Microsoft Exchange 2013 Client Access Server STIG v2r1
EX13-EG-000060 - Exchange audit data must be protected against unauthorized access for modification.
Windows
DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r5
EX13-MB-000070 - Exchange must protect audit data against unauthorized access.
Windows
DISA Microsoft Exchange 2013 Mailbox Server STIG v2r2
EX16-ED-000120 - Exchange audit data must be protected against unauthorized access for modification.
Windows
DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5
EX16-MB-000140 - Exchange must protect audit data against unauthorized access.
Windows
DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6
