Audits
Settings
Links
Tenable.io
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Links
Tenable.io
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Audits
References
CCI
CCI-001464
CCI
CCI|CCI-001464
Title
The information system initiates session audits at system start-up.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2009
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
AIX7-00-002023 - AIX must start audit at boot.
Unix
DISA STIG AIX 7.x v2r5
AS24-U1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events - log_config_module
Unix
DISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events - log_config_module
Unix
DISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events - LogFormat
Unix
DISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events - LogFormat
Unix
DISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-W1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events.
Windows
DISA STIG Apache Server 2.4 Windows Server v2r2
Big Sur - Enable Security Auditing
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enable Security Auditing
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enable Security Auditing
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enable Security Auditing
Unix
NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enable Security Auditing
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enable Security Auditing
Unix
NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enable Security Auditing
Unix
NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enable Security Auditing
Unix
NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enable Security Auditing
Unix
NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Catalina - Enable Security Auditing
Unix
NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Enable Security Auditing
Unix
NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Enable Security Auditing
Unix
NIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Enable Security Auditing
Unix
NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Enable Security Auditing
Unix
NIST macOS Catalina v1.5.0 - 800-171
Catalina - Enable Security Auditing
Unix
NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Enable Security Auditing
Unix
NIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Enable Security Auditing
Unix
NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Enable Security Auditing
Unix
NIST macOS Catalina v1.5.0 - All Profiles
CNTR-K8-000600 - The Kubernetes API Server must have an audit policy set.
Unix
DISA STIG Kubernetes v1r5
CNTR-K8-000610 - The Kubernetes API Server must have an audit log path set.
Unix
DISA STIG Kubernetes v1r5
DKER-EE-001080 - The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker paths
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix v2r1
DKER-EE-001090 - The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set - docker services
Unix
DISA STIG Docker Enterprise 2.x Linux/Unix v2r1
IIST-SI-000206 - Both the log file and Event Tracing for Windows (ETW) for each IIS 10.0 website must be enabled.
Windows
DISA IIS 10.0 Site v2r5
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Field Date
Windows
DISA IIS 10.0 Server v2r5
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Field IP
Windows
DISA IIS 10.0 Server v2r5
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Field Method
Windows
DISA IIS 10.0 Server v2r5
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Field Query
Windows
DISA IIS 10.0 Server v2r5
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Field Referer
Windows
DISA IIS 10.0 Server v2r5
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Field Status
Windows
DISA IIS 10.0 Server v2r5
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Field Time
Windows
DISA IIS 10.0 Server v2r5
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Field User
Windows
DISA IIS 10.0 Server v2r5
IIST-SV-000102 - The enhanced logging for the IIS 10.0 web server must be enabled and capture all user and web server events - Format W3C
Windows
DISA IIS 10.0 Server v2r5
IIST-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled.
Windows
DISA IIS 10.0 Server v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Client IP Address
Windows
DISA IIS 8.5 Site v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Date
Windows
DISA IIS 8.5 Site v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Method
Windows
DISA IIS 8.5 Site v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Protocol Status
Windows
DISA IIS 8.5 Site v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Referer
Windows
DISA IIS 8.5 Site v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field Time
Windows
DISA IIS 8.5 Site v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field URI Query
Windows
DISA IIS 8.5 Site v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Field User Name
Windows
DISA IIS 8.5 Site v2r5
IISW-SI-000205 - The enhanced logging for each IIS 8.5 website must be enabled and capture, record, and log all content related to a user session - Format W3C
Windows
DISA IIS 8.5 Site v2r5
IISW-SI-000206 - Both the log file and Event Tracing for Windows (ETW) for each IIS 8.5 website must be enabled.
Windows
DISA IIS 8.5 Site v2r5
