CCI|CCI-001851

Title

The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
4.1.2.3 Ensure audit system is set to single when the disk is full.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.6 Ensure audit system action is defined for sending errorsUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.8 Ensure audit logs are stored on a different system.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.9 Ensure audit logs on separate system are encrypted.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - directionUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - pathUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - typeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.12 Ensure action is taken when audisp-remote buffer is fullUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.13 Ensure off-loaded audit logs are labeled.UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backuppathUnixDISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backupsizeUnixDISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin1UnixDISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin2UnixDISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bincompactUnixDISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - binsizeUnixDISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - cmdsUnixDISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - freespaceUnixDISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - trailUnixDISA STIG AIX 7.x v2r6
AIX7-00-002131 - AIX must implement a remote syslog server that is documented using site-defined procedures.UnixDISA STIG AIX 7.x v2r6
AMLS-NM-000400 - The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time - logging hostAristaDISA STIG Arista MLS DCS-7000 Series NDM v1r3
AMLS-NM-000400 - The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time - trap loggingAristaDISA STIG Arista MLS DCS-7000 Series NDM v1r3
AS24-U1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server.UnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server.UnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000730 - The Apache web server must be configured to integrate with an organizations security infrastructure.UnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000730 - The Apache web server must be configured to integrate with an organizations security infrastructure.UnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-W1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000730 - The Apache web server must be configurable to integrate with an organizations security infrastructure.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
Big Sur - Off-Load Audit RecordsUnixNIST macOS Big Sur v1.4.0 - All Profiles
CASA-ND-001260 - The Cisco ASA must be configured to offload audit records onto a different system or media than the system being audited - logging hostCiscoDISA STIG Cisco ASA NDM v1r1
CASA-ND-001260 - The Cisco ASA must be configured to offload audit records onto a different system or media than the system being audited - logging trapCiscoDISA STIG Cisco ASA NDM v1r1
Catalina - Off-Load Audit RecordsUnixNIST macOS Catalina v1.5.0 - All Profiles
CISC-ND-001310 - The Cisco router must be configured to off-load log records onto a different system than the system being audited.CiscoDISA STIG Cisco IOS-XR Router NDM v2r2
CISC-ND-001310 - The Cisco switch must be configured to off-load log records onto a different system than the system being audited.CiscoDISA STIG Cisco NX-OS Switch NDM v2r3
CISC-ND-001450 - The Cisco router must be configured to send log data to a syslog server for the purpose of forwarding alerts to the administrators and the ISSO.CiscoDISA STIG Cisco IOS XE Router NDM v2r5
CISC-ND-001450 - The Cisco router must be configured to send log data to a syslog server for the purpose of forwarding alerts to the administrators and the ISSO.CiscoDISA STIG Cisco IOS Router NDM v2r4
CISC-ND-001450 - The Cisco switch must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the Information System Security Officer (ISSO).CiscoDISA STIG Cisco IOS Switch NDM v2r4
CISC-ND-001450 - The Cisco switch must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.CiscoDISA STIG Cisco IOS XE Switch NDM v2r4
DB2X-00-012600 - DB2 must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.UnixDISA STIG IBM DB2 v10.5 LUW v1r4 OS Linux
DB2X-00-012600 - DB2 must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.WindowsDISA STIG IBM DB2 v10.5 LUW v1r4 OS Windows
DKER-EE-001080 - The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-003320 - All Docker Engine - Enterprise nodes must be configured with a log driver plugin that sends logs to a remote log aggregation system (SIEM).UnixDISA STIG Docker Enterprise 2.x Linux/Unix v2r1
ESXI-06-400004 - The VMM must off-load audit records onto a different system or media than the system being audited by configuring remote logging.VMwareDISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-06-500004 - The VMM must, at a minimum, off-load interconnected systems in real time and off-load standalone systems weekly by configuring remote logging.VMwareDISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-67-000004 - Remote logging for ESXi hosts must be configured.VMwareDISA STIG VMware vSphere 6.7 ESXi v1r2
F5BI-DM-000257 - The BIG-IP appliance must be configured to off-load audit records onto a different system or media than the system being audited.F5DISA F5 BIG-IP Device Management 11.x STIG v2r1
FGFW-ND-000110 - The FortiGate device must off-load audit records on to a different system or media than the system being audited.FortiGateDISA Fortigate Firewall NDM STIG v1r3
FNFG-FW-000100 - The FortiGate firewall must send traffic log entries to a central audit server for management and configuration of the traffic log entries. - fortianalyzer statusFortiGateDISA Fortigate Firewall STIG v1r3
FNFG-FW-000100 - The FortiGate firewall must send traffic log entries to a central audit server for management and configuration of the traffic log entries. - syslogd statusFortiGateDISA Fortigate Firewall STIG v1r3
GEN002870 - The system must be configured to send audit/system records to a remote audit server - '/boot/grub/grub.conf audit=1'UnixDISA STIG for Oracle Linux 5 v2r1
GEN002870 - The system must be configured to send audit/system records to a remote audit server - '/etc/audisp/plugins.d/syslog.conf active=yes'UnixDISA STIG for Oracle Linux 5 v2r1