CCI|CCI-001877

Title

The information system provides an audit reduction capability that supports after-the-fact investigations of security incidents.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AOSX-13-000240 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple Mac OSX 10.15 v1r8
APPL-11-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-005001 - The macOS system must enable System Integrity Protection.UnixDISA STIG Apple macOS 11 v1r6
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Ensure System Integrity Protection is EnabledUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Ensure System Integrity Protection is EnabledUnixNIST macOS Catalina v1.5.0 - All Profiles
Monterey - Ensure System Integrity Protection is EnabledUnixNIST macOS Monterey v1.0.0 - 800-171
Monterey - Ensure System Integrity Protection is EnabledUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Ensure System Integrity Protection is EnabledUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Ensure System Integrity Protection is EnabledUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Ensure System Integrity Protection is EnabledUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Ensure System Integrity Protection is EnabledUnixNIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Ensure System Integrity Protection is EnabledUnixNIST macOS Monterey v1.0.0 - 800-53r5 Low
Monterey - Ensure System Integrity Protection is EnabledUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Ensure System Integrity Protection is EnabledUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
OL08-00-030180 - The OL 8 audit package must be installed.UnixDISA Oracle Linux 8 STIG v1r2
OL08-00-030181 - OL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.UnixDISA Oracle Linux 8 STIG v1r2
SLES-12-020000 - The SUSE operating system must have the auditing package installed.UnixDISA SLES 12 STIG v2r6
SLES-12-020240 - The SUSE operating system must generate audit records for all uses of the privileged functions - setgid arch=b32UnixDISA SLES 12 STIG v2r6
SLES-12-020240 - The SUSE operating system must generate audit records for all uses of the privileged functions - setgid arch=b64UnixDISA SLES 12 STIG v2r6
SLES-12-020240 - The SUSE operating system must generate audit records for all uses of the privileged functions - setuid arch=b32UnixDISA SLES 12 STIG v2r6
SLES-12-020240 - The SUSE operating system must generate audit records for all uses of the privileged functions - setuid arch=b64UnixDISA SLES 12 STIG v2r6
SLES-15-030640 - The SUSE operating system must generate audit records for all uses of the privileged functions - setgid arch=b32UnixDISA SLES 15 STIG v1r6
SLES-15-030640 - The SUSE operating system must generate audit records for all uses of the privileged functions - setgid arch=b64UnixDISA SLES 15 STIG v1r6
SLES-15-030640 - The SUSE operating system must generate audit records for all uses of the privileged functions - setuid arch=b32UnixDISA SLES 15 STIG v1r6
SLES-15-030640 - The SUSE operating system must generate audit records for all uses of the privileged functions - setuid arch=b64UnixDISA SLES 15 STIG v1r6
SLES-15-030650 - The SUSE operating system must have the auditing package installed.UnixDISA SLES 15 STIG v1r6
SOL-11.1-010060 - The audit system must support an audit reduction capability.UnixDISA STIG Solaris 11 SPARC v2r6
SOL-11.1-010060 - The audit system must support an audit reduction capability.UnixDISA STIG Solaris 11 X86 v2r6
UBTU-16-020000 - Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events - enabledUnixDISA STIG Ubuntu 16.04 LTS v2r3
UBTU-16-020000 - Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events - installedUnixDISA STIG Ubuntu 16.04 LTS v2r3
UBTU-18-010250 - The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time - activeUnixDISA STIG Ubuntu 18.04 LTS v2r7
UBTU-18-010250 - The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time - enabledUnixDISA STIG Ubuntu 18.04 LTS v2r7