CSCv7|6.2

Title

Activate audit logging

Description

Ensure that local logging has been enabled on all systems and networking devices.

Reference Item Details

Category: Maintenance, Monitoring and Analysis of Audit Logs

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1.1 Syslog logging should be configured - configurationPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.1.1.1 Syslog logging should be configured - configurationPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.1.1.1 Syslog logging should be configured - hip matchPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.1.1.1 Syslog logging should be configured - hip matchPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.1.1.1 Syslog logging should be configured - hostPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.1.1.1 Syslog logging should be configured - hostPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.1.1.1 Syslog logging should be configured - ip-tagPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.1.1.1 Syslog logging should be configured - ip-tagPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.1.1.1 Syslog logging should be configured - systemPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.1.1.1 Syslog logging should be configured - systemPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.1.1.1 Syslog logging should be configured - user-idPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.1.1.1 Syslog logging should be configured - user-idPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.1.1.2 SNMPv3 traps should be configured - configurationPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L2
1.1.1.2 SNMPv3 traps should be configured - configurationPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L2
1.1.1.2 SNMPv3 traps should be configured - hip matchPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L2
1.1.1.2 SNMPv3 traps should be configured - hip matchPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L2
1.1.1.2 SNMPv3 traps should be configured - hostPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L2
1.1.1.2 SNMPv3 traps should be configured - hostPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L2
1.1.1.2 SNMPv3 traps should be configured - ip-tagPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L2
1.1.1.2 SNMPv3 traps should be configured - ip-tagPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L2
1.1.1.2 SNMPv3 traps should be configured - user-idPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L2
1.1.1.2 SNMPv3 traps should be configured - user-idPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L2
1.1.2 Ensure 'Enable Log on High DP Load' is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.1.3 Ensure 'Enable Log on High DP Load' is enabledPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.1.3 Ensure 'Enable Log on High DP Load' is enabledPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.1.3 Ensure auditing is configured for the Docker daemonUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.15 Ensure that the --audit-log-path argument is set as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.2.18 Ensure that the --audit-log-path argument is setUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.2.18 Ensure that the --audit-log-path argument is setUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.2.21 Ensure that the --audit-log-path argument is setUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.2.22 Ensure that the --audit-log-path argument is setUnixCIS Kubernetes Benchmark v1.6.1 L1 Master
1.10.1 Ensure 'logging' is enabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.1 Ensure 'logging' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.5 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.5 Ensure 'logging with the device ID' is configured correctlyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
2.1 Ensure that Cloud Audit Logging is configured properly across all services and all users from a project - allServicesGCPCIS Google Cloud Platform v1.1.0 L1
2.1 Ensure that Cloud Audit Logging is configured properly across all services and all users from a project - exemptedMembersGCPCIS Google Cloud Platform v1.1.0 L1
2.1 Ensure that IP addresses are mapped to usernames - User ID AgentsPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
2.1 Ensure that IP addresses are mapped to usernames - ZonesPalo_AltoCIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
17.6.3 (L1) Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.6.3 (L1) Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.9.48.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + NG
18.9.48.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 NG
18.9.48.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L2 + BL + NG
18.9.48.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + NG
18.9.48.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L2 + BL + NG
18.9.48.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.9.48.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.9.48.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 NG
18.9.48.1 Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG