CSCv7|6.5

Title

Central Log Management

Description

Ensure that appropriate logs are being aggregated to a central log management system for analysis and review.

Reference Item Details

Category: Maintenance, Monitoring and Analysis of Audit Logs

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
2.2.35 Ensure 'Manage auditing and security log' is set to 'Administrators' and (when Exchange is running in the environment) 'Exchange Servers' (DC only)WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.36 Ensure 'Manage auditing and security log' is set to 'Administrators' (MS only)WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.3.2.2 (L1) Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
3.1 Ensure a centralized location is configured to collect ESXi host core dumpsUnixCIS VMware ESXi 6.7 v1.3.0 Level 1 Bare Metal
3.1 Ensure a centralized location is configured to collect ESXi host core dumpsUnixCIS VMware ESXi 6.5 v1.0.0 Level 1 Bare Metal
3.1 Ensure a centralized location is configured to collect ESXi host core dumpsUnixCIS VMware ESXi 7.0 v1.3.0 Level 1 Bare Metal
3.3 Ensure remote logging is configured for ESXi hostsVMwareCIS VMware ESXi 7.0 v1.3.0 Level 1
3.3 Ensure remote logging is configured for ESXi hostsVMwareCIS VMware ESXi 6.7 v1.3.0 Level 1
3.4 Ensure CloudTrail trails are integrated with CloudWatch Logs - 'CloudWatch Log Delivery'amazon_awsCIS Amazon Web Services Foundations L1 2.0.0
3.4 Ensure CloudTrail trails are integrated with CloudWatch Logs - 'log group is configured'amazon_awsCIS Amazon Web Services Foundations L1 2.0.0
3.5 Ensure error logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.0.1 L2 Proxy
3.5 Ensure error logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.0.1 L2 Loadbalancer
3.5 Ensure error logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.0.1 L2 Webserver
3.6 Ensure access logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.0.1 L2 Webserver
3.6 Ensure access logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.0.1 L2 Loadbalancer
3.6 Ensure access logs are sent to a remote syslog serverUnixCIS NGINX Benchmark v2.0.1 L2 Proxy
4.1 Ensure unauthorized API calls are monitoredamazon_awsCIS Amazon Web Services Foundations L2 2.0.0
4.1.2.1 Ensure journald is configured to send logs to rsyslogUnixCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
4.2.1.3 Ensure journald is configured to send logs to rsyslogUnixCIS Rocky Linux 8 Workstation L1 v1.0.0
4.2.1.3 Ensure journald is configured to send logs to rsyslogUnixCIS CentOS Linux 8 Workstation L1 v2.0.0
4.2.1.3 Ensure journald is configured to send logs to rsyslogUnixCIS AlmaLinux OS 8 Workstation L1 v2.0.0
4.2.1.3 Ensure journald is configured to send logs to rsyslogUnixCIS Red Hat EL8 Server L1 v2.0.0
17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.9.1 Ensure 'Audit IPsec Driver' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.9.2 (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.9.3 (L1) Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.9.3 Ensure 'Audit Security State Change' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.9.4 (L1) Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.9.4 Ensure 'Audit Security System Extension' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
17.9.5 (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
17.9.5 Ensure 'Audit System Integrity' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.4.12 Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'WindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
18.4.12 Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'WindowsCIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
18.4.12 Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'WindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
18.4.12 Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'WindowsCIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
18.4.13 (L1) Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.4.13 Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
20.13 Ensure 'Audit records must be backed up to a different system or media than the system being audited'WindowsCIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
20.13 Ensure 'Audit records must be backed up to a different system or media than the system being audited'WindowsCIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
20.13 Ensure 'Audit records must be backed up to a different system or media than the system being audited'WindowsCIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0
20.13 Ensure 'Audit records must be backed up to a different system or media than the system being audited'WindowsCIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
20.38 Ensure 'Off-load of audit records of interconnected systems in real time and off-load standalone systems weekly'WindowsCIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
20.38 Ensure 'Off-load of audit records of interconnected systems in real time and off-load standalone systems weekly'WindowsCIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
20.39 Ensure 'Off-load of audit records of interconnected systems in real time and off-load standalone systems weekly'WindowsCIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
20.39 Ensure 'Off-load of audit records of interconnected systems in real time and off-load standalone systems weekly'WindowsCIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0