CCI-000134

1 rule found Severity: High

34 rules found Severity: Medium

36 rules found Severity: Medium

7 rules found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: Medium

2 rules found Severity: Low

1 rule found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: Medium

1 rule found Severity: Low

The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT), in order to generate audit records containing information to establish what type of events occurred, the identity of any individual or process associated with the event, including individual identities of group account users, establish where the events occurred, source of the event, and outcome of the events including all account enabling actions, full-text recording of privileged commands, and information about the use of encryption for access wireless access to and from the system.

1 rule found Severity: Medium

2 rules found Severity: Medium

3 rules found Severity: Medium

1 rule found Severity: Medium

A BIND 9.x server implementation must be configured to allow DNS administrators to audit all DNS server components, based on selectable event criteria, and produce audit records within all DNS server components that contain information for failed security verification tests, information to establish the outcome and source of the events, any information necessary to determine cause of failure, and any information necessary to return to operations with least disruption to mission processes.

1 rule found Severity: Low

1 rule found Severity: Medium

2 rules found Severity: Low

1 rule found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: Medium

2 rules found Severity: Medium

2 rules found Severity: Low

1 rule found Severity: Medium

1 rule found Severity: High

1 rule found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: Medium

1 rule found Severity: High

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: High

Enable audit Service

Ensure the audit Subsystem is Installed

Enable auditd Service

Ensure the audit-libs package as a part of audit Subsystem is Installed

Ensure the libaudit1 package as a part of audit Subsystem is Installed

The CA API Gateway must produce audit records containing information to establish the outcome of the events.

The DBN-6300 must produce audit records that contain information to establish the outcome of the event.

The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.

The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.

The FortiGate firewall must generate traffic log entries containing information to establish the outcome of the events, such as, at a minimum, the success or failure of the application of the firewall rule.

The HP FlexFabric Switch must produce audit records that contain information to establish the outcome of the event.

The HYCU server must produce audit records containing information to establish when events occurred, where events occurred, the source of the event, the outcome of the event, and identity of any individual or process associated with the event.

DB2 must produce audit records containing sufficient information to establish the outcome (success or failure) of the events.

The MQ Appliance messaging server must produce log records containing information to establish what type of events occurred.

The WebSphere Application Server audit event type filters must be configured.

CA VM:Secure product must be installed and operating.

The Sentry must produce audit records containing information to establish the outcome of the events.

SQL Server must produce Trace or Audit records containing sufficient information to establish the outcome (success or failure) of the events.

Nutanix AOS must produce audit records containing information to establish the outcome of events.

OHS must have a log format defined to produce log records that contain sufficient information to establish the outcome (success or failure) of events.

OHS must have a SSL log format defined to produce log records that contain sufficient information to establish the outcome (success or failure) of events.

OHS must have a log file defined for each site/virtual host to produce log records that contain sufficient information to establish the outcome (success or failure) of events.

Oracle WebLogic must produce audit records that contain sufficient information to establish the outcome (success or failure) of application server and application events.

Symantec ProxySG must produce audit records containing information to establish the outcome of the events.

The NSX-T Tier-1 Gateway Firewall must generate traffic log entries containing information to establish the details of the event.

The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.

MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.

The DBMS must produce audit records containing sufficient information to establish the outcome (success or failure) of the events.

PostgreSQL must produce audit records containing sufficient information to establish the outcome (success or failure) of the events.

The EDB Postgres Advanced Server must generate audit records for DoD-defined auditable events.

AccessLogValve must be configured for each application context.

The macOS system must produce audit records containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions.

The Arista network device must be configured to capture all DOD auditable events.

The Arista router must be configured to produce audit records containing information to establish where the events occurred.

The Cisco ASA must be configured to produce audit records containing information to establish the outcome of events associated with detected harmful or potentially harmful traffic.

The Cisco ASA must be configured to produce audit records that contain information to establish the outcome of the event.

The Cisco ASA remote access VPN server must be configured to produce log records containing information to establish the outcome of the events.

The Cisco switch must be configured to log all packets that have been dropped at interfaces via an ACL.

The Cisco router must be configured to log all packets that have been dropped at interfaces via ACL.

The DNS server implementation must produce audit records that contain information to establish the outcome of the events.

The EDB Postgres Advanced Server must produce audit records containing sufficient information to establish the outcome (success or failure) of the events.

The Enterprise Voice, Video, and Messaging Endpoint must be configured to produce session (call detail) records containing the outcome of the connection.

The F5 BIG-IP appliance must generate event log records that can be forwarded to the centralized events log.

The Enterprise Voice, Video, and Messaging Session Manager must produce session (call) records containing the outcome (status) of the connection.

The F5 BIG-IP appliance must generate traffic log entries containing information to establish the details of the event, including success or failure of the application of the firewall rule.

The F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.

SSMC web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events.

AIX must produce audit records containing information to establish the outcome of the events.

Audit records content must contain valid information to allow for proper incident reporting.

The WebSphere Liberty Server must log remote session and security activity.

The ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.

The ICS must be configured to generate log records containing sufficient information about where, when, identity, source, or outcome of the events.

The Juniper EX switch must be configured to produce audit records that contain information to establish the outcome of the event.

The application server must produce log records that contain sufficient information to establish the outcome of events.

The Juniper router must be configured to log all packets that have been dropped.

Kubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event.

MongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components.

The IIS 10.0 web server must produce log records that contain sufficient information to establish the outcome (success or failure) of IIS 10.0 web server events.

The IIS 10.0 website must produce log records that contain sufficient information to establish the outcome (success or failure) of IIS 10.0 website events.

PowerShell Transcription must be enabled on Windows 11.

Windows Server 2016 must have PowerShell Transcription enabled.

The network device must produce audit records that contain information to establish the outcome of the event.

The Riverbed NetProfiler must be configured to automatically generate DOD-required audit records with sufficient information to support incident reporting to a central log server.

The Automation Controller must generate the appropriate log records.

The router must be configured to log all packets that have been dropped.

The SDN controller must be configured to produce audit records containing information to establish the outcome of the events.

SLEM 5 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.

The TPS must provide audit record generation capability for detection events based on implementation of policy filters, rules, signatures, and anomaly analysis.

The TippingPoint SMS must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).

TOSS audit records must contain information to establish what type of events occurred, when the events occurred, the source of events, where events occurred, and the outcome of events.

The web server must produce log records that contain sufficient information to establish the outcome (success or failure) of events.

The NixOS audit package must be installed.

AAA Services configuration audit records must identify the outcome of the events.

The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events.

The Apache web server must produce log records containing sufficient information to establish what type of events occurred.

The macOS system must enable security auditing.

The ALG must produce audit records containing information to establish the outcome of the events.

The application must produce audit records that contain information to establish the outcome of the events.

Ubuntu 22.04 LTS must have the "auditd" package installed.