Skip to content
ATO Pathways
  Log In

CCI-000154

Provide the capability to centrally review and analyze audit records from multiple components within the system.

Logo
29

Rule

Severity: Medium
Ensure the audit Subsystem is Installed
Logo
30

Rule

Severity: Medium
Enable auditd Service
Logo
3

Rule

Severity: Medium
Ensure the audit-libs package as a part of audit Subsystem is Installed
Logo
2

Rule

Severity: Medium
Ensure the libaudit1 package as a part of audit Subsystem is Installed
Logo
2

Rule

Severity: Medium
The application must provide the capability to centrally review and analyze audit records from multiple components within the system.
Logo
2

Rule

Severity: Low
The Central Log Server must be configured to perform analysis of log records across multiple devices and hosts in the enclave that can be reviewed by authorized individuals.
Logo
1

Rule

Severity: Medium
The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.
Logo
2

Rule

Severity: Medium
Google Android 13 must be configured to enable audit logging.
Logo
2

Rule

Severity: Medium
The IDPS must provide log information in a format that can be extracted and used by centralized analysis tools.
Logo
2

Rule

Severity: Medium
The Mainframe Product must provide the capability to centrally review and analyze audit records from multiple components within the system.
Logo
1

Rule

Severity: Medium
Exchange must have Queue monitoring configured with threshold and action.
Logo
4

Rule

Severity: Medium
Exchange Queue monitoring must be configured with threshold and action.
Logo
1

Rule

Severity: Medium
Nutanix AOS must provide the capability to centrally review and analyze audit records from multiple components within the system.
Logo
2

Rule

Severity: Medium
Prisma Cloud Compute must be configured to send events to the hosts' syslog.
Logo
1

Rule

Severity: Medium
Tanium must centrally review and analyze audit records from multiple components within the system.
Logo
1

Rule

Severity: Medium
Tanium must provide the capability to centrally review and analyze audit records from multiple components within the system.
Logo
2

Rule

Severity: Medium
The Tanium application must be configured to send audit records from multiple components within the system to a central location for review and analysis of audit records.
Logo
2

Rule

Severity: Medium
The SMS and TPS must provide log information in a format that can be extracted and used by centralized analysis tools.
Logo
1

Rule

Severity: Medium
The MDM Agent must be configured to enable the following function: [selection: read audit logs of the MD]. This requirement is inherently met if the function is automatically implemented during MDM Agent install/device enrollment.
Logo
1

Rule

Severity: Medium
The macOS system must enable System Integrity Protection.
Logo
3

Rule

Severity: High
The macOS system must enable System Integrity Protection.
Logo
3

Rule

Severity: High
The macOS system must ensure System Integrity Protection is enabled.
Logo
3

Rule

Severity: Medium
The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.
Logo
2

Rule

Severity: Medium
The container platform components must provide the ability to send audit logs to a central enterprise repository for review and analysis.
Logo
2

Rule

Severity: Medium
Google Android 14 must be configured to enable audit logging.
Logo
2

Rule

Severity: Medium
The operating system must provide the capability to centrally review and analyze audit records from multiple components within the system.
Logo
2

Rule

Severity: Medium
AIX must provide audit record generation functionality for DoD-defined auditable events.
Logo
4

Rule

Severity: Medium
Exchange queue monitoring must be configured with threshold and action.
Logo
2

Rule

Severity: Medium
OL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
Logo
2

Rule

Severity: Medium
OpenShift components must provide the ability to send audit logs to a central enterprise repository for review and analysis.
Logo
4

Rule

Severity: Medium
SUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
Logo
2

Rule

Severity: Medium
RHEL 9 must have the rsyslog package installed.
Logo
2

Rule

Severity: Medium
RHEL 9 audit package must be installed.
Logo
2

Rule

Severity: Medium
RHEL 9 audit service must be enabled.
Logo
2

Rule

Severity: Medium
RHEL 9 must periodically flush audit records to disk to prevent the loss of audit records.
Logo
2

Rule

Severity: Medium
The VMM must support the capability to centrally review and analyze audit records from multiple components within the system.
Logo
1

Rule

Severity: Medium
Remote logging for ESXi hosts must be configured.
Logo
1

Rule

Severity: Medium
An Apache web server that is part of a web server cluster must route all remote management through a centrally managed access control point.
Logo
1

Rule

Severity: Medium
The application must provide centralized management and configuration of the content to be captured in audit records generated by all application components.
Logo
1

Rule

Severity: Medium
Ubuntu 22.04 LTS must have the "auditd" package installed.
Logo
1

Rule

Severity: Medium
Ubuntu 22.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.
Logo
1

Rule

Severity: Medium
Google Android 15 must be configured to enable audit logging.
Logo
1

Rule

Severity: Medium
MKE must be configured to send audit data to a centralized log server.
Logo
1

Rule

Severity: Medium
The OL 8 audit package must be installed.
Logo
1

Rule

Severity: Medium
SLEM 5 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
Logo
1

Rule

Severity: Medium
The Tanium application must be configured to send audit records from multiple components within the system to a central location for review and analysis.
Logo
1

Rule

Severity: Medium
TOSS audit records must contain information to establish what type of events occurred, when the events occurred, the source of events, where events occurred, and the outcome of events.

Patternfly

PatternFly elements

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules