Capacity
CCI-000171
Allow organization-defined personnel or roles to select the event types that are to be logged by specific components of the system.
29
Rule
Severity: Medium
Audit Configuration Files Must Be Owned By Group root
29
Rule
Severity: Medium
Audit Configuration Files Must Be Owned By Root
9
Rule
Severity: Medium
Verify Permissions on /etc/audit/auditd.conf
9
Rule
Severity: Medium
Verify Permissions on /etc/audit/rules.d/*.rules
1
Rule
Severity: Medium
The A10 Networks ADC must allow only the ISSM (or individuals or roles appointed by the ISSM) Root, Read Write, or Read Only privileges.
2
Rule
Severity: Medium
The application server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which logable events are to be logged.
2
Rule
Severity: Low
The Central Log Server must be configured to allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be retained.
1
Rule
Severity: Medium
Citrix License Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
1
Rule
Severity: Medium
XenDesktop License Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
1
Rule
Severity: Low
The DBN-6300 must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be generated and forwarded to the audit log.
1
Rule
Severity: Medium
The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.
1
Rule
Severity: Medium
log-opts on all Docker Engine - Enterprise nodes must be configured.
1
Rule
Severity: Medium
The DataPower Gateway must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
1
Rule
Severity: Medium
DB2 must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
1
Rule
Severity: Medium
The WebSphere Application Server users in the WebSphere auditor role must be configured in accordance with the System Security Plan.
2
Rule
Severity: Medium
JBoss must be configured to allow only the ISSM (or individuals or roles appointed by the ISSM) to select which loggable events are to be logged.
3
Rule
Severity: Medium
A manager role must be assigned to the Apache Tomcat Web apps (Manager, Host-Manager).
2
Rule
Severity: Medium
The ISEC7 EMM Suite server must be configured to have at least one user in the following Administrator roles: Security Administrator, Site Administrator, Help Desk User.
2
Rule
Severity: Medium
For local accounts, the Juniper SRX Services Gateway must generate an alert message to the management console and generate a log event record that can be forwarded to the ISSO and designated system administrators when local accounts are created.
2
Rule
Severity: Medium
The Mainframe Product must allow only the information system security manager (ISSM) or individuals or roles appointed by the ISSM to select which auditable events are to be audited.
2
Rule
Severity: Medium
Azure SQL Database must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
1
Rule
Severity: Medium
SharePoint must allow designated organizational personnel to select which auditable events are to be audited by specific components of the system.
1
Rule
Severity: Medium
Where SQL Server Audit is in use at the database level, SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited at the database level.
1
Rule
Severity: Medium
Where SQL Server Trace is in use for auditing purposes, SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be traced.
1
Rule
Severity: Medium
Where SQL Server Audit is in use, SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited at the server level.
1
Rule
Severity: Medium
The Windows 2012 DNS Server logging criteria must only be configured by the ISSM or individuals appointed by the ISSM.
1
Rule
Severity: Medium
Nutanix AOS must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
2
Rule
Severity: Medium
Rancher MCM must generate audit records for all DoD-defined auditable events within all components in the platform.
1
Rule
Severity: Medium
Riverbed Optimization System (RiOS) must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be logged.
1
Rule
Severity: Medium
Innoslate must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
1
Rule
Severity: Low
Splunk Enterprise must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to be assigned to the Power User role.
2
Rule
Severity: Medium
The UEM server must be configured to allow only specific administrator roles to select which auditable events are to be audited.
1
Rule
Severity: Medium
The Horizon Connection Server must limit access to the global configuration privilege.
2
Rule
Severity: Medium
AccessLogValve must be configured per each virtual host.
3
Rule
Severity: Medium
The macOS system must configure audit_control group to wheel.
3
Rule
Severity: Medium
The macOS system must configure audit_control owner to root.
2
Rule
Severity: Medium
The macOS system must configure audit_control to mode 440 or less permissive.
2
Rule
Severity: Medium
The macOS system must configure audit_control to not contain access control lists.
3
Rule
Severity: Medium
The Ubuntu operating system must be configured so that audit configuration files are not write-accessible by unauthorized users.
3
Rule
Severity: Medium
The Ubuntu operating system must permit only authorized accounts to own the audit configuration files.
3
Rule
Severity: Medium
The Ubuntu operating system must permit only authorized groups to own the audit configuration files.
2
Rule
Severity: Medium
PostgreSQL must allow only the Information System Security Manager (ISSM), or individuals or roles appointed by the ISSM, to select which auditable events are to be audited.
2
Rule
Severity: Medium
The DBMS must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
2
Rule
Severity: Medium
The container platform must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
3
Rule
Severity: Medium
The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
2
Rule
Severity: Medium
The operating system must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
2
Rule
Severity: Medium
The AIX audit configuration files must be owned by root.
2
Rule
Severity: Medium
The AIX audit configuration files must be group-owned by audit.
2
Rule
Severity: Medium
The AIX audit configuration files must be set to 640 or less permissive.
6
Rule
Severity: High
IBM z/OS SYS1.PARMLIB must be properly protected.
2
Rule
Severity: Medium
MarkLogic Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
2
Rule
Severity: Medium
MariaDB must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
2
Rule
Severity: Medium
MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.
2
Rule
Severity: Medium
The RBAC role for audit log management must be defined and restricted.
4
Rule
Severity: Medium
SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
4
Rule
Severity: Medium
The Manage auditing and security log user right must only be assigned to the Administrators group.
2
Rule
Severity: Medium
The "Manage auditing and security log" user right must only be assigned to the Administrators group.
2
Rule
Severity: Medium
Windows Server 2019 Manage auditing and security log user right must only be assigned to the Administrators group.
2
Rule
Severity: Medium
Windows Server 2022 manage auditing and security log user right must only be assigned to the Administrators group.
3
Rule
Severity: Medium
The DBMS must allow designated organizational personnel to select which auditable events are to be audited by the database.
1
Rule
Severity: Medium
PostgreSQL must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
2
Rule
Severity: Medium
OL 8 must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
2
Rule
Severity: Medium
The MySQL Database Server 8.0 must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
2
Rule
Severity: Medium
Redis Enterprise DBMS must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
2
Rule
Severity: Medium
OpenShift must generate audit records for all DOD-defined auditable events within all components in the platform.
2
Rule
Severity: Medium
RHEL 8 must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
2
Rule
Severity: Medium
RHEL 9 must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
2
Rule
Severity: Medium
RHEL 9 /etc/audit/auditd.conf file must have 0640 or less permissive to prevent unauthorized access.
1
Rule
Severity: Low
Splunk Enterprise must allow only the individuals appointed by the Information System Security Manager (ISSM) to have full admin rights to the system.
2
Rule
Severity: Medium
The VMM must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
1
Rule
Severity: Medium
The ESXi host must produce audit records containing information to establish what type of events occurred.
3
Rule
Severity: Medium
The ESXi must produce audit records containing information to establish what type of events occurred.
1
Rule
Severity: Medium
The Photon operating system must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
3
Rule
Severity: Medium
The vCenter ESX Agent Manager service must produce log records containing sufficient information regarding event details.
1
Rule
Severity: Medium
VMware Postgres configuration files must not be accessible by unauthorized users.
3
Rule
Severity: Medium
The vCenter Lookup service must produce log records containing sufficient information regarding event details.
3
Rule
Severity: Medium
The vCenter Perfcharts service must produce log records containing sufficient information regarding event details.
3
Rule
Severity: Medium
The Photon operating system must allow only authorized users to configure the auditd service.
3
Rule
Severity: Medium
The vCenter PostgreSQL service configuration files must not be accessible by unauthorized users.
3
Rule
Severity: Medium
The vCenter STS service must produce log records containing sufficient information regarding event details.
3
Rule
Severity: Medium
The vCenter UI service must produce log records containing sufficient information regarding event details.
1
Rule
Severity: Medium
The macOS system must configure audit_control owner to mode 440 or less permissive.
1
Rule
Severity: Medium
The macOS system must configure audit_control to not contain access control lists (ACLs).
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must be configured so that audit configuration files are not write-accessible by unauthorized users.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must permit only authorized accounts to own the audit configuration files.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must permit only authorized groups to own the audit configuration files.
1
Rule
Severity: Medium
PostgreSQL must allow only the information system security manager (ISSM), or individuals or roles appointed by the ISSM, to select which events are to be audited.
1
Rule
Severity: Medium
The ISEC7 SPHERE server must be configured to have at least one user in the following Administrator roles: Security Administrator, Site Administrator, and Help Desk User.
1
Rule
Severity: Medium
MongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components.
1
Rule
Severity: Low
Splunk Enterprise must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to be assigned to the Power User role.
1
Rule
Severity: Low
Splunk Enterprise must allow only the individuals appointed by the information system security manager (ISSM) to have full admin rights to the system.
1
Rule
Severity: Medium
TOSS must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules