Skip to content
Log In

CCI-000172

Generate audit records for the event types defined in AU-2 c that include the audit record content defined in AU-3.

Ensure the audit Subsystem is Installed

34 rules found Severity: Medium

Logo

Enable auditd Service

36 rules found Severity: Medium

Logo

Ensure auditd Collects Information on Exporting to Media (successful)

34 rules found Severity: Medium

Logo

Ensure auditd Collects System Administrator Actions

34 rules found Severity: Medium

Logo

Record Events that Modify User/Group Information

29 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - chmod

33 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - chown

33 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - fchmod

34 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - fchmodat

33 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - fchown

33 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - fchownat

33 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - fremovexattr

34 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - fsetxattr

33 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - lchown

34 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - lremovexattr

33 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - lsetxattr

33 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - removexattr

33 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - setxattr

33 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - umount

31 rules found Severity: Medium

Logo

Record Events that Modify the System's Discretionary Access Controls - umount2

33 rules found Severity: Medium

Logo

Ensure auditd Collects File Deletion Events by User

23 rules found Severity: Medium

Logo

Ensure auditd Collects File Deletion Events by User - rename

33 rules found Severity: Medium

Logo

Ensure auditd Collects File Deletion Events by User - renameat

33 rules found Severity: Medium

Logo

Ensure auditd Collects File Deletion Events by User - rmdir

32 rules found Severity: Medium

Logo

Ensure auditd Collects File Deletion Events by User - unlink

33 rules found Severity: Medium

Logo

Ensure auditd Collects File Deletion Events by User - unlinkat

33 rules found Severity: Medium

Logo

Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)

25 rules found Severity: Medium

Logo

Record Unsuccessful Access Attempts to Files - creat

27 rules found Severity: Medium

Logo

Record Unsuccessful Access Attempts to Files - ftruncate

27 rules found Severity: Medium

Logo

Record Unsuccessful Access Attempts to Files - open

28 rules found Severity: Medium

Logo

Record Unsuccessful Access Attempts to Files - open_by_handle_at

26 rules found Severity: Medium

Logo

Record Unsuccessful Access Attempts to Files - openat

27 rules found Severity: Medium

Logo

Record Unsuccessful Access Attempts to Files - truncate

27 rules found Severity: Medium

Logo

Ensure auditd Collects Information on Kernel Module Loading and Unloading

25 rules found Severity: Medium

Logo

Ensure auditd Collects Information on Kernel Module Unloading - delete_module

27 rules found Severity: Medium

Logo

Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module

28 rules found Severity: Medium

Logo

Ensure auditd Collects Information on Kernel Module Loading - init_module

26 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - init

31 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - poweroff

31 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - reboot

31 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - shutdown

31 rules found Severity: Medium

Logo

Ensure the audit-libs package as a part of audit Subsystem is Installed

7 rules found Severity: Medium

Logo

Enable Auditing for Processes Which Start Prior to the Audit Daemon

22 rules found Severity: Low

Logo

Extend Audit Backlog Limit for the Audit Daemon

5 rules found Severity: Low

Logo

Record Events that Modify User/Group Information - /etc/group

26 rules found Severity: Medium

Logo

Record Events that Modify User/Group Information - /etc/gshadow

25 rules found Severity: Medium

Logo

Record Events that Modify User/Group Information - /etc/security/opasswd

26 rules found Severity: Medium

Logo

Record Events that Modify User/Group Information - /etc/passwd

26 rules found Severity: Medium

Logo

Record Events that Modify User/Group Information - /etc/shadow

26 rules found Severity: Medium

Logo

Record Any Attempts to Run chcon

21 rules found Severity: Medium

Logo

Record Any Attempts to Run restorecon

16 rules found Severity: Medium

Logo

Record Any Attempts to Run semanage

17 rules found Severity: Medium

Logo

Record Any Attempts to Run setfiles

16 rules found Severity: Medium

Logo

Record Any Attempts to Run setsebool

17 rules found Severity: Medium

Logo

Record Any Attempts to Run seunshare

14 rules found Severity: Medium

Logo

Record Unsuccessful Permission Changes to Files - chmod

11 rules found Severity: Medium

Logo

Record Unsuccessful Ownership Changes to Files - chown

11 rules found Severity: Medium

Logo

Record Unsuccessful Permission Changes to Files - fchmod

11 rules found Severity: Medium

Logo

Record Unsuccessful Permission Changes to Files - fchmodat

11 rules found Severity: Medium

Logo

Record Unsuccessful Ownership Changes to Files - fchown

11 rules found Severity: Medium

Logo

Record Unsuccessful Ownership Changes to Files - fchownat

11 rules found Severity: Medium

Logo

Record Unsuccessful Permission Changes to Files - fremovexattr

11 rules found Severity: Medium

Logo

Record Unsuccessful Permission Changes to Files - fsetxattr

11 rules found Severity: Medium

Logo

Record Unsuccessful Ownership Changes to Files - lchown

11 rules found Severity: Medium

Logo

Record Unsuccessful Permission Changes to Files - lremovexattr

11 rules found Severity: Medium

Logo

Record Unsuccessful Permission Changes to Files - lsetxattr

11 rules found Severity: Medium

Logo

Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT

13 rules found Severity: Medium

Logo

Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE

13 rules found Severity: Medium

Logo

Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly

13 rules found Severity: Medium

Logo

Record Unsuccessful Creation Attempts to Files - open O_CREAT

13 rules found Severity: Medium

Logo

Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE

13 rules found Severity: Medium

Logo

Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly

13 rules found Severity: Medium

Logo

Record Unsuccessful Creation Attempts to Files - openat O_CREAT

13 rules found Severity: Medium

Logo

Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE

13 rules found Severity: Medium

Logo

Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly

13 rules found Severity: Medium

Logo

Record Unsuccessful Permission Changes to Files - removexattr

11 rules found Severity: Medium

Logo

Record Unsuccessful Delete Attempts to Files - rename

16 rules found Severity: Medium

Logo

Record Unsuccessful Delete Attempts to Files - renameat

15 rules found Severity: Medium

Logo

Record Unsuccessful Permission Changes to Files - setxattr

11 rules found Severity: Medium

Logo

Record Unsuccessful Delete Attempts to Files - unlink

15 rules found Severity: Medium

Logo

Record Unsuccessful Delete Attempts to Files - unlinkat

15 rules found Severity: Medium

Logo

Ensure auditd Collects Information on Kernel Module Unloading - create_module

11 rules found Severity: Medium

Logo

Record Attempts to Alter Logon and Logout Events

19 rules found Severity: Medium

Logo

Record Attempts to Alter Logon and Logout Events - faillock

25 rules found Severity: Medium

Logo

Record Attempts to Alter Logon and Logout Events - lastlog

28 rules found Severity: Medium

Logo

Record Attempts to Alter Logon and Logout Events - tallylog

23 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - at

14 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - chage

20 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - chsh

20 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - crontab

20 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd

20 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - insmod

13 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - kmod

20 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - modprobe

13 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - mount

18 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap

13 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - newgrp

20 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap

13 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check

20 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - passwd

20 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - postdrop

18 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - postqueue

18 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown

12 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - rmmod

13 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign

20 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - su

20 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - sudo

23 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit

19 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - umount

19 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd

20 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - userhelper

16 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl

12 rules found Severity: Medium

Logo

Ensure auditd Collects System Administrator Actions - /etc/sudoers

11 rules found Severity: Medium

Logo

Ensure auditd Collects System Administrator Actions - /etc/sudoers.d/

10 rules found Severity: Medium

Logo

Record Attempts to perform maintenance activities

19 rules found Severity: Medium

Logo

Record Any Attempts to Run chacl

18 rules found Severity: Medium

Logo

Record Any Attempts to Run setfacl

15 rules found Severity: Medium

Logo

Record Any Attempts to Run ssh-agent

14 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - unix_update

10 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - usermod

18 rules found Severity: Medium

Logo

Log USBGuard daemon audit events using Linux Audit

1 rule found Severity: Low

Logo

Ensure the libaudit1 package as a part of audit Subsystem is Installed

2 rules found Severity: Medium

Logo

Record Any Attempts to Run chmod

3 rules found Severity: Medium

Logo

Record Any Attempts to Run rm

3 rules found Severity: Medium

Logo

Record Attempts to Alter Logon and Logout Events - faillog

4 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - chfn

5 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - passmass

2 rules found Severity: Medium

Logo

Record Attempts to Alter Process and Session Initiation Information btmp

4 rules found Severity: Medium

Logo

Record Attempts to Alter Process and Session Initiation Information utmp

4 rules found Severity: Medium

Logo

Record Attempts to Alter Process and Session Initiation Information wtmp

4 rules found Severity: Medium

Logo

Record Unsuccessful Delete Attempts to Files - renameat2

1 rule found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - unix2_chkpwd

3 rules found Severity: Medium

Logo

Record Any Attempts to Run apparmor_parser

2 rules found Severity: Medium

Logo

Ensure auditd Collects Information on the Use of Privileged Commands - fdisk

2 rules found Severity: Medium

Logo

Compliance Guardian must provide automated mechanisms for supporting account management functions.

1 rule found Severity: Medium

Logo

The Akamai Luna Portal must generate audit records when successful/unsuccessful attempts to access privileges occur.

1 rule found Severity: Low

Logo

The Arista Multilayer Switch must generate audit records when successful/unsuccessful attempts to access privileges occur.

1 rule found Severity: Low

Logo

The Arista Multilayer Switch must generate audit records for privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The Arista Multilayer Switch must generate audit records showing starting and ending time for administrator access to the system.

1 rule found Severity: Medium

Logo

The Arista Multilayer Switch must generate audit records when concurrent logons from different workstations occur.

1 rule found Severity: Medium

Logo

The Arista Multilayer Switch must generate audit records for all account creations, modifications, disabling, and termination events.

1 rule found Severity: Medium

Logo

The CA API Gateway must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The CA API Gateway must generate audit records showing starting and ending time for administrator access to the system.

1 rule found Severity: Medium

Logo

The CA API Gateway must generate audit records when concurrent logons from different workstations occur.

1 rule found Severity: Medium

Logo

The CA API Gateway providing user access control intermediary services must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The CA API Gateway providing user access control intermediary services must generate audit records showing starting and ending time for user access to the system.

1 rule found Severity: Medium

Logo

The DBN-6300 must generate log records when successful attempts to access privileges occur.

1 rule found Severity: Medium

Logo

The DBN-6300 must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur.

1 rule found Severity: Medium

Logo

The DBN-6300 must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur.

1 rule found Severity: Medium

Logo

The DBN-6300 must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The DBN-6300 must generate audit records for privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The DBN-6300 must generate audit records showing starting and ending time for administrator access to the system.

1 rule found Severity: Medium

Logo

The DBN-6300 must generate audit records when concurrent logons from different workstations occur.

1 rule found Severity: Medium

Logo

The DBN-6300 must generate audit records for all account creation, modification, disabling, and termination events.

1 rule found Severity: Medium

Logo

The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.

1 rule found Severity: Medium

Logo

The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.

1 rule found Severity: Medium

Logo

An appropriate Docker Engine - Enterprise log driver plugin must be configured to collect audit events from Universal Control Plane (UCP) and Docker Trusted Registry (DTR).

1 rule found Severity: Medium

Logo

The FortiGate device must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur.

1 rule found Severity: Medium

Logo

The FortiGate device must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur.

1 rule found Severity: Medium

Logo

The FortiGate device must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The FortiGate device must generate audit records for privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The FortiGate device must generate audit records showing starting and ending time for administrator access to the system.

1 rule found Severity: Medium

Logo

The FortiGate device must generate audit records when concurrent logons from different workstations occur.

1 rule found Severity: Medium

Logo

The FortiGate firewall must generate traffic log records when traffic is denied, restricted, or discarded.

1 rule found Severity: Medium

Logo

The FortiGate firewall must generate traffic log records when attempts are made to send packets between security zones that are not authorized to communicate.

1 rule found Severity: Medium

Logo

The HP FlexFabric Switch must generate audit records when successful/unsuccessful attempts to access privileges occur.

1 rule found Severity: Medium

Logo

The HP FlexFabric Switch must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur.

1 rule found Severity: Medium

Logo

The HP FlexFabric Switch must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur.

1 rule found Severity: Medium

Logo

The HP FlexFabric Switch must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The HP FlexFabric Switch must generate audit records for privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The HP FlexFabric Switch must generate audit records showing starting and ending time for administrator access to the system.

1 rule found Severity: Medium

Logo

The HP FlexFabric Switch must generate audit records when concurrent logons from different workstations occur.

1 rule found Severity: Medium

Logo

The HP FlexFabric Switch must generate audit records for all account creations, modifications, disabling, and termination events.

1 rule found Severity: Medium

Logo

The HYCU server must generate audit records when successful/unsuccessful attempts to access privileges occur.

1 rule found Severity: Medium

Logo

The HYCU server must generate audit records when successful/unsuccessful attempts to modify or delete administrator privileges occur.

1 rule found Severity: Medium

Logo

The HYCU server must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The HYCU server must generate audit records for privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The HYCU server must initiate session auditing upon startup and produce audit log records containing sufficient information to establish what type of event occurred.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when privileges/permissions are retrieved.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when unsuccessful attempts to retrieve privileges/permissions occur.

1 rule found Severity: Medium

Logo

The MQ Appliance messaging server must identify potentially security-relevant error conditions.

1 rule found Severity: Medium

Logo

The MQ Appliance messaging server must provide access logging that ensures users who are granted a privileged role (or roles) have their privileged activity logged.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when security objects are accessed.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when unsuccessful attempts to access security objects occur.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when categorized information (e.g., classification levels/security levels) are accessed.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when unsuccessful attempts to access categorized information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when privileges/permissions are added.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when unsuccessful attempts to add privileges/permissions occur.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when privileges/permissions are modified.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when unsuccessful attempts to modify privileges/permissions occur.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when security objects are modified.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when categorized information (e.g., classification levels/security levels) is modified.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when unsuccessful attempts to modify categorized information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when privileges/permissions are deleted.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when unsuccessful attempts to delete privileges/permissions occur.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when security objects are deleted.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when unsuccessful attempts to delete security objects occur.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when categorized information (e.g., classification levels/security levels) is deleted.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when successful logons or connections occur.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when unsuccessful logons or connection attempts occur.

1 rule found Severity: Medium

Logo

DB2 must generate audit records for all privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when unsuccessful attempts to execute privileged activities or other system-level access occur.

1 rule found Severity: Medium

Logo

DB2 must generate audit records showing starting and ending time for user access to the database(s).

1 rule found Severity: Medium

Logo

DB2 must generate audit records when concurrent logons/connections by the same user from different workstations occur.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when successful accesses to objects occur.

1 rule found Severity: Medium

Logo

DB2 must generate audit records when unsuccessful accesses to objects occur.

1 rule found Severity: Medium

Logo

DB2 must generate audit records for all direct access to the database(s).

1 rule found Severity: Medium

Logo

The WebSphere Application Server audit event type filters must be configured.

1 rule found Severity: Medium

Logo

The WebSphere Application Server must generate log records when successful/unsuccessful attempts to access subject privileges occur.

1 rule found Severity: Low

Logo

The MQ Appliance network device must generate audit records when concurrent logons from different workstations occur.

1 rule found Severity: Medium

Logo

The MQ Appliance network device must generate audit records for all account creations, modifications, disabling, and termination events.

1 rule found Severity: Medium

Logo

CA VM:Secure product must be installed and operating.

1 rule found Severity: Medium

Logo

The IBM z/VM Journal option must be specified in the Product Configuration File.

1 rule found Severity: Medium

Logo

Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is accessed.

1 rule found Severity: Medium

Logo

Trace or Audit records must be generated when unsuccessful attempts to access categorized information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records when privileges/permissions are modified via locally-defined security objects.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records when unsuccessful attempts to modify privileges/permissions via locally-defined security objects occur.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records when locally-defined security objects are modified.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records when unsuccessful accesses to designated objects occur.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records when successful accesses to designated objects occur.

1 rule found Severity: Medium

Logo

Trace or Audit records must be generated when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records when unsuccessful attempts to drop locally-defined security objects occur.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records when locally-defined security objects are dropped.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records when unsuccessful attempts to modify locally-defined security objects occur.

1 rule found Severity: Medium

Logo

Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is created.

1 rule found Severity: Medium

Logo

Trace or Audit records must be generated when unsuccessful attempts to create categorized information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified.

1 rule found Severity: Medium

Logo

Trace or Audit records must be generated when unsuccessful attempts to modify categorized information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

Where SQL Server Audit is in use, SQL Server must generate audit records when privileges/permissions are retrieved.

1 rule found Severity: Medium

Logo

Where SQL Server Audit is in use, SQL Server must generate audit records when unsuccessful attempts to retrieve privileges/permissions occur.

1 rule found Severity: Medium

Logo

SQL Server must produce Trace or Audit records when security objects are accessed.

1 rule found Severity: Medium

Logo

SQL Server must produce Trace or Audit records when unsuccessful attempts to access security objects occur.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records when privileges/permissions are added.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records when unsuccessful attempts to add privileges/permissions occur.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records when privileges/permissions are deleted.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records when unsuccessful attempts to delete privileges/permissions occur.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records when successful logons or connections occur.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records when unsuccessful logons or connection attempts occur.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records for all privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records when unsuccessful attempts to execute privileged activities or other system-level access occur.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records when logoffs or disconnections occur.

1 rule found Severity: Medium

Logo

SQL Server must generate Trace or Audit records when concurrent logons/connections by the same user from different workstations occur.

1 rule found Severity: Medium

Logo

Nutanix AOS must produce audit records containing the full-text recording of successful and unsuccessful uses and variations of the chown privileged commands.

1 rule found Severity: Medium

Logo

Nutanix AOS must produce audit records containing the full-text recording of successful and unsuccessful uses and variations of the creat privileged commands.

1 rule found Severity: Medium

Logo

Nutanix AOS must produce audit records containing the full-text recording of successful and unsuccessful uses and variations of the open-related privileged commands.

1 rule found Severity: Medium

Logo

Nutanix AOS must produce audit records containing the full-text recording of successful and unsuccessful uses and variations of the truncate-related privileged commands.

1 rule found Severity: Medium

Logo

Nutanix AOS must generate audit records for file access actions.

1 rule found Severity: Medium

Logo

Nutanix AOS must generate audit records for file ownership actions.

1 rule found Severity: Medium

Logo

Nutanix AOS must generate audit records for file permission actions.

1 rule found Severity: Medium

Logo

Nutanix AOS must generate audit records for file extended attribute actions.

1 rule found Severity: Medium

Logo

Nutanix AOS must generate audit records when successful/unsuccessful attempts to access categories of information (e.g., classification levels) occur.

1 rule found Severity: Medium

Logo

Nutanix AOS must generate audit records when successful/unsuccessful attempts to modify privileges occur.

1 rule found Severity: Medium

Logo

Nutanix AOS must generate audit records when successful/unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

Nutanix AOS must generate audit records when successful/unsuccessful attempts to modify categories of information occur.

1 rule found Severity: Medium

Logo

Nutanix AOS must audit attempts to modify or delete security objects.

1 rule found Severity: Medium

Logo

Nutanix AOS must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

Nutanix AOS must generate audit records for privileged security activities.

1 rule found Severity: Medium

Logo

Nutanix AOS must generate audit records for privileged account activities.

1 rule found Severity: Medium

Logo

Nutanix AOS must be configured to audit the loading and unloading of dynamic kernel modules.

1 rule found Severity: Medium

Logo

Nutanix AOS must generate audit records when concurrent logons to the same account occur from different sources.

1 rule found Severity: Medium

Logo

Nutanix AOS must generate audit records when successful/unsuccessful accesses to objects occur.

1 rule found Severity: Medium

Logo

Nutanix AOS must generate audit records for all direct access to the information system.

1 rule found Severity: Medium

Logo

Nutanix AOS must generate audit records for all account creations, modifications, disabling, and termination events.

1 rule found Severity: Medium

Logo

Oracle WebLogic must provide access logging that ensures users who are granted a privileged role (or roles) have their privileged activity logged.

1 rule found Severity: Medium

Logo

Oracle WebLogic must generate audit records for the DoD-selected list of auditable events.

1 rule found Severity: Low

Logo

Innoslate must generate comprehensive audit records.

1 rule found Severity: Medium

Logo

Innoslate must generate audit records when DoD required events occur.

1 rule found Severity: Medium

Logo

Symantec ProxySG providing user access control intermediary services must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

Symantec ProxySG providing user access control intermediary services must generate audit records showing starting and ending time for user access to the system.

1 rule found Severity: Medium

Logo

Symantec ProxySG providing user access control intermediary services must generate audit records when successful/unsuccessful attempts to access web resources occur.

1 rule found Severity: Medium

Logo

The NSX-T Manager must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur.

1 rule found Severity: Medium

Logo

The NSX-T Tier-1 Gateway Firewall must generate traffic log entries containing information to establish the details of the event.

1 rule found Severity: Low

Logo

The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions.

1 rule found Severity: Medium

Logo

The macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur.

2 rules found Severity: Medium

Logo

The macOS system must audit the enforcement actions used to restrict access associated with changes to the system.

2 rules found Severity: Medium

Logo

The macOS system must generate audit records for DoD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources.

1 rule found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for the use and modification of the tallylog file.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for the use and modification of faillog file.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for the use and modification of the lastlog file.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for the /var/log/wtmp file.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for the /var/run/utmp file.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for the /var/log/btmp file.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.

1 rule found Severity: Medium

Logo

The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the su command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chfn command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the mount command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the umount command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-agent command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the ssh-keysign command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for any usage of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.

1 rule found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudo command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudoedit command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chsh command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the newgrp command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chcon command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the apparmor_parser command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the setfacl command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chacl command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the passwd command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the unix_update command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the gpasswd command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chage command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the usermod command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the crontab command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the pam_timestamp_check command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records upon successful/unsuccessful use of unlink, unlinkat, rename, renameat, and rmdir system calls.

1 rule found Severity: Medium

Logo

The Ubuntu operating system must generate records for successful/unsuccessful uses of init_module or finit_module syscalls.

1 rule found Severity: Medium

Logo

The Ubuntu operating system must generate records for successful/unsuccessful uses of delete_module syscall and when unloading dynamic kernel modules.

1 rule found Severity: Medium

Logo

The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use modprobe command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the kmod command.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must generate audit records when successful/unsuccessful attempts to use the fdisk command.

2 rules found Severity: Medium

Logo

MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.

2 rules found Severity: Medium

Logo

The network device must generate audit records when successful/unsuccessful logon attempts occur.

5 rules found Severity: Medium

Logo

Windows Defender Firewall with Advanced Security must log dropped packets when connected to a domain.

1 rule found Severity: Low

Logo

Windows Defender Firewall with Advanced Security must log dropped packets when connected to a private network.

1 rule found Severity: Low

Logo

Windows Defender Firewall with Advanced Security must log dropped packets when connected to a public network.

1 rule found Severity: Low

Logo

The DBMS must generate audit records for the DoD-selected list of auditable events, to the extent such information is available.

2 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when categorized information (e.g., classification levels/security levels) is accessed.

2 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when unsuccessful attempts to access security objects occur.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when unsuccessful logons or connection attempts occur.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records showing starting and ending time for user access to the database(s).

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when unsuccessful attempts to modify security objects occur.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when privileges/permissions are added.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur.

2 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when successful logons or connections occur.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when security objects are deleted.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when unsuccessful attempts to retrieve privileges/permissions occur.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when unsuccessful attempts to delete privileges/permissions occur.

3 rules found Severity: Medium

Logo

PostgreSQL must be able to generate audit records when privileges/permissions are retrieved.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when unsuccessful attempts to modify categorized information (e.g., classification levels/security levels) occur.

2 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when unsuccessful accesses to objects occur.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records for all privileged activities or other system-level access.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when unsuccessful attempts to access categorized information (e.g., classification levels/security levels) occur.

2 rules found Severity: Medium

Logo

PostgreSQL must be able to generate audit records when security objects are accessed.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when privileges/permissions are deleted.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when concurrent logons/connections by the same user from different workstations occur.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when unsuccessful attempts to delete security objects occur.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when privileges/permissions are modified.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when unsuccessful attempts to execute privileged activities or other system-level access occur.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when security objects are modified.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when categorized information (e.g., classification levels/security levels) is modified.

1 rule found Severity: Medium

Logo

PostgreSQL must generate audit records when unsuccessful attempts to modify privileges/permissions occur.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when unsuccessful attempts to add privileges/permissions occur.

3 rules found Severity: Medium

Logo

Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted.

3 rules found Severity: Medium

Logo

PostgreSQL must generate audit records when successful accesses to objects occur.

2 rules found Severity: Medium

Logo

PostgreSQL must generate audit records for all direct access to the database(s).

3 rules found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the chown, fchown, fchownat, and lchown syscalls.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the chmod, fchmod, and fchmodat syscalls.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr syscalls.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate syscalls.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the semanage command.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the setsebool command.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the chcon command.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the setfiles command.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must generate audit records for all unsuccessful account access events.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must generate audit records for all successful account access events.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the passwd command.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the unix_chkpwd command.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the gpasswd command.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the chage command.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the userhelper command.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the su command.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the sudo command.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the sudoers file and all files in the /etc/sudoers.d/ directory.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the newgrp command.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the chsh command.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the ssh-keysign command.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the crontab command.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the pam_timestamp_check command.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the create_module syscall.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the init_module and finit_module syscalls.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the delete_module syscall.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the kmod command.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must audit all uses of the unlink, unlinkat, rename, renameat, and rmdir syscalls.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records for DoD-defined auditable events.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when successful/unsuccessful logons, connections, or connection attempts occur.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records showing starting and ending time for user access to the database(s) and concurrent logons/connections by the same user from different workstations.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records for all direct access to the database(s).

2 rules found Severity: Medium

Logo

AccessLogValve must be configured for each application context.

1 rule found Severity: Medium

Logo

AccessLogValve must be configured per each virtual host.

1 rule found Severity: Medium

Logo

AccessLogValve must be configured for Catalina engine.

1 rule found Severity: Medium

Logo

Changes to $CATALINA_HOME/bin/ folder must be logged.

1 rule found Severity: Medium

Logo

Changes to $CATALINA_BASE/conf/ folder must be logged.

1 rule found Severity: Medium

Logo

Changes to $CATALINA_HOME/lib/ folder must be logged.

1 rule found Severity: Medium

Logo

The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all nonlocal maintenance and diagnostic sessions.

1 rule found Severity: Medium

Logo

The macOS system must generate audit records for DOD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources.

1 rule found Severity: Medium

Logo

The Arista network device must be configured to audit all administrator activity.

1 rule found Severity: Medium

Logo

The Arista network device must be configured to capture all DOD auditable events.

1 rule found Severity: Medium

Logo

In the event of an error when validating the binding of other DNS servers identity to the BIND 9.x information, when anomalies in the operation of the signed zone transfers are discovered, for the success and failure of start and stop of the name server service or daemon, and for the success and failure of all name server events, a BIND 9.x server implementation must generate a log entry.

1 rule found Severity: Low

Logo

The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.

1 rule found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for any use of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.

1 rule found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the init_module and finit_module syscalls.

1 rule found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the delete_module syscall.

1 rule found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for privileged activities, nonlocal maintenance, diagnostic sessions and other system-level access.

1 rule found Severity: Medium

Logo

The Ubuntu operating system must generate audit records for any successful/unsuccessful use of unlink, unlinkat, rename, renameat, and rmdir system calls.

1 rule found Severity: Medium

Logo

PostgreSQL must generate audit records when categories of information (e.g., classification levels/security levels) is modified.

1 rule found Severity: Medium

Logo

PostgreSQL must generate audit records when categories of information (e.g., classification levels/security levels) are accessed.

1 rule found Severity: Medium

Logo

PostgreSQL must generate audit records when unsuccessful attempts to access categories of information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

PostgreSQL must generate audit records when categories of information (e.g., classification levels/security levels) are modified.

1 rule found Severity: Medium

Logo

PostgreSQL must generate audit records when unsuccessful attempts to modify categories of information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

PostgreSQL must generate audit records when categories of information (e.g., classification levels/security levels) are deleted.

1 rule found Severity: Medium

Logo

PostgreSQL must generate audit records when unsuccessful attempts to delete categories of information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

PostgreSQL must be able to generate audit records when successful accesses to objects occur.

1 rule found Severity: Medium

Logo

The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to access privileges occur.

1 rule found Severity: Medium

Logo

The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to modify administrator privileges occur.

1 rule found Severity: Medium

Logo

The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to delete administrator privileges occur.

1 rule found Severity: Medium

Logo

The Cisco ASA must be configured to generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The Cisco ASA must be configured to generate audit records for privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The Cisco ASA must be configured to generate audit records showing starting and ending time for administrator access to the system.

1 rule found Severity: Medium

Logo

The Cisco ASA must be configured to generate audit records when concurrent logons from different workstations occur.

1 rule found Severity: Medium

Logo

The Cisco ASA VPN remote access server must be configured to generate log records when successful and/or unsuccessful VPN connection attempts occur.

1 rule found Severity: Medium

Logo

The Cisco device must be configured to audit all administrator activity.

4 rules found Severity: Medium

Logo

The Cisco switch must be configured to generate log records when administrator privileges are deleted.

3 rules found Severity: Medium

Logo

The Cisco switch must be configured to generate audit records when successful/unsuccessful logon attempts occur.

3 rules found Severity: Medium

Logo

The Cisco switch must be configured to generate log records for privileged activities.

3 rules found Severity: Medium

Logo

The Cisco router must be configured to generate audit records when successful/unsuccessful attempts to logon with access privileges occur.

1 rule found Severity: Medium

Logo

The Cisco ISE must generate audit records when successful attempts to access privileges occur.

1 rule found Severity: Medium

Logo

The Cisco ISE must generate audit records when successful attempts to modify administrator privileges occur.

1 rule found Severity: Medium

Logo

The Cisco ISE must generate audit records when successful attempts to delete administrator privileges occur.

1 rule found Severity: Medium

Logo

The Cisco ISE must generate audit records when successful logon attempts occur.

1 rule found Severity: Medium

Logo

The Cisco ISE must generate audit records for privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The Cisco ISE must generate audit records when concurrent logons from different workstations occur.

1 rule found Severity: Medium

Logo

The Cisco ISE must generate a log record when an endpoint fails authentication. This is This is required for compliance with C2C Step 1.

1 rule found Severity: Medium

Logo

The Cisco ISE must generate a log record when the client machine fails posture assessment because required security software is missing or has been deleted. This is This is required for compliance with C2C Step 1.

1 rule found Severity: Medium

Logo

The Cisco ISE must send an alert to the system administrator, at a minimum, when endpoints fail the policy assessment checks for organization-defined infractions. This is required for compliance with C2C Step 3.

1 rule found Severity: Medium

Logo

The DNS implementation must generate audit records for the success and failure of start and stop of the name server service or daemon.

1 rule found Severity: Medium

Logo

The DNS implementation must generate audit records for the success and failure of all name server events.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when privileges/permissions are retrieved.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to retrieve privileges/permissions occur.

1 rule found Severity: Medium

Logo

The Enterprise Voice, Video, and Messaging Endpoint must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The Enterprise Voice, Video, and Messaging Endpoint must generate audit records for privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The Enterprise Voice, Video, and Messaging Endpoint must generate audit records showing starting and ending time for user access to the system.

1 rule found Severity: Medium

Logo

The F5 BIG-IP appliance must generate event log records that can be forwarded to the centralized events log.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when security objects are accessed.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to access security objects occur.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when categories of information (e.g., classification levels/security levels) are accessed.

1 rule found Severity: Medium

Logo

Audit records must be generated when unsuccessful attempts to access categorized information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when privileges/permissions are added.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to add privileges/permissions occur.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when privileges/permissions are modified.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to modify privileges/permissions occur.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when security objects are modified.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

Audit records must be generated when categorized information (e.g., classification levels/security levels) is created.

1 rule found Severity: Medium

Logo

Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified.

1 rule found Severity: Medium

Logo

Audit records must be generated when unsuccessful attempts to create categorized information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

Audit records must be generated when unsuccessful attempts to modify categorized information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when privileges/permissions are deleted.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to delete privileges/permissions occur.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when security objects are deleted.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to delete security objects occur.

1 rule found Severity: Medium

Logo

Audit records must be generated when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when successful logons or connections occur.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when unsuccessful logons or connection attempts occur.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records for all privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when unsuccessful attempts to execute privileged activities or other system-level access occur.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records showing starting and ending time for user access to the database(s).

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when concurrent logons/connections by the same user from different workstations occur.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must be able to generate audit records when successful accesses to objects occur.

1 rule found Severity: Medium

Logo

The EDB Postgres Advanced Server must generate audit records when unsuccessful accesses to objects occur.

1 rule found Severity: Medium

Logo

The Enterprise Voice, Video, and Messaging Session Manager must generate session (call) records when concurrent logons from multiple endpoints occur.

1 rule found Severity: Medium

Logo

When using locally stored user accounts, the Enterprise Voice, Video, and Messaging Session Manager must generate audit records for all account creations, modifications, disabling, and termination events.

1 rule found Severity: Medium

Logo

The F5 BIG-IP appliance must generate traffic log entries containing information to establish the details of the event, including success or failure of the application of the firewall rule.

1 rule found Severity: Medium

Logo

The F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.

1 rule found Severity: Medium

Logo

AIX must provide audit record generation functionality for DoD-defined auditable events.

1 rule found Severity: Medium

Logo

The WebSphere Liberty Server must log remote session and security activity.

1 rule found Severity: Medium

Logo

The WebSphere Liberty Server must generate log records for authentication and authorization events.

1 rule found Severity: Medium

Logo

The ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.

1 rule found Severity: Medium

Logo

The ICS must be configured to generate audit records when successful/unsuccessful attempts to access privileges occur.

1 rule found Severity: Medium

Logo

The ICS must be configured to generate log records containing sufficient information about where, when, identity, source, or outcome of the events.

1 rule found Severity: Low

Logo

The Juniper EX switch must be configured to generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The Juniper EX switch must be configured to generate audit records for privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The Juniper EX switch must be configured to generate audit records showing starting and ending time for administrator access to the system.

1 rule found Severity: Medium

Logo

The Juniper EX switch must be configured to generate audit records when concurrent logons from different workstations occur.

1 rule found Severity: Medium

Logo

JBoss must be configured to generate log records when successful/unsuccessful attempts to modify privileges occur.

1 rule found Severity: Medium

Logo

JBoss must be configured to generate log records when successful/unsuccessful attempts to delete privileges occur.

1 rule found Severity: Medium

Logo

JBoss must be configured to generate log records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

JBoss must be configured to generate log records for privileged activities.

1 rule found Severity: Medium

Logo

JBoss must be configured to generate log records that show starting and ending times for access to the application server management interface.

1 rule found Severity: Medium

Logo

JBoss must be configured to generate log records when concurrent logons from different workstations occur to the application server management interface.

1 rule found Severity: Medium

Logo

JBoss must be configured to generate log records for all account creations, modifications, disabling, and termination events.

1 rule found Severity: Medium

Logo

Kubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event.

1 rule found Severity: Medium

Logo

MKE must be configured to integrate with an Enterprise Identity Provider.

1 rule found Severity: Medium

Logo

MarkLogic Server must be able to generate audit records when privileges/permissions are retrieved.

1 rule found Severity: Medium

Logo

MarkLogic Server must be able to generate audit records when unsuccessful attempts to retrieve privileges/permissions occur.

1 rule found Severity: Medium

Logo

MarkLogic Server must be able to generate audit records when security objects are accessed.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when unsuccessful attempts to access security objects occur.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when categories of information (e.g., classification levels/security levels) are accessed.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when unsuccessful attempts to access categories of information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when privileges/permissions are added.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when unsuccessful attempts to add privileges/permissions occur.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when privileges/permissions are modified.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when unsuccessful attempts to modify privileges/permissions occur.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when security objects are modified.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when categories of information (e.g., classification levels/security levels) are modified.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when unsuccessful attempts to modify categories of information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when privileges/permissions are deleted.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when unsuccessful attempts to delete privileges/permissions occur.

1 rule found Severity: Medium

Logo

MarkLogic Server DBMS must generate audit records when security objects are deleted.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when unsuccessful attempts to delete security objects occur.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when categories of information (e.g., classification levels/security levels) are deleted.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when unsuccessful attempts to delete categories of information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when successful logons or connections occur.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when unsuccessful logons or connection attempts occur.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records for all privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when unsuccessful attempts to execute privileged activities or other system-level access occur.

1 rule found Severity: Medium

Logo

MarkLogic Server must generate audit records when concurrent logons/connections by the same user from different workstations occur.

1 rule found Severity: Medium

Logo

MarkLogic must be able to generate audit records when successful accesses to objects occur.

1 rule found Severity: Medium

Logo

Audit logging must be enabled on MKE.

1 rule found Severity: Medium

Logo

MongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components.

1 rule found Severity: Medium

Logo

The Azure SQL Database must be able to generate audit records when privileges/permissions are retrieved.

1 rule found Severity: Medium

Logo

The Azure SQL Database must be able to generate audit records when unsuccessful attempts to retrieve privileges/permissions occur.

1 rule found Severity: Medium

Logo

Azure SQL DB must be able to generate audit records when security objects are accessed.

1 rule found Severity: Medium

Logo

Azure SQL DB must generate audit records when unsuccessful attempts to access security objects occur.

1 rule found Severity: Medium

Logo

Azure SQL DB must generate audit records when categorized information (e.g., classification levels/security levels) is accessed.

1 rule found Severity: Medium

Logo

Azure SQL DB must generate audit records when unsuccessful attempts to access categories of information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

Azure SQL DB must generate audit records when privileges/permissions are added.

1 rule found Severity: Medium

Logo

Azure SQL DB must generate audit records when unsuccessful attempts to add privileges/permissions occur.

1 rule found Severity: Medium

Logo

Azure SQL DB must generate audit records when privileges/permissions are modified.

1 rule found Severity: Medium

Logo

Azure SQL DB must generate audit records when unsuccessful attempts to modify privileges/permissions occur.

1 rule found Severity: Medium

Logo

Azure SQL Database must generate audit records when security objects are modified.

1 rule found Severity: Medium

Logo

Azure SQL DB must generate audit records when unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

Azure SQL Database must generate audit records when categorized information (e.g., classification levels/security levels) is modified.

1 rule found Severity: Medium

Logo

Azure SQL Database must generate audit records when unsuccessful attempts to modify categorized information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

Azure SQL Database must generate audit records when privileges/permissions are deleted.

1 rule found Severity: Medium

Logo

Azure SQL Database must generate audit records when unsuccessful attempts to delete privileges/permissions occur.

1 rule found Severity: Medium

Logo

Azure SQL Database must generate audit records when security objects are deleted.

1 rule found Severity: Medium

Logo

Azure SQL Database must generate audit records when unsuccessful attempts to delete security objects occur.

1 rule found Severity: Medium

Logo

Azure SQL Database must generate audit records when categories of information (e.g., classification levels/security levels) are deleted.

1 rule found Severity: Medium

Logo

Azure SQL Database must generate audit records when unsuccessful attempts to delete categories of information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

Azure SQL Database must generate audit records when successful logons or connections occur.

1 rule found Severity: Medium

Logo

Azure SQL Database must generate audit records when unsuccessful logons or connection attempts occur.

1 rule found Severity: Medium

Logo

Azure SQL Database must generate audit records for all privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

Azure SQL Database must generate audit records for all unsuccessful attempts to execute privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

Azure SQL Database must generate audit records when concurrent logons/connections by the same user from different workstations occur.

2 rules found Severity: Medium

Logo

Azure SQL Database must be able to generate audit records when successful accesses to objects occur.

1 rule found Severity: Medium

Logo

Azure SQL Database must generate audit records when unsuccessful accesses to objects occur.

1 rule found Severity: Medium

Logo

Azure SQL Database must generate audit records for all direct access to the database(s).

1 rule found Severity: Medium

Logo

Unused accounts must be disabled or removed from the system after 35 days of inactivity.

1 rule found Severity: Low

Logo

The system must be configured to audit Account Logon - Credential Validation failures.

2 rules found Severity: Medium

Logo

The system must be configured to audit Account Logon - Credential Validation successes.

2 rules found Severity: Medium

Logo

The system must be configured to audit Detailed Tracking - PNP Activity successes.

2 rules found Severity: Medium

Logo

The system must be configured to audit Detailed Tracking - Process Creation successes.

2 rules found Severity: Medium

Logo

The system must be configured to audit Logon/Logoff - Account Lockout failures.

2 rules found Severity: Medium

Logo

The system must be configured to audit Logon/Logoff - Group Membership successes.

2 rules found Severity: Medium

Logo

The system must be configured to audit Logon/Logoff - Logon failures.

2 rules found Severity: Medium

Logo

The system must be configured to audit Logon/Logoff - Logon successes.

2 rules found Severity: Medium

Logo

The system must be configured to audit Logon/Logoff - Special Logon successes.

2 rules found Severity: Medium

Logo

Windows 11 must be configured to audit Object Access - File Share failures.

1 rule found Severity: Medium

Logo

Windows 11 must be configured to audit Object Access - File Share successes.

1 rule found Severity: Medium

Logo

Windows 11 must be configured to audit Object Access - Other Object Access Events successes.

1 rule found Severity: Medium

Logo

Windows 11 must be configured to audit Object Access - Other Object Access Events failures.

1 rule found Severity: Medium

Logo

The system must be configured to audit Object Access - Removable Storage failures.

2 rules found Severity: Medium

Logo

The system must be configured to audit Object Access - Removable Storage successes.

2 rules found Severity: Medium

Logo

The system must be configured to audit Policy Change - Audit Policy Change successes.

2 rules found Severity: Medium

Logo

The system must be configured to audit Policy Change - Authentication Policy Change successes.

2 rules found Severity: Medium

Logo

The system must be configured to audit Policy Change - Authorization Policy Change successes.

2 rules found Severity: Medium

Logo

The system must be configured to audit Privilege Use - Sensitive Privilege Use successes.

2 rules found Severity: Medium

Logo

The system must be configured to audit System - IPsec Driver failures.

1 rule found Severity: Medium

Logo

The system must be configured to audit System - Other System Events successes.

2 rules found Severity: Medium

Logo

The system must be configured to audit System - Other System Events failures.

2 rules found Severity: Medium

Logo

The system must be configured to audit System - Security State Change successes.

2 rules found Severity: Medium

Logo

The system must be configured to audit System - Security System Extension successes.

2 rules found Severity: Medium

Logo

The system must be configured to audit System - System Integrity failures.

2 rules found Severity: Medium

Logo

The system must be configured to audit System - System Integrity successes.

2 rules found Severity: Medium

Logo

Windows 11 Kernel (Direct Memory Access) DMA Protection must be enabled.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Account Logon - Credential Validation successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Account Logon - Credential Validation failures.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Account Management - Other Account Management Events successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Account Management - Security Group Management successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Account Management - User Account Management successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Account Management - User Account Management failures.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Detailed Tracking - Plug and Play Events successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Detailed Tracking - Process Creation successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Logon/Logoff - Account Lockout failures.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Logon/Logoff - Group Membership successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Logon/Logoff - Logoff successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Logon/Logoff - Logon successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Logon/Logoff - Logon failures.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Logon/Logoff - Special Logon successes.

1 rule found Severity: Medium

Logo

Windows 2016 must be configured to audit Object Access - Other Object Access Events successes.

1 rule found Severity: Medium

Logo

Windows 2016 must be configured to audit Object Access - Other Object Access Events failures.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Object Access - Removable Storage successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Object Access - Removable Storage failures.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Policy Change - Audit Policy Change successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Policy Change - Audit Policy Change failures.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Policy Change - Authentication Policy Change successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Policy Change - Authorization Policy Change successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Privilege Use - Sensitive Privilege Use successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Privilege Use - Sensitive Privilege Use failures.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit System - IPsec Driver successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit System - IPsec Driver failures.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit System - Other System Events successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit System - Other System Events failures.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit System - Security State Change successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit System - Security System Extension successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit System - System Integrity successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit System - System Integrity failures.

1 rule found Severity: Medium

Logo

Active Directory Group Policy objects must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

The Active Directory Domain object must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

The Active Directory Infrastructure object must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

The Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

The Active Directory AdminSDHolder object must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

The Active Directory RID Manager$ object must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit Account Management - Computer Account Management successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit DS Access - Directory Service Access successes.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit DS Access - Directory Service Access failures.

1 rule found Severity: Medium

Logo

Windows Server 2016 must be configured to audit DS Access - Directory Service Changes successes.

1 rule found Severity: Medium

Logo

The network device must generate audit records when successful/unsuccessful attempts to access privileges occur.

1 rule found Severity: Medium

Logo

The network device must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur.

1 rule found Severity: Medium

Logo

The network device must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur.

1 rule found Severity: Medium

Logo

The network device must generate audit records for privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The network device must generate audit records showing starting and ending time for administrator access to the system.

1 rule found Severity: Medium

Logo

The network device must generate audit records when concurrent logons from different workstations occur.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must audit all uses of the chown, fchown, fchownat, and lchown syscalls.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must audit all uses of the chmod, fchmod, and fchmodat syscalls.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr syscalls.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must audit all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate syscalls.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must audit all uses of the semanage command.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must generate audit records for all unsuccessful account access events.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must generate audit records for all successful account access events.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must audit all uses of the su command.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must audit all uses of the sudo command.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must audit all uses of the sudoers file and all files in the /etc/sudoers.d/ directory.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must audit all uses of the newgrp command.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must audit all uses of the pam_timestamp_check command.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must audit all uses of the create_module syscall.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must audit all uses of the init_module and finit_module syscalls.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must audit all uses of the delete_module syscall.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must audit all uses of the kmod command.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must audit all uses of the unlink, unlinkat, rename, renameat, and rmdir syscalls.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must be able to generate audit records when privileges/permissions are retrieved.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must be able to generate audit records when unsuccessful attempts to retrieve privileges/permissions occur.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must be able to generate audit records when security objects are accessed.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to access security objects occur.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when categories of information (e.g., classification levels/security levels) are accessed.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to access categories of information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when privileges/permissions are added.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to add privileges/permissions occur.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when privileges/permissions are modified.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to modify privileges/permissions occur.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when security objects are modified.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when categories of information (e.g., classification levels/security levels) are modified.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to modify categories of information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when privileges/permissions are deleted.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to delete privileges/permissions occur.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when security objects are deleted.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to delete security objects occur.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when categories of information (e.g., classification levels/security levels) are deleted.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to delete categories of information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when successful logons or connections occur.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when unsuccessful logons or connection attempts occur.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records for all privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to execute privileged activities or other system-level access occur.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records showing starting and ending time for user access to the database(s).

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when concurrent logons/connections by the same user from different workstations.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must be able to generate audit records when successful accesses to objects occur.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records when unsuccessful accesses to objects occur.

1 rule found Severity: Medium

Logo

The MySQL Database Server 8.0 must generate audit records for all direct access to the database(s).

1 rule found Severity: Medium

Logo

The Riverbed NetProfiler must be configured to automatically generate DOD-required audit records with sufficient information to support incident reporting to a central log server.

1 rule found Severity: High

Logo

Redis Enterprise DBMS must generate audit records for all direct access to the database(s).

1 rule found Severity: Medium

Logo

Rancher MCM must generate audit records for all DoD-defined auditable events within all components in the platform.

1 rule found Severity: Medium

Logo

Rancher MCM must allocate audit record storage and generate audit records associated with events, users, and groups.

1 rule found Severity: Medium

Logo

Automation Controller must use external log providers that can collect user activity logs in independent, protected repositories to prevent modification or repudiation.

1 rule found Severity: Medium

Logo

SLEM 5 must have the auditing package installed.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "chage" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "chcon" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "chfn" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "chmod" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for a uses of the "chsh" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "crontab" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "gpasswd" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "insmod" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "kmod" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "modprobe" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "newgrp" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "pam_timestamp_check" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "passwd" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "rm" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "rmmod" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "ssh-agent" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "ssh-keysign" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "su" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "sudo" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "sudoedit" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "unix_chkpwd" or "unix2_chkpwd" commands.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "usermod" command.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "chmod", "fchmod" and "fchmodat" system calls.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "chown", "fchown", "fchownat", and "lchown" system calls.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "creat", "open", "openat", "open_by_handle_at", "truncate", and "ftruncate" system calls.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "delete_module" system call.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "init_module" and "finit_module" system calls.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "mount" system call.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "setxattr", "fsetxattr", "lsetxattr", "removexattr", "fremovexattr", and "lremovexattr" system calls.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "umount" system call.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all uses of the "unlink", "unlinkat", "rename", "renameat", and "rmdir" system calls.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all modifications to the "lastlog" file.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for all modifications to the "tallylog" file must generate an audit record.

1 rule found Severity: Medium

Logo

SLEM 5 must audit all uses of the sudoers file and all files in the "/etc/sudoers.d/" directory.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for the "/run/utmp file".

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for the "/var/log/btmp" file.

1 rule found Severity: Medium

Logo

SLEM 5 must generate audit records for the "/var/log/wtmp" file.

1 rule found Severity: Medium

Logo

Splunk Enterprise must be configured with a successful/unsuccessful logon attempts report.

1 rule found Severity: Medium

Logo

The TippingPoint SMS must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Low

Logo

The TippingPoint SMS must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).

1 rule found Severity: High

Logo

TOSS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.

1 rule found Severity: Medium

Logo

TOSS audit records must contain information to establish what type of events occurred, when the events occurred, the source of events, where events occurred, and the outcome of events.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "chage" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "chcon" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the ssh-agent in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "passwd" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of postdrop in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of postqueue in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of setsebool in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the ssh-keysign in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "setfacl" command in RTOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "pam_timestamp_check" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "newgrp" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "init_module" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "rename" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "renameat" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "rmdir" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "unlink" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "unlinkat" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "finit_module" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "delete_module" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "crontab" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "chsh" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of setfiles in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "chacl" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the chmod system call in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the chown system call in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the creat system call in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the fchmod system call in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the fchmodat system call in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the fchown system call in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the fchownat system call in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the ftruncate system call system call in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the lchown system call in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the open system call in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the open_by_handle_at system call system call in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the openat system call in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the truncate system call in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

The TOSS audit system must be configured to audit any usage of the "fsetxattr" system call.

1 rule found Severity: Medium

Logo

The TOSS audit system must be configured to audit any usage of the "lsetxattr" system call.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the fremovexattr system call in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "lremovexattr" system call in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "removexattr" system call in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful modifications to the "lastlog" file in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of "semanage" in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "gpasswd" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "mount" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "mount" syscall in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "su" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "umount" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "unix_update" in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "usermod" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of "unix_chkpwd" in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of "userhelper" in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the "kmod" command in TOSS must generate an audit record.

1 rule found Severity: Medium

Logo

Configure immutable Audit login UIDs

4 rules found Severity: Medium

Logo

NixOS must enforce the limit of three consecutive invalid login attempts by a user during a 15-minute time period.

1 rule found Severity: Medium

Logo

NixOS must generate audit records for all usage of privileged commands.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the init_module, finit_module, and delete_module system calls in NixOS must generate an audit record.

1 rule found Severity: Medium

Logo

NixOS must generate an audit record for successful/unsuccessful uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls in NixOS must generate an audit record.

1 rule found Severity: Medium

Logo

NixOS must generate audit records when successful/unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

NixOS must generate audit records when successful/unsuccessful attempts to delete privileges occur.

1 rule found Severity: Medium

Logo

NixOS must generate audit records when successful/unsuccessful attempts to delete security objects occur.

1 rule found Severity: Medium

Logo

NixOS must generate audit records when concurrent logins to the same account occur from different sources.

1 rule found Severity: Medium

Logo

NixOS must generate audit records for all account creations, modifications, disabling, and termination events.

1 rule found Severity: Medium

Logo

The macOS system must be configured to audit all administrative action events.

2 rules found Severity: Medium

Logo

The macOS system must be configured to audit all log on and log out events.

1 rule found Severity: Medium

Logo

The macOS system must enable security auditing.

2 rules found Severity: Medium

Logo

The macOS system must be configured to audit all deletions of object attributes.

2 rules found Severity: Medium

Logo

The macOS system must be configured to audit all changes of object attributes.

2 rules found Severity: Medium

Logo

The macOS system must be configured to audit all failed read actions on the system.

2 rules found Severity: Medium

Logo

The macOS system must be configured to audit all failed write actions on the system.

2 rules found Severity: Medium

Logo

The macOS system must be configured to audit all failed program execution on the system.

2 rules found Severity: Medium

Logo

The macOS system must configure the system to audit all authorization and authentication events.

1 rule found Severity: Medium

Logo

The macOS system must configure sudo to log events.

1 rule found Severity: Medium

Logo

The macOS system must be configured to audit all login and logout events.

1 rule found Severity: Medium

Logo

The macOS system must be configured to audit all authorization and authentication events.

1 rule found Severity: Medium

Logo

The application server must generate log records when successful/unsuccessful attempts to access subject privileges occur.

1 rule found Severity: Medium

Logo

The application server must generate log records when successful/unsuccessful attempts to modify privileges occur.

1 rule found Severity: Medium

Logo

The application server must generate log records when successful/unsuccessful attempts to delete privileges occur.

1 rule found Severity: Medium

Logo

The application server must generate log records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The application server must generate log records for privileged activities.

1 rule found Severity: Medium

Logo

The application must generate log records showing starting and ending times for user access to the application server management interface.

1 rule found Severity: Medium

Logo

The application server must generate log records when concurrent logons from different workstations occur to the application server management interface.

1 rule found Severity: Medium

Logo

The application server must generate log records for all account creations, modifications, disabling, and termination events.

1 rule found Severity: Medium

Logo

The ALG must generate audit records when successful/unsuccessful attempts to access security objects occur.

1 rule found Severity: Medium

Logo

The ALG that is part of a CDS must generate audit records when successful/unsuccessful attempts to access security levels occur.

1 rule found Severity: Medium

Logo

The ALG must generate audit records when successful/unsuccessful attempts to access categories of information (e.g., classification levels) occur.

1 rule found Severity: Medium

Logo

The ALG providing user access control intermediary services must generate audit records when successful/unsuccessful attempts to modify privileges occur.

1 rule found Severity: Medium

Logo

The ALG must generate audit records when successful/unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

The ALG must generate audit records when successful/unsuccessful attempts to modify security levels occur.

1 rule found Severity: Medium

Logo

The ALG must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur.

1 rule found Severity: Medium

Logo

The ALG providing user access control intermediary services must generate audit records when successful/unsuccessful attempts to delete privileges occur.

1 rule found Severity: Medium

Logo

The ALG must generate audit records when successful/unsuccessful attempts to delete security levels occur.

1 rule found Severity: Medium

Logo

The ALG must generate audit records when successful/unsuccessful attempts to delete security objects occur.

1 rule found Severity: Medium

Logo

The ALG must generate audit records when successful/unsuccessful attempts to delete categories of information (e.g., classification levels) occur.

1 rule found Severity: Medium

Logo

The ALG providing user access control intermediary services must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The ALG providing user access control intermediary services must generate audit records showing starting and ending time for user access to the system.

1 rule found Severity: Medium

Logo

The ALG providing user access control intermediary services must generate audit records when successful/unsuccessful attempts to access privileges occur.

1 rule found Severity: Medium

Logo

The application must generate audit records when successful/unsuccessful attempts to grant privileges occur.

1 rule found Severity: Medium

Logo

The application must generate audit records when successful/unsuccessful attempts to access security objects occur.

1 rule found Severity: Medium

Logo

The application must generate audit records when successful/unsuccessful attempts to access security levels occur.

1 rule found Severity: Medium

Logo

The application must generate audit records when successful/unsuccessful attempts to access categories of information (e.g., classification levels) occur.

1 rule found Severity: Medium

Logo

The application must generate audit records when successful/unsuccessful attempts to modify privileges occur.

1 rule found Severity: Medium

Logo

The application must generate audit records when successful/unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

The application must generate audit records when successful/unsuccessful attempts to modify security levels occur.

1 rule found Severity: Medium

Logo

The application must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur.

1 rule found Severity: Medium

Logo

The application must generate audit records when successful/unsuccessful attempts to delete privileges occur.

1 rule found Severity: Medium

Logo

The application must generate audit records when successful/unsuccessful attempts to delete security levels occur.

1 rule found Severity: Medium

Logo

The application must generate audit records when successful/unsuccessful attempts to delete application database security objects occur.

1 rule found Severity: Medium

Logo

The application must generate audit records when successful/unsuccessful attempts to delete categories of information (e.g., classification levels) occur.

1 rule found Severity: Medium

Logo

The application must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The application must generate audit records for privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The application must generate audit records showing starting and ending time for user access to the system.

1 rule found Severity: Medium

Logo

The application must generate audit records when successful/unsuccessful accesses to objects occur.

1 rule found Severity: Medium

Logo

The application must generate audit records for all direct access to the information system.

1 rule found Severity: Medium

Logo

The application must generate audit records for all account creations, modifications, disabling, and termination events.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must have the "auditd" package installed.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the apparmor_parser command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chacl command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chage command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chcon command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chfn command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chsh command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the crontab command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful attempts to use the fdisk command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the gpasswd command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful attempts to use the kmod command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful attempts to use modprobe command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the mount command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the newgrp command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the pam_timestamp_check command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the passwd command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the setfacl command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the ssh-agent command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the ssh-keysign command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the su command.

1 rule found Severity: Medium

Logo

The application must generate audit records when concurrent logons from different workstations occur.

1 rule found Severity: Low

Logo

The Cisco router must be configured to generate log records when administrator privileges are deleted.

2 rules found Severity: Medium

Logo

The Cisco router must be configured to generate audit records when successful/unsuccessful logon attempts occur.

2 rules found Severity: Medium

Logo

The Cisco router must be configured to generate log records for privileged activities.

2 rules found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the sudo command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the sudoedit command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the umount command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the unix_update command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the usermod command.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the delete_module system call.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the init_module and finit_module system calls.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for any use of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for any successful/unsuccessful use of unlink, unlinkat, rename, renameat, and rmdir system calls.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for the /var/log/btmp file.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for the /var/log/wtmp file.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for the /var/run/utmp file.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for the use and modification of faillog file.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for the use and modification of the lastlog file.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records when successful/unsuccessful attempts to modify the /etc/sudoers file occur.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records when successful/unsuccessful attempts to modify the /etc/sudoers.d directory occur.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must generate audit records for privileged activities, nonlocal maintenance, diagnostic sessions and other system-level access.

1 rule found Severity: Medium

Logo

The Central Log Server must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/

1 rule found Severity: Medium

Logo

The Cisco switch must be configured to generate log records when administrator privileges are modified.

1 rule found Severity: Medium

Logo

The Cisco switch must generate audit records showing starting and ending time for administrator access to the system.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must log username information when unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The container platform must generate audit records when successful/unsuccessful attempts to access privileges occur.

1 rule found Severity: Medium

Logo

The container platform must generate audit records when successful/unsuccessful attempts to access security objects occur.

1 rule found Severity: Medium

Logo

The container platform must generate audit records when successful/unsuccessful attempts to access security levels occur.

1 rule found Severity: Medium

Logo

The container platform must generate audit records when successful/unsuccessful attempts to access categories of information (e.g., classification levels) occur.

1 rule found Severity: Medium

Logo

The container platform must generate audit records when successful/unsuccessful attempts to modify privileges occur.

1 rule found Severity: Medium

Logo

The container platform must generate audit records when successful/unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

The container platform must generate audit records when successful/unsuccessful attempts to modify security levels occur.

1 rule found Severity: Medium

Logo

The container platform must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur.

1 rule found Severity: Medium

Logo

The container platform must generate audit records when successful/unsuccessful attempts to delete privileges occur.

1 rule found Severity: Medium

Logo

The container platform must generate audit records when successful/unsuccessful attempts to delete security levels occur.

1 rule found Severity: Medium

Logo

The container platform must generate audit records when successful/unsuccessful attempts to delete security objects occur.

1 rule found Severity: Medium

Logo

The container platform must generate audit records when successful/unsuccessful attempts to delete categories of information (e.g., classification levels) occur.

1 rule found Severity: Medium

Logo

The container platform must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The container platform must generate audit record for privileged activities.

1 rule found Severity: Medium

Logo

The container platform audit records must record user access start and end times.

1 rule found Severity: Medium

Logo

The container platform must generate audit records when concurrent logons from different workstations and systems occur.

1 rule found Severity: Medium

Logo

The container platform runtime must generate audit records when successful/unsuccessful attempts to access objects occur.

1 rule found Severity: Medium

Logo

Direct access to the container platform must generate audit records.

1 rule found Severity: Medium

Logo

The container platform must generate audit records for all account creations, modifications, disabling, and termination events.

1 rule found Severity: Medium

Logo

The container runtime must generate audit records for all container execution, shutdown, restart events, and program initiations.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the init command in AlmaLinux OS 9 must generate an audit record.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "poweroff" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "reboot" command.

1 rule found Severity: Medium

Logo

AlmaLinux must generate audit records for any use of the "shutdown" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must enable Linux audit logging for the USBGuard daemon.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must audit all uses of the delete_module, init_module and finit_module system calls.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/tallylog.

1 rule found Severity: Medium

Logo

The audit package must be installed on AlmaLinux OS 9.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "mount" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "umount" command.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the umount2 system call in AlmaLinux OS 9 must generate an audit record.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must enable auditing of processes that start prior to the audit daemon.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "chacl" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "chage" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "chcon" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must audit all uses of the chmod, fchmod, and fchmodat system calls.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "chsh" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "crontab" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/faillock.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "gpasswd" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must audit all uses of the kmod command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "newgrp" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "passwd" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "postdrop" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "postqueue" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "su" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "sudo" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "semanage" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "setfacl" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "setfiles" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "setsebool" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "ssh-agent" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "ssh-keysign" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "sudoedit" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "pam_timestamp_check" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "unix_chkpwd" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "unix_update" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "userhelper" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must generate audit records for any use of the "usermod" command.

1 rule found Severity: Medium

Logo

AlmaLinux OS 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.

1 rule found Severity: Medium

Logo

The DBMS must be able to generate audit records when privileges/permissions are retrieved.

1 rule found Severity: Medium

Logo

The DBMS must be able to generate audit records when unsuccessful attempts to retrieve privileges/permissions occur.

1 rule found Severity: Medium

Logo

The DBMS must be able to generate audit records when security objects are accessed.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when unsuccessful attempts to access security objects occur.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when categories of information (e.g., classification levels/security levels) are accessed.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when unsuccessful attempts to access categories of information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when privileges/permissions are added.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when unsuccessful attempts to add privileges/permissions occur.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when privileges/permissions are modified.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when unsuccessful attempts to modify privileges/permissions occur.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when security objects are modified.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when categories of information (e.g., classification levels/security levels) are modified.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when unsuccessful attempts to modify categories of information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when privileges/permissions are deleted.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when unsuccessful attempts to delete privileges/permissions occur.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when security objects are deleted.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when unsuccessful attempts to delete security objects occur.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when categories of information (e.g., classification levels/security levels) are deleted.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when unsuccessful attempts to delete categories of information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when successful logons or connections occur.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when unsuccessful logons or connection attempts occur.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records for all privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when unsuccessful attempts to execute privileged activities or other system-level access occur.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records showing starting and ending time for user access to the database(s).

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when concurrent logons/connections by the same user from different workstations occur.

1 rule found Severity: Medium

Logo

The DBMS must be able to generate audit records when successful accesses to objects occur.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records when unsuccessful accesses to objects occur.

1 rule found Severity: Medium

Logo

The DBMS must generate audit records for all direct access to the database(s).

1 rule found Severity: Medium

Logo

The auditd service must be enabled on AlmaLinux OS 9.

1 rule found Severity: Medium

Logo

The Dell OS10 Switch must initiate session auditing upon startup.

1 rule found Severity: Medium

Logo

The firewall must generate traffic log records when traffic is denied, restricted, or discarded.

1 rule found Severity: Medium

Logo

The firewall must generate traffic log records when attempts are made to send packets between security zones that are not authorized to communicate.

1 rule found Severity: Medium

Logo

Forescout must generate a log record when the client machine fails policy assessment because required security software is missing or has been deleted. This is required for compliance with C2C Step 1.

1 rule found Severity: Medium

Logo

Forescout must generate log records when successful attempts to access privileges occur.

1 rule found Severity: Low

Logo

Forescout must generate log records when attempts to modify administrator privileges occur.

1 rule found Severity: Low

Logo

Forescout must generate log records when attempts to delete administrator privileges occur.

1 rule found Severity: Low

Logo

Forescout must generate log records showing when successful logon attempts occur.

1 rule found Severity: Low

Logo

Forescout must generate log records for privileged activities or other system-level access.

1 rule found Severity: Low

Logo

Forescout must generate log records showing starting and ending time for administrator access to the system.

1 rule found Severity: Low

Logo

Forescout must generate log records when concurrent logons from different workstations occur.

1 rule found Severity: Low

Logo

The operating system must generate audit records when successful/unsuccessful attempts to access privileges occur.

1 rule found Severity: Medium

Logo

AOS must automatically audit account creation.

1 rule found Severity: Medium

Logo

AOS must audit the execution of privileged functions.

1 rule found Severity: Medium

Logo

The HYCU virtual appliance must generate audit records when successful/unsuccessful attempts to access privileges occur.

1 rule found Severity: Medium

Logo

The HYCU virtual appliance must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur.

1 rule found Severity: Medium

Logo

The HYCU virtual appliance must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur.

1 rule found Severity: Medium

Logo

The HYCU virtual appliance must generate audit records when successful/unsuccessful login attempts occur.

1 rule found Severity: Medium

Logo

The HYCU virtual appliance must generate audit records for privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The HYCU virtual appliance must generate audit records showing starting and ending time for administrator access to the system.

1 rule found Severity: Medium

Logo

The operating system must generate audit records when successful/unsuccessful attempts to access security objects occur.

1 rule found Severity: Medium

Logo

The operating system must generate audit records when successful/unsuccessful attempts to access categories of information (e.g., classification levels) occur.

1 rule found Severity: Medium

Logo

The operating system must generate audit records when successful/unsuccessful attempts to modify privileges occur.

1 rule found Severity: Medium

Logo

The operating system must generate audit records when successful/unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

The operating system must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur.

1 rule found Severity: Medium

Logo

The operating system must generate audit records when successful/unsuccessful attempts to delete privileges occur.

1 rule found Severity: Medium

Logo

The operating system must generate audit records when successful/unsuccessful attempts to delete security levels occur.

1 rule found Severity: Medium

Logo

The operating system must generate audit records when successful/unsuccessful attempts to delete security objects occur.

1 rule found Severity: Medium

Logo

The operating system must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The operating system must generate audit records for privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The audit system must be configured to audit the loading and unloading of dynamic kernel modules.

1 rule found Severity: Medium

Logo

The operating system must generate audit records showing starting and ending time for user access to the system.

1 rule found Severity: Medium

Logo

The operating system must generate audit records when concurrent logons to the same account occur from different sources.

1 rule found Severity: Medium

Logo

The operating system must generate audit records when successful/unsuccessful accesses to objects occur.

1 rule found Severity: Medium

Logo

The operating system must generate audit records for all direct access to the information system.

1 rule found Severity: Medium

Logo

The operating system must generate audit records for all account creations, modifications, disabling, and termination events.

1 rule found Severity: Medium

Logo

The operating system must generate audit records for all kernel module load, unload, and restart actions, and also for all program initiations.

1 rule found Severity: Medium

Logo

IBM RACF SETROPTS LOGOPTIONS must be properly configured.

1 rule found Severity: Medium

Logo

IBM z/OS Required SMF data record types must be collected.

1 rule found Severity: Medium

Logo

The IBM RACF SETROPTS SAUDIT value must be specified.

1 rule found Severity: Medium

Logo

The Juniper router must be configured to generate audit records when successful/unsuccessful attempts to logon with access privileges occur.

1 rule found Severity: Medium

Logo

IBM z/OS required SMF data record types must be collected.

2 rules found Severity: Medium

Logo

The Juniper router must be configured to generate log records when administrator privileges are modified.

1 rule found Severity: Medium

Logo

The Juniper router must be configured to generate log records when administrator privileges are deleted.

1 rule found Severity: Medium

Logo

The Juniper router must be configured to generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The Juniper router must be configured to generate log records for privileged activities.

1 rule found Severity: Medium

Logo

The Juniper router must be configured to generate log records when concurrent logons from different workstations occur.

1 rule found Severity: Medium

Logo

The Juniper SRX Services Gateway must generate log records when firewall filters, security screens and security policies are invoked and the traffic is denied or restricted.

1 rule found Severity: Medium

Logo

The Juniper SRX Services Gateway Firewall must generate audit records when unsuccessful attempts to access security zones occur.

1 rule found Severity: Medium

Logo

The Juniper SRX Services Gateway must generate log records when successful attempts to configure the device and use commands occur.

1 rule found Severity: Low

Logo

The Juniper SRX Services Gateway must generate log records when changes are made to administrator privileges.

1 rule found Severity: Low

Logo

The Juniper SRX Services Gateway must generate log records when administrator privileges are deleted.

1 rule found Severity: Low

Logo

The Juniper SRX Services Gateway must generate log records when logon events occur.

1 rule found Severity: Low

Logo

The Juniper SRX Services Gateway must generate log records when privileged commands are executed.

1 rule found Severity: Low

Logo

The Juniper SRX Services Gateway must generate log records when concurrent logons from different workstations occur.

1 rule found Severity: Low

Logo

The Mainframe Product must generate audit records when successful/unsuccessful attempts to access privileges occur.

1 rule found Severity: Medium

Logo

MariaDB must be able to generate audit records when privileges/permissions are retrieved.

1 rule found Severity: Medium

Logo

MariaDB must be able to generate audit records when unsuccessful attempts to retrieve privileges/permissions occur.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records when successful/unsuccessful attempts to access security objects occur.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records when successful/unsuccessful attempts to access security levels occur.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records when successful/unsuccessful attempts to access categories of information (e.g., classification levels) occur.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records when successful/unsuccessful attempts to modify privileges occur.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records when successful/unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records when successful/unsuccessful attempts to modify security levels occur.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records when successful/unsuccessful attempts to delete privileges occur.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records when successful/unsuccessful attempts to delete security levels occur.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records when successful/unsuccessful attempts to delete security objects occur.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records when successful/unsuccessful attempts to delete categories of information (e.g., classification levels) occur.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records for privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records showing starting and ending time for user access to the system.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records when concurrent logons from different workstations occur.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records when successful/unsuccessful accesses to objects occur.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records for all direct access to the information system.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records for all account creations, modifications, disabling, and termination events.

1 rule found Severity: Medium

Logo

The Mainframe Product must generate audit records for all kernel module load, unload, and restart events, and for all program initiations.

1 rule found Severity: Medium

Logo

MariaDB must be able to generate audit records when security objects are accessed.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when unsuccessful attempts to access security objects occur.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when categories of information (e.g., classification levels/security levels) are accessed.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when unsuccessful attempts to access categories of information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when privileges/permissions are added.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when unsuccessful attempts to add privileges/permissions occur.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when privileges/permissions are modified.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when unsuccessful attempts to modify privileges/permissions occur.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when security objects are modified.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when categories of information (e.g., classification levels/security levels) are modified.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when unsuccessful attempts to modify categories of information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when privileges/permissions are deleted.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when unsuccessful attempts to delete privileges/permissions occur.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when security objects are deleted.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when unsuccessful attempts to delete security objects occur.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when categories of information (e.g., classification levels/security levels) are deleted.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when unsuccessful attempts to delete categories of information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when successful logons or connections occur.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when unsuccessful logons or connection attempts occur.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records for all privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when unsuccessful attempts to execute privileged activities or other system-level access occur.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records showing starting and ending time for user access to the database(s).

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when concurrent logons/connections by the same user from different workstations occur.

1 rule found Severity: Medium

Logo

MariaDB must be able to generate audit records when successful accesses to objects occur.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records when unsuccessful accesses to objects occur.

1 rule found Severity: Medium

Logo

MariaDB must generate audit records for all direct access to the database(s).

1 rule found Severity: Medium

Logo

SQL Server must generate audit records when successful/unsuccessful attempts to retrieve privileges/permissions occur.

1 rule found Severity: Medium

Logo

SQL Server must be able to generate audit records when successful and unsuccessful attempts to access security objects occur.

1 rule found Severity: Medium

Logo

SQL Server must generate audit records when successful and unsuccessful attempts to access categorized information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

SQL Server must generate audit records when successful and unsuccessful attempts to add privileges/permissions occur.

1 rule found Severity: Medium

Logo

SQL Server must generate audit records when successful and unsuccessful attempts to modify privileges/permissions occur.

1 rule found Severity: Medium

Logo

SQL Server must generate audit records when successful and unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

SQL Server must generate audit records when successful and unsuccessful attempts to modify categorized information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

The system must be configured to audit Account Management - Security Group Management successes.

1 rule found Severity: Medium

Logo

The system must be configured to audit Account Management - User Account Management failures.

1 rule found Severity: Medium

Logo

SQL Server must generate audit records when successful and unsuccessful attempts to delete privileges/permissions occur.

1 rule found Severity: Medium

Logo

SQL Server must generate audit records when successful and unsuccessful attempts to delete security objects occur.

1 rule found Severity: Medium

Logo

SQL Server must generate audit records when successful and unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur.

1 rule found Severity: Medium

Logo

SQL Server must generate audit records when successful and unsuccessful logons or connection attempts occur.

1 rule found Severity: Medium

Logo

SQL Server must generate audit records for all privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

SQL Server must generate audit records when unsuccessful attempts to execute privileged activities or other system-level access occur.

1 rule found Severity: Medium

Logo

SQL Server must generate audit records showing starting and ending time for user access to the database(s).

1 rule found Severity: Medium

Logo

SQL Server must generate audit records when concurrent logons/connections by the same user from different workstations occur.

1 rule found Severity: Medium

Logo

SQL Server must generate audit records when successful and unsuccessful accesses to objects occur.

1 rule found Severity: Medium

Logo

SQL Server must generate audit records for all direct access to the database(s).

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Account Management - Security Group Management successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Account Management - User Account Management successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Account Management - User Account Management failures.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Account Management - Computer Account Management successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit logon successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit logon failures.

1 rule found Severity: Medium

Logo

The system must be configured to audit Account Management - User Account Management successes.

1 rule found Severity: Medium

Logo

The system must be configured to audit Logon/Logoff - Logoff successes.

1 rule found Severity: Medium

Logo

Windows 10 must be configured to audit Object Access - File Share failures.

1 rule found Severity: Medium

Logo

Windows 10 must be configured to audit Object Access - File Share successes.

1 rule found Severity: Medium

Logo

Windows 10 must be configured to audit Object Access - Other Object Access Events successes.

1 rule found Severity: Medium

Logo

Windows 10 must be configured to audit Object Access - Other Object Access Events failures.

1 rule found Severity: Medium

Logo

The system must be configured to audit Privilege Use - Sensitive Privilege Use failures.

1 rule found Severity: Medium

Logo

The system must be configured to audit System - IPSec Driver failures.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Logon/Logoff - Account Lockout failures.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Account Management - Other Account Management Events successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Detailed Tracking - Process Creation successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Policy Change - Audit Policy Change successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Policy Change - Audit Policy Change failures.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Policy Change - Authentication Policy Change successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Policy Change - Authorization Policy Change successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Privilege Use - Sensitive Privilege Use successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Privilege Use - Sensitive Privilege Use failures.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit System - IPsec Driver successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit System - IPsec Driver failures.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit System - Other System Events successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit System - Other System Events failures.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit System - Security State Change successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit System - Security System Extension successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit System - System Integrity successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit System - System Integrity failures.

1 rule found Severity: Medium

Logo

Windows Server 2019 Active Directory Group Policy objects must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

Windows Server 2019 Active Directory Domain object must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

Windows Server 2019 Active Directory Infrastructure object must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

Windows Server 2019 Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

Windows Server 2019 Active Directory AdminSDHolder object must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

Windows Server 2019 Active Directory RID Manager$ object must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit DS Access - Directory Service Access successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit DS Access - Directory Service Access failures.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit DS Access - Directory Service Changes successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Account Logon - Credential Validation successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Account Logon - Credential Validation failures.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Logon/Logoff - Group Membership successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Logon/Logoff - Special Logon successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Object Access - Other Object Access Events successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Object Access - Other Object Access Events failures.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit logoff successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Detailed Tracking - Plug and Play Events successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Object Access - Removable Storage successes.

1 rule found Severity: Medium

Logo

Windows Server 2019 must be configured to audit Object Access - Removable Storage failures.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Account Logon - Credential Validation successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Account Logon - Credential Validation failures.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Account Management - Other Account Management Events successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Account Management - Security Group Management successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Account Management - User Account Management successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Account Management - User Account Management failures.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Detailed Tracking - Plug and Play Events successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Detailed Tracking - Process Creation successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Logon/Logoff - Account Lockout failures.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Logon/Logoff - Group Membership successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit logoff successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit logon successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit logon failures.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Logon/Logoff - Special Logon successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Object Access - Other Object Access Events successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Object Access - Other Object Access Events failures.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Object Access - Removable Storage successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Object Access - Removable Storage failures.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Policy Change - Audit Policy Change successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Policy Change - Audit Policy Change failures.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Policy Change - Authentication Policy Change successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Policy Change - Authorization Policy Change successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Privilege Use - Sensitive Privilege Use successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Privilege Use - Sensitive Privilege Use failures.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit System - IPsec Driver successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit System - IPsec Driver failures.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit System - Other System Events successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit System - Other System Events failures.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit System - Security State Change successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit System - Security System Extension successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit System - System Integrity successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit System - System Integrity failures.

1 rule found Severity: Medium

Logo

Windows Server 2022 Active Directory Group Policy objects must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

Windows Server 2022 Active Directory Domain object must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

Windows Server 2022 Active Directory Infrastructure object must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

Windows Server 2022 Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

Windows Server 2022 Active Directory AdminSDHolder object must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

Windows Server 2022 Active Directory RID Manager$ object must be configured with proper audit settings.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit Account Management - Computer Account Management successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit DS Access - Directory Service Access successes.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit DS Access - Directory Service Access failures.

1 rule found Severity: Medium

Logo

Windows Server 2022 must be configured to audit DS Access - Directory Service Changes successes.

1 rule found Severity: Medium

Logo

The OL 8 audit package must be installed.

1 rule found Severity: Medium

Logo

The configuration integrity of the container platform must be ensured and runtime policies must be configured.

1 rule found Severity: High

Logo

OL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.

1 rule found Severity: Medium

Logo

Rancher RKE2 components must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs.

1 rule found Severity: Medium

Logo

OpenShift must generate audit rules to capture account related actions.

1 rule found Severity: Medium

Logo

OpenShift must generate audit records for all DOD-defined auditable events within all components in the platform.

1 rule found Severity: Medium

Logo

OpenShift must generate audit records when successful/unsuccessful attempts to access privileges occur.

1 rule found Severity: Medium

Logo

All audit records must identify what type of event has occurred within OpenShift.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for all account creation events that affect "/etc/shadow".

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for all account creation events that affect "/etc/security/opasswd".

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for all account creation events that affect "/etc/passwd".

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for all account creation events that affect "/etc/gshadow".

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for all account creation events that affect "/etc/group".

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers".

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers.d/".

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "su" command.

1 rule found Severity: Medium

Logo

The OL 8 audit system must be configured to audit any use of the "setxattr", "fsetxattr", "lsetxattr", "removexattr", "fremovexattr", and "lremovexattr" system calls.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "chage" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any uses of the "chcon" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "ssh-agent" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "passwd" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "mount" command.

1 rule found Severity: Medium

Logo

OpenShift must generate audit records when successful/unsuccessful attempts to modify privileges occur.

1 rule found Severity: Medium

Logo

OpenShift must generate audit records when successful/unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

OpenShift must generate audit records when successful/unsuccessful attempts to delete privileges occur.

1 rule found Severity: Medium

Logo

OpenShift must generate audit records when successful/unsuccessful attempts to delete security objects occur.

1 rule found Severity: Medium

Logo

OpenShift must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

Red Hat Enterprise Linux CoreOS (RHCOS) must be configured to audit the loading and unloading of dynamic kernel modules.

1 rule found Severity: Medium

Logo

OpenShift audit records must record user access start and end times.

1 rule found Severity: Medium

Logo

OpenShift must generate audit records when concurrent logons from different workstations and systems occur.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "umount" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "mount" syscall.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "unix_update" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "postdrop" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "postqueue" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "setsebool" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "unix_chkpwd" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "ssh-keysign" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "setfacl" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "pam_timestamp_check" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "newgrp" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "init_module" and "finit_module" system calls.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "rename", "unlink", "rmdir", "renameat", and "unlinkat" system calls.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "gpasswd" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the delete_module syscall.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "crontab" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "chsh" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "truncate", "ftruncate", "creat", "open", "openat", and "open_by_handle_at" system calls.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "chown", "fchown", "fchownat", and "lchown" system calls.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "chmod", "fchmod", and "fchmodat" system calls.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "sudo" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "usermod" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "chacl" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any use of the "kmod" command.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any attempted modifications to the "faillock" log file.

1 rule found Severity: Medium

Logo

OL 8 must generate audit records for any attempted modifications to the "lastlog" file.

1 rule found Severity: Medium

Logo

OL 8 must enable auditing of processes that start prior to the audit daemon.

1 rule found Severity: Medium

Logo

OL 8 must allocate an "audit_backlog_limit" of sufficient size to capture processes that start prior to the audit daemon.

1 rule found Severity: Low

Logo

OL 8 must enable Linux audit logging for the USBGuard daemon.

1 rule found Severity: Medium

Logo

The Palo Alto Networks security platform must generate audit records when successful/unsuccessful attempts to access privileges occur.

1 rule found Severity: Medium

Logo

RHEL 9 must enable auditing of processes that start prior to the audit daemon.

1 rule found Severity: Low

Logo

RHEL 9 audit package must be installed.

1 rule found Severity: Medium

Logo

The SUSE operating system must have the auditing package installed.

2 rules found Severity: Medium

Logo

RHEL 9 audit service must be enabled.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the chmod, fchmod, and fchmodat system calls.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of umount system calls.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the chacl command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the setfacl command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the chcon command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the semanage command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the setfiles command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the setsebool command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the delete_module system call.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the init_module and finit_module system calls.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the chage command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the chsh command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the crontab command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the gpasswd command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the kmod command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the newgrp command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the pam_timestamp_check command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the passwd command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the postdrop command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the postqueue command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the ssh-agent command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the ssh-keysign command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the su command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the sudo command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the sudoedit command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the unix_chkpwd command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the unix_update command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the userhelper command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the usermod command.

1 rule found Severity: Medium

Logo

RHEL 9 must audit all uses of the mount command.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the init command in RHEL 9 must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the poweroff command in RHEL 9 must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the reboot command in RHEL 9 must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the shutdown command in RHEL 9 must generate an audit record.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the su command.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the sudo command.

2 rules found Severity: Low

Logo

The SUSE operating system must generate audit records for all uses of the chfn command.

2 rules found Severity: Low

Logo

The SUSE operating system must generate audit records for all uses of the mount command.

1 rule found Severity: Low

Logo

The SUSE operating system must generate audit records for all uses of the umount command.

1 rule found Severity: Low

Logo

The SUSE operating system must generate audit records for all uses of the ssh-agent command.

2 rules found Severity: Low

Logo

The SUSE operating system must generate audit records for all uses of the ssh-keysign command.

2 rules found Severity: Low

Logo

The SUSE operating system must generate audit records for all uses of the kmod command.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr syscalls.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the chown, fchown, fchownat, and lchown syscalls.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the chmod, fchmod, and fchmodat system calls.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate syscalls.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the umount system call in RHEL 9 must generate an audit record.

1 rule found Severity: Medium

Logo

Successful/unsuccessful uses of the umount2 system call in RHEL 9 must generate an audit record.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/faillock.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.

1 rule found Severity: Medium

Logo

RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/tallylog.

1 rule found Severity: Medium

Logo

RHEL 9 audit system must protect logon UIDs from unauthorized change.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the passwd command.

1 rule found Severity: Low

Logo

The SUSE operating system must generate audit records for all uses of the gpasswd command.

2 rules found Severity: Low

Logo

The SUSE operating system must generate audit records for all uses of the newgrp command.

2 rules found Severity: Low

Logo

The SUSE operating system must generate audit records for a uses of the chsh command.

2 rules found Severity: Low

Logo

The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the chmod command.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the setfacl command.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the chacl command.

2 rules found Severity: Medium

Logo

Successful/unsuccessful attempts to modify categories of information (e.g., classification levels) must generate audit records.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the rm command.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all modifications to the tallylog file must generate an audit record.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all modifications to the lastlog file.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the passmass command.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the unix_chkpwd command.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the chage command.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the usermod command.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the crontab command.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the pam_timestamp_check command.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the delete_module command.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the init_module and finit_module syscalls.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all modifications to the faillog file.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the unlink, unlinkat, rename, renameat and rmdir syscalls.

1 rule found Severity: Medium

Logo

The operating system must generate audit records for the selected list of auditable events as defined in DoD list of events.

2 rules found Severity: Medium

Logo

The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the passwd command.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the unix_chkpwd or unix2_chkpwd commands.

1 rule found Severity: Medium

Logo

The SUSE operating system must audit all uses of the sudoers file and all files in the /etc/sudoers.d/ directory.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the chown, fchown, fchownat, and lchown system calls.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the sudoedit command.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the mount system call.

1 rule found Severity: Low

Logo

The SUSE operating system must generate audit records for all uses of the umount system call.

1 rule found Severity: Low

Logo

The SUSE operating system must generate audit records for all uses of the insmod command.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the rmmod command.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the modprobe command.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the chcon command.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the delete_module system call.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the init_module and finit_module system calls.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for all uses of the unlink, unlinkat, rename, renameat, and rmdir system calls.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for the /run/utmp file.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for the /var/log/wtmp file.

1 rule found Severity: Medium

Logo

The SUSE operating system must generate audit records for the /var/log/btmp file.

1 rule found Severity: Medium

Logo

The VMM must generate audit records when successful/unsuccessful attempts to access privileges occur.

1 rule found Severity: Medium

Logo

The UEM server must generate audit records when successful/unsuccessful attempts to access privileges occur.

1 rule found Severity: Medium

Logo

The UEM server must generate audit records when successful/unsuccessful attempts to access security objects occur.

1 rule found Severity: Medium

Logo

The UEM server must generate audit records when successful/unsuccessful attempts to modify privileges occur.

1 rule found Severity: Medium

Logo

The UEM server must generate audit records when successful/unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

The UEM server must generate audit records when successful/unsuccessful attempts to delete privileges occur.

1 rule found Severity: Medium

Logo

The UEM server must generate audit records when successful/unsuccessful attempts to delete security objects occur.

1 rule found Severity: Medium

Logo

The UEM server must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The UEM server must generate audit records for privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The UEM server must generate audit records showing starting and ending time for user access to the system.

1 rule found Severity: Medium

Logo

The UEM server must generate audit records when concurrent logons from different workstations occur.

1 rule found Severity: Medium

Logo

The UEM server must generate audit records when successful/unsuccessful accesses to objects occur.

1 rule found Severity: Medium

Logo

The UEM server must generate audit records for all direct access to the information system.

1 rule found Severity: Medium

Logo

The UEM server must generate audit records for all account creations, modifications, disabling, and termination events.

1 rule found Severity: Medium

Logo

The NSX Manager must configure logging levels for services to ensure audit records are generated.

1 rule found Severity: Medium

Logo

The NSX Tier-0 Gateway Firewall must generate traffic log entries.

1 rule found Severity: Medium

Logo

The VMM must generate audit records when successful/unsuccessful attempts to access security objects occur.

1 rule found Severity: Medium

Logo

The VMM must generate audit records when successful/unsuccessful attempts to access security levels occur.

1 rule found Severity: Medium

Logo

The VMM must generate audit records when successful/unsuccessful attempts to access categories of information (e.g., classification levels) occur.

1 rule found Severity: Medium

Logo

The VMM must generate audit records when successful/unsuccessful attempts to modify privileges occur.

1 rule found Severity: Medium

Logo

The VMM must generate audit records when successful/unsuccessful attempts to modify security objects occur.

1 rule found Severity: Medium

Logo

The VMM must generate audit records when successful/unsuccessful attempts to modify security levels occur.

1 rule found Severity: Medium

Logo

The VMM must generate audit records when successful/unsuccessful attempts to delete privileges occur.

1 rule found Severity: Medium

Logo

The VMM must generate audit records when successful/unsuccessful attempts to delete security levels occur.

1 rule found Severity: Medium

Logo

The VMM must generate audit records when successful/unsuccessful attempts to delete security objects occur.

1 rule found Severity: Medium

Logo

The VMM must generate audit records when successful/unsuccessful logon attempts occur.

1 rule found Severity: Medium

Logo

The VMM must generate audit records for privileged activities or other system-level access.

1 rule found Severity: Medium

Logo

The VMM must generate audit records showing starting and ending time for user access to the system.

1 rule found Severity: Medium

Logo

The VMM must generate audit records when concurrent logons from different workstations occur.

1 rule found Severity: Medium

Logo

The VMM must generate audit records when successful/unsuccessful accesses to objects occur.

1 rule found Severity: Medium

Logo

The VMM must generate audit records for all direct access to the VMM.

1 rule found Severity: Medium

Logo

The VMM must generate audit records for all account creations, modifications, disabling, and termination events.

1 rule found Severity: Medium

Logo

The VMM must generate audit records for all module load, unload, and restart actions, and also for all program and guest VM initiations.

1 rule found Severity: Medium

Logo

The NSX Tier-1 Gateway firewall must generate traffic log entries.

1 rule found Severity: Medium

Logo

The NSX Distributed Firewall must generate traffic log entries that can be sent by the ESXi hosts to the central syslog.

1 rule found Severity: Low

Logo

The Photon operating system must have the auditd service running.

1 rule found Severity: Medium

Logo

The Photon operating system must generate audit records when successful/unsuccessful attempts to access privileges occur.

3 rules found Severity: Medium

Logo

The Photon operating system must audit the execution of privileged functions.

3 rules found Severity: Medium

Logo

The Photon operating system must generate audit records when the sudo command is used.

1 rule found Severity: Medium

Logo

The Photon operating system must generate audit records when successful/unsuccessful logon attempts occur.

3 rules found Severity: Medium

Logo

The Photon operating system must audit the "insmod" module.

1 rule found Severity: Medium

Logo

The Photon operating system auditd service must generate audit records for all account creations, modifications, disabling, and termination events.

1 rule found Severity: Medium

Logo

The vCenter server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.

2 rules found Severity: Medium

Logo

VMware Postgres must have log collection enabled.

1 rule found Severity: Medium

Logo

The vCenter ESX Agent Manager service must produce log records containing sufficient information regarding event details.

2 rules found Severity: Medium

Logo

The vCenter Lookup service must produce log records containing sufficient information regarding event details.

2 rules found Severity: Medium

Logo

vCenter must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts.

1 rule found Severity: Medium

Logo

The vCenter Perfcharts service must produce log records containing sufficient information regarding event details.

2 rules found Severity: Medium

Logo

The Photon operating system must audit all account creations.

2 rules found Severity: Medium

Logo

The Photon operating system must be configured to audit the loading and unloading of dynamic kernel modules.

2 rules found Severity: Medium

Logo

The VPN Gateway must generate log records when successful and/or unsuccessful VPN connection attempts occur.

1 rule found Severity: Medium

Logo

The Photon operating system must audit all account modifications.

2 rules found Severity: Medium

Logo

The vCenter PostgreSQL service must generate audit records.

2 rules found Severity: Medium

Logo

The vCenter PostgreSQL service must log all connection attempts.

2 rules found Severity: Medium

Logo

The vCenter PostgreSQL service must log all client disconnections.

2 rules found Severity: Medium

Logo

The vCenter STS service must produce log records containing sufficient information regarding event details.

2 rules found Severity: Medium

Logo

The vCenter UI service must produce log records containing sufficient information regarding event details.

2 rules found Severity: Medium

Logo

CL/SuperSession must be properly configured to generate SMF records for audit trail and accounting reports.

3 rules found Severity: Medium

Logo

The NSX-T Distributed Firewall must generate traffic log entries containing information to establish the details of the event.

1 rule found Severity: Medium

Logo

The NSX-T Tier-0 Gateway Firewall must generate traffic log entries containing information to establish the details of the event.

1 rule found Severity: Low

Logo