Catalogs
Reference Schemes
CCI: Control Correlation Identifier
CCI-000174

CCI-000174

Compile audit records from organization-defined information system components into a system-wide (logical or physical) audit trail that is time-correlated to within an organization-defined level of tolerance for relationship between time stamps of individual records in the audit trail.

Details
Associations

Oracle WebLogic must compile audit records from multiple components within the system into a system-wide (logical or physical) audit trail that is time-correlated to within an organization-defined level of tolerance.

1 rule found Severity: Low

The Samsung SDS EMM local accounts must be configured with password maximum lifetime of 60 Days.

1 rule found Severity: Medium

The Workspace ONE UEM local accounts must be configured with password maximum lifetime of 60 days.

1 rule found Severity: High

The Jamf Pro EMM local accounts must be configured with password maximum lifetime of 3 months.

1 rule found Severity: Medium

Automation Controller must use external log providers that can collect user activity logs in independent, protected repositories to prevent modification or repudiation.

1 rule found Severity: Medium

Splunk Enterprise must be configured to aggregate log records from organization-defined devices and hosts within its scope of coverage.

2 rules found Severity: Low

In a distributed environment, Splunk Enterprise indexers must be configured to ingest log records from its forwarders.

1 rule found Severity: Medium

For application servers providing log record aggregation, the application server must compile log records from organization-defined information system components into a system-wide log trail that is time-correlated with an organization-defined level of tolerance for the relationship between time stamps of individual records in the log trail.

1 rule found Severity: Medium

For applications providing audit record aggregation, the application must compile audit records from organization-defined information system components into a system-wide audit trail that is time-correlated with an organization-defined level of tolerance for the relationship between time stamps of individual records in the audit trail.

1 rule found Severity: Medium

The Central Log Server must be configured to aggregate log records from organization-defined devices and hosts within its scope of coverage.

1 rule found Severity: Low

Time stamps recorded on the log records in the Central Log Server must be configured to synchronize to within one second of the host server or, if NTP is configured directly in the log server, the NTP time source must be the same as the host and devices within its scope of coverage.

1 rule found Severity: Low

Where multiple log servers are installed in the enclave, each log server must be configured to aggregate log records to a central aggregation server or other consolidated events repository.

1 rule found Severity: Medium

For Mainframe Products providing audit record aggregation, the Mainframe Product must compile audit records from mainframe components into a system-wide audit trail that is time-correlated with a tolerance for the relationship between time stamps of individual records in the audit trail in accordance with the site security plan.

1 rule found Severity: Medium