Capacity
CCI-001814
The Information system supports auditing of the enforcement actions.
29
Rule
Severity: Medium
Ensure the audit Subsystem is Installed
30
Rule
Severity: Medium
Enable auditd Service
14
Rule
Severity: Medium
Ensure the Default Umask is Set Correctly For Interactive Users
3
Rule
Severity: Medium
Ensure the audit-libs package as a part of audit Subsystem is Installed
15
Rule
Severity: Medium
Record Events When Privileged Executables Are Run
8
Rule
Severity: Medium
Boot Loader Is Not Installed On Removeable Media
29
Rule
Severity: Medium
Disable GSSAPI Authentication
29
Rule
Severity: Medium
Disable Kerberos Authentication
7
Rule
Severity: Medium
UEFI Boot Loader Is Not Installed On Removeable Media
16
Rule
Severity: Medium
Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server
11
Rule
Severity: Medium
Ensure No Device Files are Unlabeled by SELinux
15
Rule
Severity: High
Uninstall tftp-server Package
2
Rule
Severity: Medium
Ensure the libaudit1 package as a part of audit Subsystem is Installed
1
Rule
Severity: Medium
The application server must log the enforcement actions used to restrict access associated with changes to the application server.
2
Rule
Severity: Medium
The application must audit who makes configuration changes to the application.
1
Rule
Severity: Medium
The DBN-6300 must audit the enforcement actions used to restrict access associated with changes to the device.
1
Rule
Severity: Medium
The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.
1
Rule
Severity: Medium
The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.
1
Rule
Severity: Medium
An appropriate Docker Engine - Enterprise log driver plugin must be configured to collect audit events from Universal Control Plane (UCP) and Docker Trusted Registry (DTR).
2
Rule
Severity: Low
Forescout must audit the enforcement actions used to restrict access associated with changes to the device.
1
Rule
Severity: Medium
The DataPower Gateway must audit the enforcement actions used to restrict access associated with changes to the device.
1
Rule
Severity: Medium
DB2 must produce audit records of its enforcement of access restrictions associated with changes to the configuration of DB2 or database(s).
1
Rule
Severity: Medium
The WebSphere Application Server audit event type filters must be configured.
2
Rule
Severity: Medium
Production JBoss servers must log when failed application deployments occur.
2
Rule
Severity: Medium
Production JBoss servers must log when successful application deployments occur.
1
Rule
Severity: Medium
The Mainframe Product must audit the enforcement actions used to restrict access associated with changes to the application.
2
Rule
Severity: Medium
Azure SQL Database must produce audit records of its enforcement of access restrictions associated with changes to the configuration of Azure SQL Database(s).
6
Rule
Severity: Medium
Exchange software must be monitored for unauthorized changes.
1
Rule
Severity: Medium
SQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s).
1
Rule
Severity: Medium
The network device must audit the enforcement actions used to restrict access associated with changes to the device.
2
Rule
Severity: High
The Riverbed NetProfiler must be configured to automatically generate DOD-required audit records with sufficient information to support incident reporting to a central log server.
1
Rule
Severity: Medium
Riverbed Optimization System (RiOS) must generate a log event for the enforcement actions used to restrict access associated with changes to the device.
1
Rule
Severity: Medium
The SDN controller must be configured to audit the enforcement actions used to restrict access associated with changes to any application within the SDN framework.
4
Rule
Severity: Medium
The access to the Tanium SQL database must be restricted. Only the designated database administrator(s) can have elevated privileges to the Tanium SQL database.
1
Rule
Severity: Medium
The Tanium Server installers account SQL database permissions must be reduced from sysadmin to db_owner.
2
Rule
Severity: Medium
The Tanium Server installer's account database permissions must be reduced to an appropriate level.
1
Rule
Severity: Medium
The Tanium Server installers account database permissions must be reduced to an appropriate level.
1
Rule
Severity: High
The TippingPoint SMS must automatically generate audit records for account changes and actions with containing information needed for analysis of the event that occurred on the SMS and TPS.
1
Rule
Severity: Medium
The UEM server must audit the enforcement actions used to restrict access associated with changes to the application.
2
Rule
Severity: Medium
AccessLogValve must be configured for Catalina engine.
4
Rule
Severity: Medium
The macOS system must audit the enforcement actions used to restrict access associated with changes to the system.
2
Rule
Severity: Medium
The macOS system must be configured to audit all administrative action events.
2
Rule
Severity: Medium
The macOS system must enable security auditing.
2
Rule
Severity: Medium
The macOS system must be configured to audit all deletions of object attributes.
2
Rule
Severity: Medium
The macOS system must be configured to audit all changes of object attributes.
2
Rule
Severity: Medium
The macOS system must be configured to audit all failed program execution on the system.
1
Rule
Severity: Medium
The macOS system must configure system to audit all authorization and authentication events.
1
Rule
Severity: Medium
The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.
4
Rule
Severity: Medium
PostgreSQL must produce audit records of its enforcement of access restrictions associated with changes to the configuration of PostgreSQL or database(s).
1
Rule
Severity: Medium
The container platform must enforce access restrictions and support auditing of the enforcement actions.
2
Rule
Severity: Medium
The EDB Postgres Advanced Server must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the EDB Postgres Advanced Server or database(s).
1
Rule
Severity: Medium
The DBMS must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s).
1
Rule
Severity: Medium
The operating system must audit the enforcement actions used to restrict access associated with changes to the system.
2
Rule
Severity: Medium
AIX must disable Kerberos Authentication in ssh config file to enforce access restrictions.
2
Rule
Severity: Medium
AIX must be configured to use syslogd to log events by TCPD.
2
Rule
Severity: High
AIX must disable trivial file transfer protocol.
1
Rule
Severity: Medium
IBM z/OS Required SMF data record types must be collected.
2
Rule
Severity: Medium
IBM z/OS required SMF data record types must be collected.
1
Rule
Severity: Medium
The ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.
2
Rule
Severity: Medium
MarkLogic Server must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s).
2
Rule
Severity: Medium
MariaDB must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s).
2
Rule
Severity: Medium
MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.
1
Rule
Severity: Medium
The Exchange local machine policy must require signed scripts.
2
Rule
Severity: Medium
SQL Server must produce audit records of its enforcement of access restrictions associated with changes to the configuration of SQL Server or database(s).
6
Rule
Severity: Medium
The system must be configured to audit Detailed Tracking - PNP Activity successes.
6
Rule
Severity: Medium
The system must be configured to audit Detailed Tracking - Process Creation successes.
2
Rule
Severity: Medium
OL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
2
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that auditing is configured to produce records containing information to establish what type of events occurred, where the events occurred, the source of the events, and the outcome of the events. These audit records must also identify individual identities of group account users.
2
Rule
Severity: Medium
The MySQL Database Server 8.0 must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the MySQL Database Server 8.0 or database(s).
1
Rule
Severity: Medium
Rancher RKE2 components must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs.
2
Rule
Severity: Medium
OpenShift must enforce access restrictions and support auditing of the enforcement actions.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that all system device files are correctly labeled to prevent unauthorized modification.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must set the umask value to 077 for all local interactive user accounts.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must not allow removable media to be used as the boot loader unless approved.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that the rsyslog daemon does not accept log messages from other servers unless the server is being used for log aggregation.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Generic Security Service Application Program Interface (GSSAPI) authentication unless needed.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon does not permit Kerberos authentication unless needed.
1
Rule
Severity: High
The Red Hat Enterprise Linux operating system must not have the Trivial File Transfer Protocol (TFTP) server package installed if not required for operational support.
4
Rule
Severity: Medium
The SUSE operating system must have the auditing package installed.
4
Rule
Severity: Low
The SUSE operating system must generate audit records for all uses of the privileged functions.
2
Rule
Severity: Medium
RHEL 9 audit package must be installed.
2
Rule
Severity: Medium
RHEL 9 audit service must be enabled.
1
Rule
Severity: Medium
The VMM must audit the enforcement actions used to restrict access associated with changes to the system.
1
Rule
Severity: Medium
The Photon operating system must have the auditd service running.
1
Rule
Severity: Medium
VMware Postgres must have log collection enabled.
3
Rule
Severity: Medium
The Photon operating system must enable the auditd service.
3
Rule
Severity: Medium
The vCenter PostgreSQL service must have log collection enabled.
1
Rule
Severity: Medium
The EDB Postgres Advanced Server must generate audit records for DoD-defined auditable events.
1
Rule
Severity: Medium
The BIG-IP appliance must be configured to audit the enforcement actions used to restrict access associated with changes to the device.
1
Rule
Severity: Medium
The macOS system must configure the system to audit all authorization and authentication events.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must have the "auditd" package installed.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.
1
Rule
Severity: Medium
The F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.
1
Rule
Severity: Medium
MKE must be configured to integrate with an Enterprise Identity Provider.
1
Rule
Severity: Medium
MongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components.
1
Rule
Severity: Medium
The OL 8 audit package must be installed.
1
Rule
Severity: Medium
SLEM 5 must have the auditing package installed.
1
Rule
Severity: Medium
SLEM 5 must generate audit records for all uses of privileged functions.
1
Rule
Severity: High
The TippingPoint SMS must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules