CCI-001844

An Apache web server that is part of a web server cluster must route all remote management through a centrally managed access control point.

The Apache web server must be configured to provide clustering.

The ALG must be configured to support centralized management and configuration.

The application server must provide centralized management and configuration of the content to be captured in log records generated by all application components.

The application must provide centralized management and configuration of the content to be captured in audit records generated by all application components.

The Central Log Server must be configured for centralized management of the events repository for the purposes of configuration, analysis, and reporting.

The DBN-6300 must support centralized management and configuration of the content captured in audit records generated by all DBN-6300 components.

Forescout must be configured to log records onto a centralized events server. This is required for compliance with C2C Step 1.

The IBM Aspera Platform must be configured to support centralized management and configuration.

The DataPower Gateway must be configured to support centralized management and configuration.

The MQ Appliance messaging server must provide centralized management and configuration of the content to be captured in log records generated by all application components.

DB2 must utilize centralized management of the content captured in audit records generated by all components of DB2.

CA VM:Secure product must be installed and operating.

IDPS must support centralized management and configuration of the content captured in audit records generated by all IDPS components.

The ISEC7 EMM Suite must back up audit records at least every seven days onto a different system or system component than the system or component being audited, provide centralized management and configuration of the content to be captured in audit records generated by all ISEC7 EMM Suite components, and off-load audit records onto a different system or media than the system being audited.

The Juniper SRX Services Gateway Firewall must be configured to support centralized management and configuration of the audit log.

The Mainframe Product must provide centralized management and configuration of the content to be captured in audit records generated by all application components.

Azure SQL Database must utilize centralized management of the content captured in audit records generated by all components of the DBMS.

SQL Server must utilize centralized management of the content captured in audit records generated by all components of the DBMS.

Innoslate must use multifactor authentication for network access to privileged and non-privileged accounts.

TPS must support centralized management and configuration of the content captured in audit records generated by all TPS components by using the Security Management System (SMS).

The NSX-T Distributed Firewall must be configured to send traffic log entries to a central audit server for management and configuration of the traffic log entries.

The NSX-T Tier-1 Gateway Firewall must be configured to send traffic log entries to a central audit server for management and configuration of the traffic log entries.

The NSX-T Tier-0 Gateway Firewall must be configured to use the TLS or LI-TLS protocols to configure and secure communications with the central audit server.

The VPN Gateway must provide centralized management and configuration of the content to be captured in log records generated by all network components.

PostgreSQL must utilize centralized management of the content captured in audit records generated by all components of PostgreSQL.

The Cisco ISE must audit the enforcement actions used to restrict access associated with changes to the device.

The Cisco ISE must be configured to log records onto a centralized events server. This is This is required for compliance with C2C Step 1.

The EDB Postgres Advanced Server must utilize centralized management of the content captured in audit records generated by all components of the EDB Postgres Advanced Server.

The EDB Postgres Advanced Server must provide centralized configuration of the content to be captured in audit records generated by all components of the EDB Postgres Advanced Server.

The DBMS must utilize centralized management of the content captured in audit records generated by all components of the DBMS.

The DBMS must provide centralized configuration of the content to be captured in audit records generated by all components of the DBMS.

Kubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event.

MarkLogic Server must utilize centralized management of the content captured in audit records generated by all components of the DBMS.

MariaDB must utilize centralized management of the content captured in audit records generated by all components of the DBMS.

MariaDB must provide centralized configuration of the content to be captured in audit records generated by all components of the DBMS.

MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.

MongoDB must utilize centralized management of the content captured in audit records generated by all components of MongoDB.

SQL Server must utilize centralized management of the content captured in audit records generated by all components of SQL Server.

SQL Server must provide centralized configuration of the content to be captured in audit records generated by all components of SQL Server.

The MySQL Database Server 8.0 must utilize centralized management of the content captured in audit records generated by all components of the MySQL Database Server 8.0.

The MySQL Database Server 8.0 must provide centralized configuration of the content to be captured in audit records generated by all components of the MySQL Database Server 8.0.

Redis Enterprise DBMS must use centralized management of the content captured in audit records generated by all components of Redis Enterprise DBMS.

Redis Enterprise DBMS must provide centralized configuration of the content to be captured in audit records generated by all components of Redis Enterprise DBMS.

VMware Postgres must have log collection enabled.

The vCenter PostgreSQL service must have log collection enabled.

A web server that is part of a web server cluster must route all remote management through a centrally managed access control point.

PostgreSQL must use centralized management of the content captured in audit records generated by all components of PostgreSQL.

The Enterprise Voice, Video, and Messaging Session Manager must be configured to provide centralized management of session (call) records.

MongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components.