CCI-001876

Ensure the audit Subsystem is Installed

Enable auditd Service

Ensure the audit-libs package as a part of audit Subsystem is Installed

Ensure the libaudit1 package as a part of audit Subsystem is Installed

The application server must provide a log reduction capability that supports on-demand reporting requirements.

The application must provide an audit reduction capability that supports on-demand reporting requirements.

The Central Log Server must be configured to perform audit reduction that supports on-demand reporting requirements.

The MQ Appliance messaging server must provide a log reduction capability that supports on-demand reporting requirements.

The Mainframe Product must provide an audit reduction capability that supports on-demand reporting requirements.

Nutanix AOS must provide the capability to centrally review and analyze audit records from multiple components within the system.

Prisma Cloud Compute must be configured to send events to the hosts' syslog.

Rancher MCM must allocate audit record storage and generate audit records associated with events, users, and groups.

The macOS system must enable System Integrity Protection.

The macOS system must enable System Integrity Protection.

The macOS system must ensure System Integrity Protection is enabled.

The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.

The container platform must provide an audit reduction capability that supports on-demand reporting requirements.

The operating system must provide an audit reduction capability that supports on-demand reporting requirements.

AIX must provide the function to filter audit records for events of interest based upon all audit fields within audit records, support on-demand reporting requirements, and an audit reduction function that supports on-demand audit review and analysis and after-the-fact investigations of security incidents.

IBM z/OS system administrator must develop a procedure to provide an audit reduction capability that supports on-demand reporting requirements.

OL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.

Automation Controller must use external log providers that can collect user activity logs in independent, protected repositories to prevent modification or repudiation.

SUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.

RHEL 9 audit package must be installed.

RHEL 9 audit service must be enabled.

The VMM must support an audit reduction capability that supports on-demand reporting requirements.

Ubuntu 22.04 LTS must have the "auditd" package installed.

Ubuntu 22.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.

The OL 8 audit package must be installed.

SLEM 5 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.