CCI-001889

1 rule found Severity: High

34 rules found Severity: Medium

36 rules found Severity: Medium

7 rules found Severity: Medium

4 rules found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: Medium

The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT), in order to generate audit records containing information to establish what type of events occurred, the identity of any individual or process associated with the event, including individual identities of group account users, establish where the events occurred, source of the event, and outcome of the events including all account enabling actions, full-text recording of privileged commands, and information about the use of encryption for access wireless access to and from the system.

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Low

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Medium

Enable audit Service

Ensure the audit Subsystem is Installed

Enable auditd Service

Ensure the audit-libs package as a part of audit Subsystem is Installed

Record Events When Privileged Executables Are Run

Ensure the libaudit1 package as a part of audit Subsystem is Installed

The CA API Gateway must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.

The DBN-6300 must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.

The HP FlexFabric Switch must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.

Time stamps in database tables, intended for auditing or activity-tracking purposes, must include both date and time of day, with a minimum granularity of one second.

PostgreSQL must generate time stamps, for audit records and application data, with a minimum granularity of one second.

The macOS system must produce audit records containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions.

The Arista network device must be configured to synchronize internal system clocks using redundant authenticated time sources.

PostgreSQL must generate time stamps for audit records and application data with a minimum granularity of one second.

The Cisco ASA must be configured to record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.

The Cisco switch must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources.

The Cisco router must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.

The EDB Postgres Advanced Server must generate time stamps for audit records and application data, with a minimum granularity of one second.

The network device must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.

The Riverbed NetProfiler must be configured to record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.

Rancher MCM must generate audit records for all DoD-defined auditable events within all components in the platform.

SLEM 5 must have the auditing package installed.

SLEM 5 must generate audit records for all uses of privileged functions.

The web server must record time stamps for log records to a minimum granularity of one second.

NixOS must enable the audit daemon.

The Apache web server must generate log records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) which are stamped at a minimum granularity of one second.

AAA Services must be configured with a minimum granularity of one second to record time stamps for audit records.

The macOS system must enable security auditing.

The application server must record time stamps for log records that meet a granularity of one second for a minimum degree of precision.

The application must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.

The Cisco router must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources.

The Central Log Server must be configured to record time stamps for when log records are received by the log server that meet a granularity of one second for a minimum degree of precision.

The container platform must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.

The audit package must be installed on AlmaLinux OS 9.

The DBMS must generate time stamps, for audit records and application data, with a minimum granularity of one second.

The auditd service must be enabled on AlmaLinux OS 9.

The operating system must record time stamps for audit records that meet a minimum granularity of one second for a minimum degree of precision.

The OL 8 audit package must be installed.

OL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.

Rancher RKE2 components must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs.

RHEL 9 audit package must be installed.

The SUSE operating system must have the auditing package installed.

RHEL 9 audit service must be enabled.

The SUSE operating system must generate audit records for all uses of the privileged functions.

The UEM server must be configured to record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.

The VMM must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.

ESX Agent Manager must record user access in a format that enables monitoring of remote access.

VAMI must produce log records containing sufficient information to establish what type of events occurred.

Lookup Service must record user access in a format that enables monitoring of remote access.

Performance Charts must record user access in a format that enables monitoring of remote access.

VMware Postgres log files must contain required fields.

The vCenter ESX Agent Manager service must produce log records containing sufficient information regarding event details.

The Security Token Service must record user access in a format that enables monitoring of remote access.

The vCenter Lookup service must produce log records containing sufficient information regarding event details.

vSphere UI must record user access in a format that enables monitoring of remote access.

The vCenter Perfcharts service must produce log records containing sufficient information regarding event details.

The vCenter PostgreSQL service must produce logs containing sufficient information to establish what type of events occurred.

The vCenter STS service must produce log records containing sufficient information regarding event details.

The vCenter UI service must produce log records containing sufficient information regarding event details.

The vCenter VAMI service must produce log records containing sufficient information to establish what type of events occurred.