CCI-001914
Provide the capability for organization-defined individuals or roles to change the logging to be performed on organization-defined system components based on organization-defined selectable event criteria within organization-defined time thresholds.
7 rules found Severity: Medium
2 rules found Severity: Medium
The DBN-6300 must provide the capability for organization-identified individuals or roles to change the auditing to be performed based on all selectable event criteria within near real time.
1 rule found Severity: Low
CounterACT must restrict the ability to change the auditing to be performed within the system log based on selectable event criteria to the audit administrators role or to other roles or individuals.
1 rule found Severity: Medium
The HYCU server must initiate session auditing upon startup and produce audit log records containing sufficient information to establish what type of event occurred.
1 rule found Severity: Medium
The DataPower Gateway must provide the capability for organization-identified individuals or roles to change the auditing to be performed based on all selectable event criteria within near-real-time.
1 rule found Severity: Medium
The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT), in order to generate audit records containing information to establish what type of events occurred, the identity of any individual or process associated with the event, including individual identities of group account users, establish where the events occurred, source of the event, and outcome of the events including all account enabling actions, full-text recording of privileged commands, and information about the use of encryption for access wireless access to and from the system.
1 rule found Severity: Medium
The Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.
2 rules found Severity: Medium
The macOS system must produce audit records containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions.
1 rule found Severity: Medium
A BIND 9.x server implementation must be configured to allow DNS administrators to audit all DNS server components, based on selectable event criteria, and produce audit records within all DNS server components that contain information for failed security verification tests, information to establish the outcome and source of the events, any information necessary to determine cause of failure, and any information necessary to return to operations with least disruption to mission processes.
1 rule found Severity: Low
PostgreSQL must provide the means for individuals in authorized roles to change the auditing to be performed on all application components, based on all selectable event criteria within organization-defined time thresholds.
1 rule found Severity: Medium
AIX must provide the function for assigned ISSOs or designated SAs to change the auditing to be performed on all operating system components, based on all selectable event criteria in near real time.
1 rule found Severity: Medium
1 rule found Severity: Medium
2 rules found Severity: Medium
1 rule found Severity: Medium
The System Administrator (SA) and Information System Security Officer (ISSO) must configure the retention of the log records based on the defined security plan.
1 rule found Severity: Low
The System Administrator (SA) and Information System Security Manager (ISSM) must configure the retention of the log records based on the defined security plan.
1 rule found Severity: Low
Ubuntu 22.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.
1 rule found Severity: Medium
The System Administrator (SA) and Information System Security Manager (ISSM) must configure the retention of the log records based on criticality level, event type, and/or retention period, at a minimum.
1 rule found Severity: Low
The Central Log Server must be configured so changes made to the level and type of log records stored in the centralized repository must take effect immediately without the need to reboot or restart the application.
1 rule found Severity: Low
The operating system must provide the capability for assigned IMOs/ISSOs or designated SAs to change the auditing to be performed on all operating system components, based on all selectable event criteria in near real time.
1 rule found Severity: Medium
Windows Server 2019 Manage auditing and security log user right must only be assigned to the Administrators group.
1 rule found Severity: Medium
Windows Server 2022 manage auditing and security log user right must only be assigned to the Administrators group.
1 rule found Severity: Medium
OL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.
1 rule found Severity: Medium
2 rules found Severity: Low