Capacity
CCI-002234
Log the execution of privileged functions.
29
Rule
Severity: Medium
Ensure auditd Collects Information on the Use of Privileged Commands
15
Rule
Severity: Medium
Record Events When Privileged Executables Are Run
1
Rule
Severity: Medium
The Akamai Luna Portal must audit the execution of privileged functions.
2
Rule
Severity: Medium
The application server must provide access logging that ensures users who are granted a privileged role (or roles) have their privileged activity logged.
2
Rule
Severity: Medium
The Arista network device must be configured to audit all administrator activity.
2
Rule
Severity: Medium
The application must audit the execution of privileged functions.
1
Rule
Severity: Medium
The DBN-6300 must audit the execution of privileged functions.
1
Rule
Severity: Medium
The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.
1
Rule
Severity: Medium
The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.
1
Rule
Severity: Medium
An appropriate Docker Engine - Enterprise log driver plugin must be configured to collect audit events from Universal Control Plane (UCP) and Docker Trusted Registry (DTR).
1
Rule
Severity: Medium
The FortiGate device must audit the execution of privileged functions.
1
Rule
Severity: Medium
The HYCU server and Web UI must audit the execution of privileged functions.
1
Rule
Severity: Medium
The network device must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The DataPower Gateway must audit the execution of privileged functions.
1
Rule
Severity: Medium
The MQ Appliance messaging server must provide access logging that ensures users who are granted a privileged role (or roles) have their privileged activity logged.
2
Rule
Severity: Medium
The WebSphere Liberty Server must log remote session and security activity.
1
Rule
Severity: Medium
The WebSphere Application Server security auditing must be enabled.
1
Rule
Severity: Medium
The WebSphere Application Server groups in the user registry mapped to WebSphere auditor roles must be configured in accordance with the security plan.
1
Rule
Severity: Medium
The WebSphere Application Server users in the WebSphere auditor role must be configured in accordance with the System Security Plan.
1
Rule
Severity: Medium
The WebSphere Application Server audit event type filters must be configured.
1
Rule
Severity: Medium
The WebSphere Application Server audit service provider must be enabled.
2
Rule
Severity: Medium
The JBoss server must be configured to log all admin activity.
2
Rule
Severity: Medium
The Juniper router must be configured to audit the execution of privileged functions.
2
Rule
Severity: Low
The Juniper SRX Services Gateway must generate a log event when privileged commands are executed.
2
Rule
Severity: Medium
The Mainframe Product must audit the execution of privileged functions.
2
Rule
Severity: Medium
The network device must audit the execution of privileged functions.
1
Rule
Severity: Medium
Nutanix AOS must audit the execution of privileged functions.
2
Rule
Severity: High
The Riverbed NetProfiler must be configured to automatically generate DOD-required audit records with sufficient information to support incident reporting to a central log server.
2
Rule
Severity: Medium
Rancher MCM must generate audit records for all DoD-defined auditable events within all components in the platform.
1
Rule
Severity: Low
Riverbed Optimization System (RiOS) must generate a log event when privileged functions are executed.
1
Rule
Severity: Medium
Innoslate must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
1
Rule
Severity: High
The TippingPoint SMS must automatically generate audit records for account changes and actions with containing information needed for analysis of the event that occurred on the SMS and TPS.
2
Rule
Severity: Medium
The UEM server must audit the execution of privileged functions.
2
Rule
Severity: Low
Application user name must be logged.
1
Rule
Severity: Medium
The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions.
3
Rule
Severity: Medium
The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all nonlocal maintenance and diagnostic sessions.
3
Rule
Severity: Medium
The macOS system must be configured to audit all administrative action events.
3
Rule
Severity: Medium
The Ubuntu operating system must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions.
2
Rule
Severity: Medium
The Cisco ASA must be configured to audit the execution of privileged functions.
8
Rule
Severity: Medium
The Cisco device must be configured to audit all administrator activity.
2
Rule
Severity: Medium
The Cisco switch must be configured to audit the execution of privileged functions.
2
Rule
Severity: Medium
The container platform must audit the execution of privileged functions.
2
Rule
Severity: Medium
The operating system must audit the execution of privileged functions.
2
Rule
Severity: Medium
AIX must provide audit record generation functionality for DoD-defined auditable events.
2
Rule
Severity: Medium
IBM z/OS Required SMF data record types must be collected.
2
Rule
Severity: Medium
IBM Integrated Crypto Service Facility (ICSF) install data sets must be properly protected.
2
Rule
Severity: Medium
IBM RACF OPERAUDIT SETROPTS value must set to OPERAUDIT.
2
Rule
Severity: Medium
CA-TSS ADMINBY Control Option must be set to ADMINBY.
2
Rule
Severity: Medium
CA-TSS LOG Control Option must be set to (SMF,INIT, SEC9, MSG).
2
Rule
Severity: Medium
CA-TSS MSCA ACID password changes must be documented in the change log.
4
Rule
Severity: Medium
IBM z/OS required SMF data record types must be collected.
2
Rule
Severity: Medium
The ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.
2
Rule
Severity: Medium
The system must be configured to audit Account Management - Security Group Management successes.
2
Rule
Severity: Medium
The system must be configured to audit Account Management - User Account Management failures.
2
Rule
Severity: Medium
The system must be configured to audit Account Management - User Account Management successes.
2
Rule
Severity: Medium
The system must be configured to audit Policy Change - Authentication Policy Change successes.
4
Rule
Severity: Medium
The system must be configured to audit Privilege Use - Sensitive Privilege Use failures.
2
Rule
Severity: Medium
The system must be configured to audit Privilege Use - Sensitive Privilege Use successes.
2
Rule
Severity: Medium
The system must be configured to audit System - Security State Change successes.
2
Rule
Severity: Medium
The system must be configured to audit System - Security System Extension successes.
2
Rule
Severity: Medium
The system must be configured to audit System - System Integrity failures.
2
Rule
Severity: Medium
The system must be configured to audit System - System Integrity successes.
2
Rule
Severity: Medium
Windows 10 must have command line process auditing events enabled for failures.
2
Rule
Severity: Medium
Windows 11 must have command line process auditing events enabled for failures.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit Account Management - Other Account Management Events successes.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit Detailed Tracking - Process Creation successes.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit Policy Change - Audit Policy Change successes.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit Policy Change - Audit Policy Change failures.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit Policy Change - Authentication Policy Change successes.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit Policy Change - Authorization Policy Change successes.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit Privilege Use - Sensitive Privilege Use successes.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit Privilege Use - Sensitive Privilege Use failures.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit System - IPsec Driver successes.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit System - IPsec Driver failures.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit System - Other System Events successes.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit System - Other System Events failures.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit System - Security State Change successes.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit System - Security System Extension successes.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit System - System Integrity successes.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit System - System Integrity failures.
2
Rule
Severity: Medium
Active Directory Group Policy objects must be configured with proper audit settings.
2
Rule
Severity: Medium
The Active Directory Domain object must be configured with proper audit settings.
2
Rule
Severity: Medium
The Active Directory Infrastructure object must be configured with proper audit settings.
2
Rule
Severity: Medium
The Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings.
2
Rule
Severity: Medium
The Active Directory AdminSDHolder object must be configured with proper audit settings.
2
Rule
Severity: Medium
The Active Directory RID Manager$ object must be configured with proper audit settings.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit DS Access - Directory Service Access successes.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit DS Access - Directory Service Access failures.
2
Rule
Severity: Medium
Windows Server 2016 must be configured to audit DS Access - Directory Service Changes successes.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit Account Management - Other Account Management Events successes.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit Detailed Tracking - Process Creation successes.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit Policy Change - Audit Policy Change successes.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit Policy Change - Audit Policy Change failures.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit Policy Change - Authentication Policy Change successes.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit Policy Change - Authorization Policy Change successes.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit Privilege Use - Sensitive Privilege Use successes.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit Privilege Use - Sensitive Privilege Use failures.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit System - IPsec Driver successes.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit System - IPsec Driver failures.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit System - Other System Events successes.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit System - Other System Events failures.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit System - Security State Change successes.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit System - Security System Extension successes.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit System - System Integrity successes.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit System - System Integrity failures.
2
Rule
Severity: Medium
Windows Server 2019 Active Directory Group Policy objects must be configured with proper audit settings.
2
Rule
Severity: Medium
Windows Server 2019 Active Directory Domain object must be configured with proper audit settings.
2
Rule
Severity: Medium
Windows Server 2019 Active Directory Infrastructure object must be configured with proper audit settings.
2
Rule
Severity: Medium
Windows Server 2019 Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings.
2
Rule
Severity: Medium
Windows Server 2019 Active Directory AdminSDHolder object must be configured with proper audit settings.
2
Rule
Severity: Medium
Windows Server 2019 Active Directory RID Manager$ object must be configured with proper audit settings.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit DS Access - Directory Service Access successes.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit DS Access - Directory Service Access failures.
2
Rule
Severity: Medium
Windows Server 2019 must be configured to audit DS Access - Directory Service Changes successes.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit Account Management - Other Account Management Events successes.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit Detailed Tracking - Process Creation successes.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit Policy Change - Audit Policy Change successes.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit Policy Change - Audit Policy Change failures.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit Policy Change - Authentication Policy Change successes.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit Policy Change - Authorization Policy Change successes.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit Privilege Use - Sensitive Privilege Use successes.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit Privilege Use - Sensitive Privilege Use failures.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit System - IPsec Driver successes.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit System - IPsec Driver failures.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit System - Other System Events successes.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit System - Other System Events failures.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit System - Security State Change successes.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit System - Security System Extension successes.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit System - System Integrity successes.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit System - System Integrity failures.
2
Rule
Severity: Medium
Windows Server 2022 Active Directory Group Policy objects must be configured with proper audit settings.
2
Rule
Severity: Medium
Windows Server 2022 Active Directory Domain object must be configured with proper audit settings.
2
Rule
Severity: Medium
Windows Server 2022 Active Directory Infrastructure object must be configured with proper audit settings.
2
Rule
Severity: Medium
Windows Server 2022 Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings.
2
Rule
Severity: Medium
Windows Server 2022 Active Directory AdminSDHolder object must be configured with proper audit settings.
2
Rule
Severity: Medium
Windows Server 2022 Active Directory RID Manager$ object must be configured with proper audit settings.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit DS Access - Directory Service Access successes.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit DS Access - Directory Service Access failures.
2
Rule
Severity: Medium
Windows Server 2022 must be configured to audit DS Access - Directory Service Changes successes.
2
Rule
Severity: Medium
The Oracle Linux operating system must audit all executions of privileged functions.
2
Rule
Severity: Medium
The OL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.
2
Rule
Severity: Medium
Rancher RKE2 components must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs.
2
Rule
Severity: Medium
OpenShift must enforce access restrictions and support auditing of the enforcement actions.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must audit all executions of privileged functions.
4
Rule
Severity: Low
The SUSE operating system must generate audit records for all uses of the privileged functions.
2
Rule
Severity: Medium
RHEL 9 must audit uses of the "execve" system call.
4
Rule
Severity: Medium
The operating system must protect the audit records resulting from non-local accesses to privileged accounts and the execution of privileged functions.
2
Rule
Severity: Medium
The VMM must audit the execution of privileged functions.
4
Rule
Severity: Medium
The Photon operating system must audit the execution of privileged functions.
3
Rule
Severity: Medium
The vCenter ESX Agent Manager service must produce log records containing sufficient information regarding event details.
3
Rule
Severity: Medium
The vCenter Lookup service must produce log records containing sufficient information regarding event details.
3
Rule
Severity: Medium
The vCenter Perfcharts service must produce log records containing sufficient information regarding event details.
6
Rule
Severity: Medium
BMC CONTROL-D installation data sets will be properly protected.
2
Rule
Severity: Medium
BMC CONTROL-D resources will be properly defined and protected.
4
Rule
Severity: Medium
BMC CONTROL-M/Restart installation data sets will be properly protected.
6
Rule
Severity: Medium
BMC CONTROL-O installation data sets will be properly protected.
6
Rule
Severity: Medium
BMC CONTROL-O resources must be properly defined and protected.
6
Rule
Severity: Medium
BMC IOA installation data sets will be properly protected.
2
Rule
Severity: Medium
BMC IOA resources will be properly defined and protected.
4
Rule
Severity: Medium
BMC MAINVIEW for z/OS installation data sets are not properly protected.
6
Rule
Severity: Medium
BMC MAINVIEW resources must be properly defined and protected.
6
Rule
Severity: Medium
CA Auditor resources are not properly defined and protected.
2
Rule
Severity: Medium
CA Common Services installation data sets will be properly protected.
4
Rule
Severity: Medium
Catalog Solution Install data sets are not properly protected.
4
Rule
Severity: Medium
Catalog Solutions resources must be properly defined and protected.
6
Rule
Severity: Medium
BMC CONTROL-M installation data sets will be properly protected.
6
Rule
Severity: Medium
BMC C0NTROL-M resources must be properly defined and protected.
2
Rule
Severity: Medium
BMC CONTROL-M/Restart installation data sets will be not properly protected.
3
Rule
Severity: Medium
The vCenter STS service must produce log records containing sufficient information regarding event details.
3
Rule
Severity: Medium
The vCenter UI service must produce log records containing sufficient information regarding event details.
6
Rule
Severity: Medium
CA 1 Tape Management installation data sets must be properly protected.
6
Rule
Severity: Medium
CA 1 Tape Management command resources must be properly defined and protected.
6
Rule
Severity: Medium
CA 1 Tape Management function and password resources must be properly defined and protected.
4
Rule
Severity: Medium
CA MICS Resource Management installation data sets must be properly protected.
6
Rule
Severity: Medium
CA MIM Resource Sharing installation data sets will be properly protected.
6
Rule
Severity: Medium
CA MIM Resource Sharing resources will be properly defined and protected.
4
Rule
Severity: Medium
BMC CONTROL-D resources must be properly defined and protected.
6
Rule
Severity: Medium
CL/SuperSession Install data sets must be properly protected.
6
Rule
Severity: Medium
Compuware Abend-AID installation data sets will be properly protected.
6
Rule
Severity: Medium
Compuware Abend-AID resources must be properly defined and protected.
6
Rule
Severity: Medium
Fast Dump Restore (FDR) install data sets are not properly protected.
6
Rule
Severity: Medium
IBM Hardware Configuration Definition (HCD) resources are not properly defined and protected.
6
Rule
Severity: Medium
IBM CICS Transaction Server SPI command resources must be properly defined and protected.
4
Rule
Severity: Medium
BMC IOA resources must be properly defined and protected.
6
Rule
Severity: Medium
IBM System Display and Search Facility (SDSF) installation data sets will be properly protected.
2
Rule
Severity: Medium
IBM System Display and Search Facility (SDSF) resources must be properly defined and protected.
10
Rule
Severity: Medium
IBM System Display and Search Facility (SDSF) resources will be properly defined and protected.
4
Rule
Severity: Medium
CA VTAPE installation data sets are not properly protected.
4
Rule
Severity: Medium
Quest NC-Pass installation data sets will be properly protected.
6
Rule
Severity: Medium
Quest NC-Pass will be used by Highly-Sensitive users.
6
Rule
Severity: Medium
Transparent Data Migration Facility (TDMF) installation data sets will be not properly protected.
6
Rule
Severity: Medium
HFS objects for the WebSphere Application Server are not protected in accordance with the proper security requirements.
6
Rule
Severity: Medium
WebSphere MQ all update and alter access to MQSeries/WebSphere MQ product and system data sets are not properly restricted.
2
Rule
Severity: Medium
WebSphere MQ MQCONN Class resources must be protected in accordance with security.
6
Rule
Severity: Medium
WebSphere MQ command resources defined to MQCMDS resource class are not protected in accordance with security requirements.
6
Rule
Severity: Medium
NetView install data sets are not properly protected.
6
Rule
Severity: Medium
NetView resources must be properly defined and protected.
2
Rule
Severity: Medium
Catalog Solutions Install data sets are not properly protected.
2
Rule
Severity: Medium
Catalog Solutions resources must be properly defined and protected.
6
Rule
Severity: Medium
SRRAUDIT installation data sets must be properly protected.
4
Rule
Severity: Medium
ROSCOE Install data sets are not properly protected.
6
Rule
Severity: Medium
ROSCOE resources must be properly defined and protected.
4
Rule
Severity: Medium
Tivoli Asset Discovery for z/OS (TADz) Install data sets are not properly protected.
2
Rule
Severity: Medium
CA MICS Resource Management User data sets must be properly protected.
2
Rule
Severity: Medium
Vanguard Security Solutions resources must be properly defined and protected.
2
Rule
Severity: Medium
WebSphere MQ MQCONN Class (Connection) resource definitions must be protected in accordance with security.
2
Rule
Severity: Medium
WebSphere MQ MQCONN Class resources must be protected properly.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions.
1
Rule
Severity: Medium
The F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.
1
Rule
Severity: Medium
The zSecure programs CKFCOLL and CKGRACF, and the APF-authorized version of program CKRCARLA, must be restricted to security administrators, security batch jobs performing External Security Manager (ESM) maintenance, auditors, and systems programmers, and audited.
1
Rule
Severity: Medium
Audit logging must be enabled on MKE.
1
Rule
Severity: Medium
SLEM 5 must generate audit records for all uses of privileged functions.
1
Rule
Severity: High
The TippingPoint SMS must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
1
Rule
Severity: Medium
TOSS audit records must contain information to establish what type of events occurred, when the events occurred, the source of events, where events occurred, and the outcome of events.
1
Rule
Severity: Medium
The TOSS audit system must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules