CCI-002234
Log the execution of privileged functions.
33 rules found Severity: Medium

1 rule found Severity: Medium

The audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.
1 rule found Severity: Medium

The host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.
1 rule found Severity: Medium

An appropriate Docker Engine - Enterprise log driver plugin must be configured to collect audit events from Universal Control Plane (UCP) and Docker Trusted Registry (DTR).
1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

The MQ Appliance messaging server must provide access logging that ensures users who are granted a privileged role (or roles) have their privileged activity logged.
1 rule found Severity: Medium

The WebSphere Application Server groups in the user registry mapped to WebSphere auditor roles must be configured in accordance with the security plan.
1 rule found Severity: Medium

The WebSphere Application Server users in the WebSphere auditor role must be configured in accordance with the System Security Plan.
1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

Riverbed Optimization System (RiOS) must generate a log event when privileged functions are executed.
1 rule found Severity: Low

Innoslate must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
1 rule found Severity: Medium

The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions.
1 rule found Severity: Medium

The Ubuntu operating system must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions.
2 rules found Severity: Medium

1 rule found Severity: Medium

The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all nonlocal maintenance and diagnostic sessions.
1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

4 rules found Severity: Medium

The F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.
1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

The ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.
1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

Windows Server 2016 must be configured to audit Account Management - Other Account Management Events successes.
1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

Windows Server 2016 must be configured to audit Policy Change - Authentication Policy Change successes.
1 rule found Severity: Medium

Windows Server 2016 must be configured to audit Policy Change - Authorization Policy Change successes.
1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

The Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings.
1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

The Riverbed NetProfiler must be configured to automatically generate DOD-required audit records with sufficient information to support incident reporting to a central log server.
1 rule found Severity: High

Rancher MCM must generate audit records for all DoD-defined auditable events within all components in the platform.
1 rule found Severity: Medium

1 rule found Severity: Medium

The TippingPoint SMS must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO).
1 rule found Severity: High

TOSS audit records must contain information to establish what type of events occurred, when the events occurred, the source of events, where events occurred, and the outcome of events.
1 rule found Severity: Medium

The TOSS audit system must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions.
1 rule found Severity: Medium

2 rules found Severity: Medium

The application server must provide access logging that ensures users who are granted a privileged role (or roles) have their privileged activity logged.
1 rule found Severity: Medium

Ubuntu 22.04 LTS must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions.
1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

The IBM Security zSecure programs CKFCOLL and CKGRACF, and the APF-authorized version of program CKRCARLA, must be restricted to security administrators, security batch jobs performing External Security Manager (ESM) maintenance, auditors, and systems programmers, and must be audited.
1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

Windows Server 2019 must be configured to audit Account Management - Other Account Management Events successes.
1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

Windows Server 2019 must be configured to audit Policy Change - Authentication Policy Change successes.
1 rule found Severity: Medium

Windows Server 2019 must be configured to audit Policy Change - Authorization Policy Change successes.
1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

Windows Server 2019 Active Directory Group Policy objects must be configured with proper audit settings.
1 rule found Severity: Medium

1 rule found Severity: Medium

Windows Server 2019 Active Directory Infrastructure object must be configured with proper audit settings.
1 rule found Severity: Medium

Windows Server 2019 Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings.
1 rule found Severity: Medium

Windows Server 2019 Active Directory AdminSDHolder object must be configured with proper audit settings.
1 rule found Severity: Medium

Windows Server 2019 Active Directory RID Manager$ object must be configured with proper audit settings.
1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

Windows Server 2022 must be configured to audit Account Management - Other Account Management Events successes.
1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

Windows Server 2022 must be configured to audit Policy Change - Authentication Policy Change successes.
1 rule found Severity: Medium

Windows Server 2022 must be configured to audit Policy Change - Authorization Policy Change successes.
1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

Windows Server 2022 Active Directory Group Policy objects must be configured with proper audit settings.
1 rule found Severity: Medium

1 rule found Severity: Medium

Windows Server 2022 Active Directory Infrastructure object must be configured with proper audit settings.
1 rule found Severity: Medium

Windows Server 2022 Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings.
1 rule found Severity: Medium

Windows Server 2022 Active Directory AdminSDHolder object must be configured with proper audit settings.
1 rule found Severity: Medium

Windows Server 2022 Active Directory RID Manager$ object must be configured with proper audit settings.
1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

The OL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.
1 rule found Severity: Medium

Rancher RKE2 components must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs.
1 rule found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Low

The operating system must protect the audit records resulting from non-local accesses to privileged accounts and the execution of privileged functions.
2 rules found Severity: Medium

3 rules found Severity: Medium

The vCenter ESX Agent Manager service must produce log records containing sufficient information regarding event details.
2 rules found Severity: Medium

The vCenter Lookup service must produce log records containing sufficient information regarding event details.
2 rules found Severity: Medium

The vCenter Perfcharts service must produce log records containing sufficient information regarding event details.
2 rules found Severity: Medium

The vCenter STS service must produce log records containing sufficient information regarding event details.
2 rules found Severity: Medium

The vCenter UI service must produce log records containing sufficient information regarding event details.
2 rules found Severity: Medium

2 rules found Severity: Medium

3 rules found Severity: Medium

3 rules found Severity: Medium

3 rules found Severity: Medium

3 rules found Severity: Medium

3 rules found Severity: Medium

3 rules found Severity: Medium

2 rules found Severity: Medium

3 rules found Severity: Medium

3 rules found Severity: Medium

3 rules found Severity: Medium

3 rules found Severity: Medium

3 rules found Severity: Medium

3 rules found Severity: Medium

3 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

3 rules found Severity: Medium

HFS objects for the WebSphere Application Server are not protected in accordance with the proper security requirements.
3 rules found Severity: Medium

WebSphere MQ all update and alter access to MQSeries/WebSphere MQ product and system data sets are not properly restricted.
3 rules found Severity: Medium

1 rule found Severity: Medium

WebSphere MQ command resources defined to MQCMDS resource class are not protected in accordance with security requirements.
3 rules found Severity: Medium

5 rules found Severity: Medium

3 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Medium

WebSphere MQ MQ Connection Class resource definitions must be protected in accordance with security.
1 rule found Severity: Medium
