Skip to main content

💼 AC-2(4) Account Management | Automated Audit Actions

  • Contextual name: 💼 AC-2(4) Account Management | Automated Audit Actions
  • ID: /frameworks/nist-sp-800-53-r5/ac/02/04
  • Located in: 💼 AC-2 Account Management

Description

Automatically audit account creation, modification, enabling, disabling, and removal actions.

Similar

  • Sections
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/05
    • /frameworks/aws-fsbp-v1.0.0/cloudtrail/01
    • /frameworks/aws-fsbp-v1.0.0/cloudtrail/05
    • /frameworks/aws-fsbp-v1.0.0/codebuild/04
    • /frameworks/aws-fsbp-v1.0.0/dms/07
    • /frameworks/aws-fsbp-v1.0.0/dms/08
    • /frameworks/aws-fsbp-v1.0.0/documentdb/04
    • /frameworks/aws-fsbp-v1.0.0/ec2/51
    • /frameworks/aws-fsbp-v1.0.0/eks/08
    • /frameworks/aws-fsbp-v1.0.0/es/04
    • /frameworks/aws-fsbp-v1.0.0/es/05
    • /frameworks/aws-fsbp-v1.0.0/neptune/02
    • /frameworks/aws-fsbp-v1.0.0/network-firewall/02
    • /frameworks/aws-fsbp-v1.0.0/opensearch/04
    • /frameworks/aws-fsbp-v1.0.0/opensearch/05
    • /frameworks/aws-fsbp-v1.0.0/route-53/02
    • /frameworks/aws-fsbp-v1.0.0/rds/09
    • /frameworks/aws-fsbp-v1.0.0/rds/34
    • /frameworks/aws-fsbp-v1.0.0/rds/40
    • /frameworks/aws-fsbp-v1.0.0/redshift/04
    • /frameworks/aws-fsbp-v1.0.0/s3/09
    • /frameworks/aws-fsbp-v1.0.0/transfer-family/03
  • Internal
    • ID: dec-c-e6a46f56

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlags
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.5] CloudFront distributions should have logging enabled11
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudTrail.1] CloudTrail should be enabled and configured with at least one multi-Region trail that includes read and write management events11
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudTrail.5] CloudTrail trails should be integrated with Amazon CloudWatch Logs
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CodeBuild.4] CodeBuild project environments should have a logging AWS Configuration
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DMS.7] DMS replication tasks for the target database should have logging enabled1
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DMS.8] DMS replication tasks for the source database should have logging enabled1
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DocumentDB.4] Amazon DocumentDB clusters should publish audit logs to CloudWatch Logs
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.51] EC2 Client VPN endpoints should have client connection logging enabled
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EKS.8] EKS clusters should have audit logging enabled
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ES.4] Elasticsearch domain error logging to CloudWatch Logs should be enabled
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ES.5] Elasticsearch domains should have audit logging enabled
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Neptune.2] Neptune DB clusters should publish audit logs to CloudWatch Logs
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [NetworkFirewall.2] Network Firewall logging should be enabled
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.4] OpenSearch domain error logging to CloudWatch Logs should be enabled
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.5] OpenSearch domains should have audit logging enabled
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.9] RDS DB instances should publish logs to CloudWatch Logs
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.34] Aurora MySQL DB clusters should publish audit logs to CloudWatch Logs
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.40] RDS for SQL Server DB instances should publish logs to CloudWatch Logs
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Redshift.4] Amazon Redshift clusters should have audit logging enabled
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Route53.2] Route 53 public hosted zones should log DNS queries
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [S3.9] S3 general purpose buckets should have server access logging enabled12
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Transfer.3] Transfer Family connectors should have logging enabled

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlags
💼 FedRAMP High Security Controls → 💼 AC-2(4) Automated Audit Actions (M)(H)16

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlags

Policies (16)

PolicyLogic CountFlags
📝 AWS Account IAM Access Analyzer is not enabled for all regions 🟢1🟢 x6
📝 AWS Account Multi-Region CloudTrail is not enabled 🟢1🟢 x6
📝 AWS CloudFront Distribution Logging is not enabled 🟢1🟢 x6
📝 AWS CloudTrail Disable CMK or Schedule CMK Deletion Events Monitoring is not enabled 🟢🟢 x3
📝 AWS CloudTrail IAM Policy Changes Monitoring is not enabled 🟢🟢 x3
📝 AWS CloudTrail S3 Bucket Access Logging is not enabled. 🟢1🟢 x6
📝 AWS DMS Migration Task Logging is not enabled 🟢1🟢 x6
📝 AWS EKS Cluster Logging is not enabled for all control plane logs types 🟢1🟢 x6
📝 AWS S3 Bucket Server Access Logging is not enabled 🟢1🟢 x6
📝 Azure Diagnostic Setting captures Administrative, Alert, Policy, and Security categories 🟢1🟢 x6
📝 Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests 🟢1🟢 x6
📝 Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests 🟢1🟢 x6
📝 Azure Subscription Activity Log Alert for Create Policy Assignment does not exist 🟢1🟢 x6
📝 Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist 🟢1🟢 x6
📝 Azure Subscription Security Alert Notifications for alerts with High or Critical severity are not configured 🟢1🟢 x6
📝 Azure Subscription Security Alert Notifications to subscription owners are not configured 🟢1🟢 x6

Internal Rules

RulePoliciesFlags
✉️ dec-x-8ccccedc1
✉️ dec-x-43f99d791
✉️ dec-x-351e376f1
✉️ dec-x-611eaa351
✉️ dec-x-9002886f1
✉️ dec-x-a5c2acfe1
✉️ dec-x-a193b20f1
✉️ dec-x-ab7fc52e1
✉️ dec-x-ba4c5b1c1
✉️ dec-x-db1b7a1b1
✉️ dec-x-dc359e591
✉️ dec-x-e00143332
✉️ dec-x-f70dd11f1
✉️ dec-z-3ba226c71