Skip to main content

💼 AU-2 Event Logging

  • ID: /frameworks/nist-sp-800-53-r5/au/02

Description

a. Identify the types of events that the system is capable of logging in support of the audit function: [Assignment: organization-defined event types that the system is capable of logging]; b. Coordinate the event logging function with other organizational entities requiring audit-related information to guide and inform the selection criteria for events to be logged; c. Specify the following event types for logging within the system: [Assignment: organization-defined event types (subset of the event types defined in AU-2a.) along with the frequency of (or situation requiring) logging for each identified event type]; d. Provide a rationale for why the event types selected for logging are deemed to be adequate to support after-the-fact investigations of incidents; and e. Review and update the event types selected for logging [Assignment: organization-defined frequency].

Similar

  • Sections
    • /frameworks/aws-fsbp-v1.0.0/api-gateway/01
    • /frameworks/aws-fsbp-v1.0.0/api-gateway/09
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/05
    • /frameworks/aws-fsbp-v1.0.0/cloudtrail/01
    • /frameworks/aws-fsbp-v1.0.0/cloudtrail/05
    • /frameworks/aws-fsbp-v1.0.0/codebuild/04
    • /frameworks/aws-fsbp-v1.0.0/dms/07
    • /frameworks/aws-fsbp-v1.0.0/dms/08
    • /frameworks/aws-fsbp-v1.0.0/documentdb/04
    • /frameworks/aws-fsbp-v1.0.0/ec2/06
    • /frameworks/aws-fsbp-v1.0.0/ec2/51
    • /frameworks/aws-fsbp-v1.0.0/ecs/09
    • /frameworks/aws-fsbp-v1.0.0/eks/08
    • /frameworks/aws-fsbp-v1.0.0/elb/05
    • /frameworks/aws-fsbp-v1.0.0/es/04
    • /frameworks/aws-fsbp-v1.0.0/es/05
    • /frameworks/aws-fsbp-v1.0.0/mq/02
    • /frameworks/aws-fsbp-v1.0.0/neptune/02
    • /frameworks/aws-fsbp-v1.0.0/network-firewall/02
    • /frameworks/aws-fsbp-v1.0.0/opensearch/04
    • /frameworks/aws-fsbp-v1.0.0/opensearch/05
    • /frameworks/aws-fsbp-v1.0.0/route-53/02
    • /frameworks/aws-fsbp-v1.0.0/rds/09
    • /frameworks/aws-fsbp-v1.0.0/rds/34
    • /frameworks/aws-fsbp-v1.0.0/rds/40
    • /frameworks/aws-fsbp-v1.0.0/redshift/04
    • /frameworks/aws-fsbp-v1.0.0/s3/09
    • /frameworks/aws-fsbp-v1.0.0/transfer-family/03
    • /frameworks/aws-fsbp-v1.0.0/waf/01
    • /frameworks/aws-fsbp-v1.0.0/waf/12
  • Internal
    • ID: dec-c-aab958a2

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [APIGateway.1] API Gateway REST and WebSocket API execution logging should be enabled11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [APIGateway.9] Access logging should be configured for API Gateway V2 Stages11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.5] CloudFront distributions should have logging enabled11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudTrail.1] CloudTrail should be enabled and configured with at least one multi-Region trail that includes read and write management events11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudTrail.5] CloudTrail trails should be integrated with Amazon CloudWatch Logsno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CodeBuild.4] CodeBuild project environments should have a logging AWS Configurationno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DMS.7] DMS replication tasks for the target database should have logging enabled1no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DMS.8] DMS replication tasks for the source database should have logging enabled1no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DocumentDB.4] Amazon DocumentDB clusters should publish audit logs to CloudWatch Logsno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.6] VPC flow logging should be enabled in all VPCs11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.51] EC2 Client VPN endpoints should have client connection logging enabledno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECS.9] ECS task definitions should have a logging configurationno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EKS.8] EKS clusters should have audit logging enabledno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.5] Application and Classic Load Balancers logging should be enabledno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ES.4] Elasticsearch domain error logging to CloudWatch Logs should be enabledno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ES.5] Elasticsearch domains should have audit logging enabledno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [MQ.2] ActiveMQ brokers should stream audit logs to CloudWatchno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Neptune.2] Neptune DB clusters should publish audit logs to CloudWatch Logsno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [NetworkFirewall.2] Network Firewall logging should be enabledno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.4] OpenSearch domain error logging to CloudWatch Logs should be enabledno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.5] OpenSearch domains should have audit logging enabledno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.9] RDS DB instances should publish logs to CloudWatch Logsno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.34] Aurora MySQL DB clusters should publish audit logs to CloudWatch Logsno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.40] RDS for SQL Server DB instances should publish logs to CloudWatch Logsno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Redshift.4] Amazon Redshift clusters should have audit logging enabledno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Route53.2] Route 53 public hosted zones should log DNS queriesno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [S3.9] S3 general purpose buckets should have server access logging enabled12no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Transfer.3] Transfer Family connectors should have logging enabledno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [WAF.1] AWS WAF Classic Global Web ACL logging should be enabledno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [WAF.12] AWS WAF rules should have CloudWatch metrics enabledno data

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 FedRAMP High Security Controls → 💼 AU-2 Event Logging (L)(M)(H)17no data
💼 FedRAMP Low Security Controls → 💼 AU-2 Event Logging (L)(M)(H)17no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 AU-2(1) Event Logging _ Compilation of Audit Records from Multiple Sourcesno data
💼 AU-2(2) Event Logging _ Selection of Audit Events by Componentno data
💼 AU-2(3) Event Logging _ Reviews and Updatesno data
💼 AU-2(4) Event Logging _ Privileged Functionsno data

Policies (17)

PolicyLogic CountFlagsCompliance
🛡️ AWS Account Multi-Region CloudTrail is not enabled🟢1🟢 x6no data
🛡️ AWS API Gateway API Access Logging in CloudWatch is not enabled🟢1🟠 x1, 🟢 x5no data
🛡️ AWS API Gateway API Execution Logging in CloudWatch is not enabled🟢1🟢 x6no data
🛡️ AWS CloudFront Distribution Logging is not enabled🟢1🟢 x6no data
🛡️ AWS CloudTrail S3 Bucket Access Logging is not enabled.🟢1🟢 x6no data
🛡️ AWS DMS Migration Task Logging is not enabled🟢1🟢 x6no data
🛡️ AWS S3 Bucket Server Access Logging is not enabled🟢1🟢 x6no data
🛡️ AWS VPC Flow Logs are not enabled🟢1🟠 x1, 🟢 x5no data
🛡️ Google HTTP(S) Load Balancer Logging is not enabled🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for Audit Configuration Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for Custom Role Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for Project Ownership Assignments Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for SQL Instance Configuration Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for VPC Network Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for VPC Network Firewall Rule Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Metric Filter and Alerts for VPC Network Route Changes do not exist🟢1🟢 x6no data
🛡️ Google Logging Log Sink for All Log Entries is not configured🟢1🟢 x6no data