💼 AU-3 Content of Audit Records

ID: /frameworks/nist-sp-800-53-r5/au/03

Stats

not available

Description

Ensure that audit records contain information that establishes the following: a. What type of event occurred; b. When the event occurred; c. Where the event occurred; d. Source of the event; e. Outcome of the event; and f. Identity of any individuals, subjects, or objects/entities associated with the event.

Similar

Sections
- /frameworks/aws-fsbp-v1.0.0/api-gateway/01
- /frameworks/aws-fsbp-v1.0.0/api-gateway/09
- /frameworks/aws-fsbp-v1.0.0/cloudfront/05
- /frameworks/aws-fsbp-v1.0.0/cloudtrail/01
- /frameworks/aws-fsbp-v1.0.0/cloudtrail/05
- /frameworks/aws-fsbp-v1.0.0/codebuild/04
- /frameworks/aws-fsbp-v1.0.0/data-firehouse/01
- /frameworks/aws-fsbp-v1.0.0/dms/07
- /frameworks/aws-fsbp-v1.0.0/dms/08
- /frameworks/aws-fsbp-v1.0.0/documentdb/04
- /frameworks/aws-fsbp-v1.0.0/ec2/06
- /frameworks/aws-fsbp-v1.0.0/ec2/51
- /frameworks/aws-fsbp-v1.0.0/ecs/09
- /frameworks/aws-fsbp-v1.0.0/eks/08
- /frameworks/aws-fsbp-v1.0.0/elb/05
- /frameworks/aws-fsbp-v1.0.0/es/04
- /frameworks/aws-fsbp-v1.0.0/es/05
- /frameworks/aws-fsbp-v1.0.0/mq/02
- /frameworks/aws-fsbp-v1.0.0/neptune/02
- /frameworks/aws-fsbp-v1.0.0/network-firewall/02
- /frameworks/aws-fsbp-v1.0.0/opensearch/04
- /frameworks/aws-fsbp-v1.0.0/opensearch/05
- /frameworks/aws-fsbp-v1.0.0/route-53/02
- /frameworks/aws-fsbp-v1.0.0/rds/09
- /frameworks/aws-fsbp-v1.0.0/rds/34
- /frameworks/aws-fsbp-v1.0.0/rds/40
- /frameworks/aws-fsbp-v1.0.0/rds/42
- /frameworks/aws-fsbp-v1.0.0/rds/45
- /frameworks/aws-fsbp-v1.0.0/redshift/04
- /frameworks/aws-fsbp-v1.0.0/s3/09
- /frameworks/aws-fsbp-v1.0.0/transfer-family/03
- /frameworks/aws-fsbp-v1.0.0/waf/01
- /frameworks/aws-fsbp-v1.0.0/waf/12
Internal
- ID: dec-c-087be8a6

Similar Sections (Take Policies From)

Section	Internal Rules	Policies	Compliance
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [APIGateway.1] API Gateway REST and WebSocket API execution logging should be enabled	1	1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [APIGateway.9] Access logging should be configured for API Gateway V2 Stages	1	1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.5] CloudFront distributions should have logging enabled	1	1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudTrail.1] CloudTrail should be enabled and configured with at least one multi-Region trail that includes read and write management events	1	1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudTrail.5] CloudTrail trails should be integrated with Amazon CloudWatch Logs		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CodeBuild.4] CodeBuild project environments should have a logging AWS Configuration			no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DataFirehose.1] Firehose delivery streams should be encrypted at rest			no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DMS.7] DMS replication tasks for the target database should have logging enabled		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DMS.8] DMS replication tasks for the source database should have logging enabled		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DocumentDB.4] Amazon DocumentDB clusters should publish audit logs to CloudWatch Logs		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.6] VPC flow logging should be enabled in all VPCs	1	1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EC2.51] EC2 Client VPN endpoints should have client connection logging enabled			no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECS.9] ECS task definitions should have a logging configuration		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [EKS.8] EKS clusters should have audit logging enabled		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.5] Application and Classic Load Balancers logging should be enabled		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ES.4] Elasticsearch domain error logging to CloudWatch Logs should be enabled		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ES.5] Elasticsearch domains should have audit logging enabled		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [MQ.2] ActiveMQ brokers should stream audit logs to CloudWatch		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Neptune.2] Neptune DB clusters should publish audit logs to CloudWatch Logs		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [NetworkFirewall.2] Network Firewall logging should be enabled			no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.4] OpenSearch domain error logging to CloudWatch Logs should be enabled		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.5] OpenSearch domains should have audit logging enabled		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.9] RDS DB instances should publish logs to CloudWatch Logs		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.34] Aurora MySQL DB clusters should publish audit logs to CloudWatch Logs		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.40] RDS for SQL Server DB instances should publish logs to CloudWatch Logs		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.42] RDS for MariaDB DB instances should publish logs to CloudWatch Logs		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.45] Aurora MySQL DB clusters should have audit logging enabled		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Redshift.4] Amazon Redshift clusters should have audit logging enabled		1	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Route53.2] Route 53 public hosted zones should log DNS queries			no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [S3.9] S3 general purpose buckets should have server access logging enabled	1	2	no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Transfer.3] Transfer Family connectors should have logging enabled			no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [WAF.1] AWS WAF Classic Global Web ACL logging should be enabled			no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [WAF.12] AWS WAF rules should have CloudWatch metrics enabled			no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 FedRAMP High Security Controls → 💼 AU-3 Content of Audit Records (L)(M)(H)	1		39		no data
💼 FedRAMP Low Security Controls → 💼 AU-3 Content of Audit Records (L)(M)(H)			24		no data

Sub Sections

Section	Internal Rules	Policies	Compliance
💼 AU-3(1) Content of Audit Records _ Additional Audit Information	15	15	no data
💼 AU-3(2) Content of Audit Records _ Centralized Management of Planned Audit Record Content			no data
💼 AU-3(3) Content of Audit Records _ Limit Personally Identifiable Information Elements			no data

Policies (24)

Policy	Logic Count	Flags	Compliance
🛡️ AWS Account Multi-Region CloudTrail is not enabled🟢	1	🟢 x6	no data
🛡️ AWS API Gateway API Access Logging in CloudWatch is not enabled🟢	1	🟠 x1, 🟢 x5	no data
🛡️ AWS API Gateway API Execution Logging in CloudWatch is not enabled🟢	1	🟢 x6	no data
🛡️ AWS CloudFront Distribution Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS CloudTrail S3 Bucket Access Logging is not enabled.🟢	1	🟢 x6	no data
🛡️ AWS CloudTrail Trail is not integrated with CloudWatch Logs🟢	1	🟠 x1, 🟢 x5	no data
🛡️ AWS DMS Migration Task Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS ECS Task Definition logging is not configured🟢	1	🟢 x6	no data
🛡️ AWS EKS Cluster Logging is not enabled for all control plane logs types🟢	1	🟢 x6	no data
🛡️ AWS ELB Load Balancer Access Logging is disabled🟢	1	🟢 x6	no data
🛡️ AWS MQ ActiveMQ Broker Audit Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS OpenSearch Domain audit logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS OpenSearch Domain error logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS RDS Cluster required log exports to CloudWatch Logs are not enabled🟢	1	🟢 x6	no data
🛡️ AWS RDS Instance database logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS Redshift Cluster Audit Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS S3 Bucket Server Access Logging is not enabled🟢	1	🟢 x6	no data
🛡️ AWS VPC Flow Logs are not enabled🟢	1	🟠 x1, 🟢 x5	no data
🛡️ Google Cloud PostgreSQL Instance `Log_error_verbosity` Database Flag is not set to DEFAULT or stricter🟢	1	🟢 x6	no data
🛡️ Google Cloud PostgreSQL Instance Log_connections Database Flag is not set to On🟢	1	🟢 x6	no data
🛡️ Google Cloud PostgreSQL Instance Log_disconnections Database Flag is not set to On🟢	1	🟢 x6	no data
🛡️ Google Cloud PostgreSQL Instance Log_min_error_statement Database Flag is not set to Error or stricter🟢	1	🟢 x6	no data
🛡️ Google Cloud PostgreSQL Instance Log_min_messages Database Flag is not set at minimum to Warning🟢	1	🟢 x6	no data
🛡️ Google Cloud PostgreSQL Instance Log_statement Database Flag is not set appropriately🟢	1	🟢 x6	no data

Stats​

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (24)​