Skip to main content

πŸ’Ό AU-12 Audit Record Generation

  • Contextual name: πŸ’Ό AU-12 Audit Record Generation
  • ID: /frameworks/nist-sp-800-53-r5/au/12
  • Located in: πŸ’Ό AU Audit And Accountability

Description​

a. Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2a on [Assignment: organization-defined system components]; b. Allow [Assignment: organization-defined personnel or roles] to select the event types that are to be logged by specific components of the system; and c. Generate audit records for the event types defined in AU-2c that include the audit record content defined in AU-3.

Similar​

  • Sections
    • /frameworks/aws-fsbp-v1.0.0/api-gateway/01
    • /frameworks/aws-fsbp-v1.0.0/api-gateway/09
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/05
    • /frameworks/aws-fsbp-v1.0.0/cloudtrail/01
    • /frameworks/aws-fsbp-v1.0.0/cloudtrail/05
    • /frameworks/aws-fsbp-v1.0.0/codebuild/04
    • /frameworks/aws-fsbp-v1.0.0/dms/07
    • /frameworks/aws-fsbp-v1.0.0/dms/08
    • /frameworks/aws-fsbp-v1.0.0/documentdb/04
    • /frameworks/aws-fsbp-v1.0.0/ec2/06
    • /frameworks/aws-fsbp-v1.0.0/ec2/51
    • /frameworks/aws-fsbp-v1.0.0/ecs/09
    • /frameworks/aws-fsbp-v1.0.0/eks/08
    • /frameworks/aws-fsbp-v1.0.0/elb/05
    • /frameworks/aws-fsbp-v1.0.0/es/04
    • /frameworks/aws-fsbp-v1.0.0/es/05
    • /frameworks/aws-fsbp-v1.0.0/mq/02
    • /frameworks/aws-fsbp-v1.0.0/neptune/02
    • /frameworks/aws-fsbp-v1.0.0/network-firewall/02
    • /frameworks/aws-fsbp-v1.0.0/opensearch/04
    • /frameworks/aws-fsbp-v1.0.0/opensearch/05
    • /frameworks/aws-fsbp-v1.0.0/route-53/02
    • /frameworks/aws-fsbp-v1.0.0/rds/09
    • /frameworks/aws-fsbp-v1.0.0/rds/34
    • /frameworks/aws-fsbp-v1.0.0/rds/40
    • /frameworks/aws-fsbp-v1.0.0/redshift/04
    • /frameworks/aws-fsbp-v1.0.0/s3/09
    • /frameworks/aws-fsbp-v1.0.0/transfer-family/03
    • /frameworks/aws-fsbp-v1.0.0/waf/01
    • /frameworks/aws-fsbp-v1.0.0/waf/12
  • Internal
    • ID: dec-c-b33fc075

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [APIGateway.1] API Gateway REST and WebSocket API execution logging should be enabled11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [APIGateway.9] Access logging should be configured for API Gateway V2 Stages11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CloudFront.5] CloudFront distributions should have logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CloudTrail.1] CloudTrail should be enabled and configured with at least one multi-Region trail that includes read and write management events1
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CloudTrail.5] CloudTrail trails should be integrated with Amazon CloudWatch Logs
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CodeBuild.4] CodeBuild project environments should have a logging AWS Configuration
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [DMS.7] DMS replication tasks for the target database should have logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [DMS.8] DMS replication tasks for the source database should have logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [DocumentDB.4] Amazon DocumentDB clusters should publish audit logs to CloudWatch Logs
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EC2.6] VPC flow logging should be enabled in all VPCs11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EC2.51] EC2 Client VPN endpoints should have client connection logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ECS.9] ECS task definitions should have a logging configuration
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EKS.8] EKS clusters should have audit logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ELB.5] Application and Classic Load Balancers logging should be enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ES.4] Elasticsearch domain error logging to CloudWatch Logs should be enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ES.5] Elasticsearch domains should have audit logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [MQ.2] ActiveMQ brokers should stream audit logs to CloudWatch
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Neptune.2] Neptune DB clusters should publish audit logs to CloudWatch Logs
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [NetworkFirewall.2] Network Firewall logging should be enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Opensearch.4] OpenSearch domain error logging to CloudWatch Logs should be enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Opensearch.5] OpenSearch domains should have audit logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.9] RDS DB instances should publish logs to CloudWatch Logs
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.34] Aurora MySQL DB clusters should publish audit logs to CloudWatch Logs
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.40] RDS for SQL Server DB instances should publish logs to CloudWatch Logs
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Redshift.4] Amazon Redshift clusters should have audit logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Route53.2] Route 53 public hosted zones should log DNS queries
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [S3.9] S3 general purpose buckets should have server access logging enabled12
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Transfer.3] Transfer Family connectors should have logging enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [WAF.1] AWS WAF Classic Global Web ACL logging should be enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [WAF.12] AWS WAF rules should have CloudWatch metrics enabled

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό AU-12 Audit Record Generation (L)(M)(H)247
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό AU-12 Audit Record Generation (L)(M)(H)47
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-01: Networks and network services are monitored to find potentially adverse events83
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-03: Personnel activity and technology usage are monitored to find potentially adverse events59
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events89

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό AU-12(1) Audit Record Generation _ System-wide and Time-correlated Audit Trail
πŸ’Ό AU-12(2) Audit Record Generation _ Standardized Formats
πŸ’Ό AU-12(3) Audit Record Generation _ Changes by Authorized Individuals
πŸ’Ό AU-12(4) Audit Record Generation _ Query Parameter Audits of Personally Identifiable Information

Policies (47)​

PolicyLogic CountFlags
πŸ“ AWS Account Config is not enabled in all regions 🟒1🟒 x6
πŸ“ AWS Account IAM Access Analyzer is not enabled for all regions 🟒1🟒 x6
πŸ“ AWS Account Multi-Region CloudTrail is not enabled 🟒1🟒 x6
πŸ“ AWS Account Security Hub is not enabled 🟒1🟠 x1, 🟒 x5
πŸ“ AWS API Gateway API Access Logging in CloudWatch is not enabled 🟒1🟠 x1, 🟒 x5
πŸ“ AWS API Gateway API Execution Logging in CloudWatch is not enabled 🟒1🟒 x6
πŸ“ AWS API Gateway REST API Stage X-Ray Tracing is not enabled 🟒1🟒 x6
πŸ“ AWS CloudTrail AWS Organizations Changes Monitoring is not enabled 🟒🟒 x3
πŸ“ AWS CloudTrail Config Configuration Changes Monitoring is not enabled 🟒🟒 x3
πŸ“ AWS CloudTrail Configuration Changes Monitoring is not enabled 🟒🟒 x3
πŸ“ AWS CloudTrail Disable CMK or Schedule CMK Deletion Events Monitoring is not enabled 🟒🟒 x3
πŸ“ AWS CloudTrail IAM Policy Changes Monitoring is not enabled 🟒🟒 x3
πŸ“ AWS CloudTrail Management Console Authentication Failures Monitoring is not enabled 🟒🟒 x3
πŸ“ AWS CloudTrail Management Console Sign-In without MFA Monitoring is not enabled 🟒🟒 x3
πŸ“ AWS CloudTrail Network Access Control Lists Changes Monitoring is not enabled 🟒🟒 x3
πŸ“ AWS CloudTrail Network Gateways Changes Monitoring is not enabled 🟒🟒 x3
πŸ“ AWS CloudTrail Root Account Usage Monitoring is not enabled 🟒🟒 x3
πŸ“ AWS CloudTrail Route Table Changes Monitoring is not enabled 🟒🟒 x3
πŸ“ AWS CloudTrail S3 Bucket Access Logging is not enabled. 🟒1🟒 x6
πŸ“ AWS CloudTrail S3 Bucket Policy Changes Monitoring is not enabled 🟒🟒 x3
πŸ“ AWS CloudTrail Security Group Changes Monitoring is not enabled 🟒🟒 x3
πŸ“ AWS CloudTrail Unauthorized API Calls Monitoring is not enabled 🟒🟒 x3
πŸ“ AWS CloudTrail VPC Changes Monitoring is not enabled 🟒🟒 x3
πŸ“ AWS S3 Bucket Server Access Logging is not enabled 🟒1🟒 x6
πŸ“ AWS VPC Flow Logs are not enabled 🟒1🟠 x1, 🟒 x5
πŸ“ Azure Diagnostic Setting captures Administrative, Alert, Policy, and Security categories 🟒1🟒 x6
πŸ“ Azure Diagnostic Setting for Azure Key Vault is not enabled 🟒🟒 x3
πŸ“ Azure Network Security Group Flow Logs retention period is less than 90 days 🟒1🟒 x6
πŸ“ Azure PostgreSQL Flexible Server log_checkpoints Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure PostgreSQL Flexible Server log_retention_days Parameter is less than 4 days 🟒1🟒 x6
πŸ“ Azure PostgreSQL Single Server log_connections Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure PostgreSQL Single Server log_disconnections Parameter is not set to ON 🟒1🟒 x6
πŸ“ Azure SQL Server Auditing is not enabled 🟒1🟒 x6
πŸ“ Azure SQL Server Auditing Retention is less than 90 days 🟒1🟒 x6
πŸ“ Azure Storage Blob Logging is not enabled for Read, Write, and Delete requests 🟒1🟒 x6
πŸ“ Azure Storage Queue Logging is not enabled for Read, Write, and Delete requests 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Create or Update Network Security Group does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Create or Update Security Solution does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Create or Update SQL Server Firewall Rule does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Create Policy Assignment does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Delete Network Security Group does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Delete Policy Assignment does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Delete Security Solution does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Activity Log Alert for Delete SQL Server Firewall Rule does not exist 🟒1🟒 x6
πŸ“ Azure Subscription Security Alert Notifications additional email address is not configured 🟒1🟒 x6
πŸ“ Azure Subscription Security Alert Notifications for alerts with High severity are not configured 🟒1🟒 x6
πŸ“ Azure Subscription Security Alert Notifications to subscription owners are not configured 🟒1🟒 x6

Internal Rules​

RulePoliciesFlags
βœ‰οΈ dec-x-0c82d7751
βœ‰οΈ dec-x-0ef94ece1
βœ‰οΈ dec-x-2ac6c3021
βœ‰οΈ dec-x-02eed49a1
βœ‰οΈ dec-x-3cfa53061
βœ‰οΈ dec-x-6fc9c9491
βœ‰οΈ dec-x-9b3ad9c41
βœ‰οΈ dec-x-9b79d91f1
βœ‰οΈ dec-x-9c0416671
βœ‰οΈ dec-x-9dc820141
βœ‰οΈ dec-x-20c9ef831
βœ‰οΈ dec-x-24bba4831
βœ‰οΈ dec-x-36ced3d11
βœ‰οΈ dec-x-42eac3871
βœ‰οΈ dec-x-43f99d791
βœ‰οΈ dec-x-52ca19601
βœ‰οΈ dec-x-66cf8b151
βœ‰οΈ dec-x-88fa51c81
βœ‰οΈ dec-x-89d5ed7a1
βœ‰οΈ dec-x-351e376f1
βœ‰οΈ dec-x-611eaa351
βœ‰οΈ dec-x-1518c16e1
βœ‰οΈ dec-x-79579ed71
βœ‰οΈ dec-x-82388e101
βœ‰οΈ dec-x-9002886f1
βœ‰οΈ dec-x-a27f40931
βœ‰οΈ dec-x-a193b20f1
βœ‰οΈ dec-x-ab7fc52e1
βœ‰οΈ dec-x-b2ce0ca11
βœ‰οΈ dec-x-b05799ff1
βœ‰οΈ dec-x-b10287411
βœ‰οΈ dec-x-ba4c5b1c1
βœ‰οΈ dec-x-c4cc9ff51
βœ‰οΈ dec-x-c397d3ca2
βœ‰οΈ dec-x-d75f6d861
βœ‰οΈ dec-x-db1b7a1b1
βœ‰οΈ dec-x-dc359e591
βœ‰οΈ dec-x-e5c05d3e1
βœ‰οΈ dec-x-e6b90a421
βœ‰οΈ dec-x-e9ae2d3d1
βœ‰οΈ dec-x-e00143332
βœ‰οΈ dec-x-e29738211
βœ‰οΈ dec-x-f70dd11f1
βœ‰οΈ dec-z-3f480eb51
βœ‰οΈ dec-z-bc139af81