AU-12: Audit Generation
Generated
2019-04-12 13:01:48.067729
Status
Failed
Statements
The information system:
Code | Description |
---|---|
AU-12a. | Provides audit record generation capability for the auditable events defined in AU-2 a. at [Assignment: organization-defined information system components]; |
AU-12b. | Allows [Assignment: organization-defined personnel or roles] to select which auditable events are to be audited by specific components of the information system; and |
AU-12c. | Generates audit records for the events defined in AU-2 d. with the content defined in AU-3. |
STIG
STIG # | Description | Result |
---|---|---|
V-72891 | PostgreSQL must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | passed |
V-72919 | PostgreSQL must generate audit records when categorized information (e.g., classification levels/security levels) is accessed. | failed |
V-72921 | PostgreSQL must generate audit records when unsuccessful attempts to access security objects occur. | failed |
V-72923 | PostgreSQL must generate audit records when unsuccessful logons or connection attempts occur. | passed |
V-72925 | PostgreSQL must generate audit records showing starting and ending time for user access to the database(s). | passed |
V-72927 | PostgreSQL must generate audit records when unsuccessful attempts to modify security objects occur. | failed |
V-72929 | PostgreSQL must generate audit records when privileges/permissions are added. | failed |
V-72931 | PostgreSQL must generate audit records when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur. | failed |
V-72933 | PostgreSQL must generate audit records when successful logons or connections occur. | passed |
V-72939 | PostgreSQL must generate audit records when security objects are deleted. | passed |
V-72941 | PostgreSQL must generate audit records when unsuccessful attempts to retrieve privileges/permissions occur. | failed |
V-72945 | PostgreSQL must generate audit records when unsuccessful attempts to delete privileges/permissions occur. | passed |
V-72947 | PostgreSQL must be able to generate audit records when privileges/permissions are retrieved. | failed |
V-72949 | PostgreSQL must generate audit records when unsuccessful attempts to modify categorized information (e.g., classification levels/security levels) occur. | failed |
V-72951 | PostgreSQL must generate audit records when unsuccessful accesses to objects occur. | failed |
V-72953 | PostgreSQL must generate audit records for all privileged activities or other system-level access. | failed |
V-72955 | PostgreSQL must generate audit records when unsuccessful attempts to access categorized information (e.g., classification levels/security levels) occur. | failed |
V-72957 | PostgreSQL must be able to generate audit records when security objects are accessed. | failed |
V-72959 | PostgreSQL must generate audit records when privileges/permissions are deleted. | failed |
V-72961 | PostgreSQL must generate audit records when concurrent logons/connections by the same user from different workstations occur. | passed |
V-72963 | PostgreSQL must generate audit records when unsuccessful attempts to delete security objects occur. | failed |
V-72965 | PostgreSQL must generate audit records when privileges/permissions are modified. | passed |
V-72969 | PostgreSQL must generate audit records when unsuccessful attempts to execute privileged activities or other system-level access occur. | passed |
V-72971 | PostgreSQL must generate audit records when security objects are modified. | failed |
V-72973 | PostgreSQL must generate audit records when categorized information (e.g., classification levels/security levels) is modified. | failed |
V-72975 | PostgreSQL must generate audit records when unsuccessful attempts to modify privileges/permissions occur. | failed |
V-72977 | PostgreSQL must generate audit records when unsuccessful attempts to add privileges/permissions occur. | passed |
V-72983 | PostgreSQL must provide audit record generation capability for DoD-defined auditable events within all DBMS/database components. | skipped |
V-73025 | PostgreSQL must provide the means for individuals in authorized roles to change the auditing to be performed on all application components, based on all selectable event criteria within organization-defined time thresholds. | passed |
V-73065 | Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted. | failed |
V-73067 | PostgreSQL must generate audit records when successful accesses to objects occur. | failed |
V-73069 | PostgreSQL must generate audit records for all direct access to the database(s). | passed |
Additional Guidance
Audit records can be generated from many different information system components. The list of audited events is the set of events for which audits are to be generated. These events are typically a subset of all events for which the information system is capable of generating audit records.