AU-3: Content Of Audit Records

Generated

2019-05-20 15:48:11.984914

Status

Failed

Statements

The information system generates audit records containing information that establishes what type of event occurred, when the event occurred, where the event occurred, the source of the event, the outcome of the event, and the identity of any individuals or subjects associated with the event.

STIG

STIG # Description Result
V-72843 PostgreSQL must produce audit records containing sufficient information to establish the outcome (success or failure) of the events. failed
V-72903 PostgreSQL must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject. skipped
V-72909 PostgreSQL must utilize centralized management of the content captured in audit records generated by all components of PostgreSQL. failed
V-73005 PostgreSQL must produce audit records containing sufficient information to establish the sources (origins) of the events. passed
V-73033 PostgreSQL must produce audit records containing sufficient information to establish what type of events occurred. passed
V-73041 PostgreSQL must produce audit records containing time stamps to establish when the events occurred. passed
V-73123 PostgreSQL must produce audit records containing sufficient information to establish where the events occurred. passed

Additional Guidance

Audit record content that may be necessary to satisfy the requirement of this control, includes, for example, time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, filenames involved, and access control or flow control rules invoked. Event outcomes can include indicators of event success or failure and event-specific results (e.g., the security state of the information system after the event occurred).