| 1.1.2.7.4 Ensure noexec option set on /var/log/audit partition | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.7.4 Ensure noexec option set on /var/log/audit partition | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.7.4 Ensure noexec option set on /var/log/audit partition | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.7.4 Ensure noexec option set on /var/log/audit partition | CIS Oracle Linux 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.7.4 Ensure noexec option set on /var/log/audit partition | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.7.4 Ensure noexec option set on /var/log/audit partition | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.7.4 Ensure noexec option set on /var/log/audit partition | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.7.4 Ensure noexec option set on /var/log/audit partition | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.7.4 Ensure noexec option set on /var/log/audit partition | CIS Oracle Linux 8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.6.2 Ensure noexec option set on /var/log/audit partition | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.6.2 Ensure noexec option set on /var/log/audit partition | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.6.3 Ensure noexec option set on /var/log/audit partition | CIS Debian 10 Server L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.5 Audit docker daemon | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.3 Ensure system is disabled when audit logs are full | CIS Fedora 28 Family Linux Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.15 Ensure all uses of the passwd command are audited. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.18 Ensure audit all uses of chage | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.19 Ensure audit all uses of the chsh command. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.20 Ensure audit the umount command | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.21 Ensure audit of postdrop command | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.36 Ensure audit of the userhelper command | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS Debian 10 Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS Amazon Linux 2023 Server L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS Ubuntu Linux 20.04 LTS Workstation L2 v2.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.6 Ensure ALL Events are Audited - audit_log_user | CIS MySQL 5.7 Enterprise Database L2 v2.0.0 | MySQLDB | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| AOSX-13-000305 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-14-001030 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-13-001030 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple macOS 13 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| Audit Account Lockout | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Account Lockout | MSCT Windows 10 v1507 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Credential Validation | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Credential Validation | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Credential Validation | MSCT Windows Server 2016 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Other System Events | MSCT Windows Server 2016 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Other System Events | MSCT Windows 10 v1507 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit PNP Activity | MSCT Windows 10 v1507 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Process Creation | MSCT Windows Server 2016 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Removable Storage | MSCT Windows Server 2016 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Security State Change | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Special Logon | MSCT Windows Server 2016 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000330 - The Cisco switch must be configured to generate audit records containing the full-text recording of privileged commands. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| DB2X-00-011800 - DB2 must generate audit records showing starting and ending time for user access to the database(s) - CONTEXT | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| EX13-CA-000065 - Exchange must have Audit data protected against unauthorized read access. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| EX13-MB-000060 - Exchange must protect audit data against unauthorized read access. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| EX13-MB-000070 - Exchange must protect audit data against unauthorized access. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| EX16-MB-000140 - Exchange must protect audit data against unauthorized access. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000100 - The FortiGate device must generate audit records containing the full-text recording of privileged commands. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| GEN002740 - The audit system must be configured to audit file deletions - '/etc/security/audit/events FILE_Unlink exists' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002740 - The audit system must be configured to audit file deletions - 'User audit class assignments should be reviewed' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020030 - The SUSE operating system auditd service must notify the System Administrator (SA) and Information System Security Officer (ISSO) immediately when audit storage capacity is 75 percent full. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
