| 1.1.2.7.1 Ensure separate partition exists for /var/log/audit | CIS CentOS Linux 7 v4.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.2.7.1 Ensure separate partition exists for /var/log/audit | CIS AlmaLinux OS 8 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure augenrules is enabled | CIS CentOS 6 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure augenrules is enabled | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.18 Ensure the audit configuration is immutable | CIS Amazon Linux v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 5.4.1.1 Ensure password expiration is 365 days or less - login.defs | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.2 Ensure password expiration is 365 days or less | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.1 Ensure password expiration is 365 days or less | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.1.2 (L1) Ensure mailbox audit actions are configured | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
| Audit Computer Account Management | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Sensitive Privilege Use | MSCT Windows 10 v1507 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Sensitive Privilege Use | MSCT Windows Server 2016 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| DB2X-00-004510 - Applications using the database must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | IDENTIFICATION AND AUTHENTICATION |
| EP11-00-005700 - The EDB Postgres Advanced Server must protect the confidentiality and integrity of all information at rest. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| EP11-00-008400 - The EDB Postgres Advanced Server must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| EP11-00-009300 - The EDB Postgres Advanced Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-009500 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-013200 - The EDB Postgres Advanced Server must be configured on a platform that has a NIST certified FIPS 140-2 or 140-3 installation of OpenSSL. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| O112-N1-015601 - Applications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| O121-N1-015601 - Applications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | DISA STIG Oracle 12c v3r2 Database | OracleDB | CONFIGURATION MANAGEMENT |
| SQL4-00-011300 - Where SQL Server Trace is in use for auditing purposes, SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be traced. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-011410 - Where SQL Server Audit is in use, SQL Server must generate audit records when privileges/permissions are retrieved. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-011900 - SQL Server must produce Trace or Audit records containing sufficient information to establish when the events occurred. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-012000 - SQL Server must produce Trace or Audit records containing sufficient information to establish where the events occurred. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-012400 - SQL Server must include organization-defined additional, more detailed information in Trace or Audit records for events identified by type, location, or subject. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-016835 - SQL Server must have the Data Quality Services software component removed if it is unused. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-017000 - Unused database components that are integrated in SQL Server and cannot be uninstalled must be disabled. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-017410 - SQL Server must be configured to prohibit or restrict the use of unauthorized network ports. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-018400 - SQL Server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users) - or processes acting on behalf of organizational users. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| SQL4-00-024500 - The Service Master Key must be backed up, stored offline and off-site. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL4-00-030300 - SQL Server authentication and identity management must be integrated with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | ACCESS CONTROL |
| SQL4-00-030700 - The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to SQL Server, etc.) must be restricted to authorized users - s used to modify database structure and logic modules must be restricted to authorized users. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-034000 - SQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s) - APPLICATION_ROLE_CHANGE_PASSWORD_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-034000 - SQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s) - AUDIT_CHANGE_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-034000 - SQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s) - DATABASE_OPERATION_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-034000 - SQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s) - DBCC_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-034000 - SQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s) - Event ID 104 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-034000 - SQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s) - Event ID 111 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-034000 - SQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s) - Event ID 116 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-034000 - SQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s) - Event ID 117 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-034000 - SQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s) - Event ID 131 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-034000 - SQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s) - Event ID 133 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL4-00-039010 - Applications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| WN10-AU-000585 - Windows 10 must have command line process auditing events enabled for failures. | DISA Microsoft Windows 10 STIG v3r4 | Windows | ACCESS CONTROL |
| WN11-AU-000060 - The system must be configured to audit Logon/Logoff - Group Membership successes. | DISA Microsoft Windows 11 STIG v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| WN16-AU-000160 - Windows Server 2016 must be configured to audit Detailed Tracking - Plug and Play Events successes. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| WN19-AU-000130 - Windows Server 2019 must be configured to audit Detailed Tracking - Plug and Play Events successes. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN19-AU-000170 - Windows Server 2019 must be configured to audit Logon/Logoff - Group Membership successes. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
