| AOSX-15-001044 - The macOS system must generate audit records for DoD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001002 - The macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur. | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| APPL-11-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system - fm | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| APPL-11-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system - fw | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| APPL-13-001002 - The macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| JUSX-DM-000041 - The Juniper SRX Services Gateway must generate log records when changes are made to administrator privileges. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| OL07-00-030410 - The Oracle Linux operating system must audit all uses of the chmod, fchmod, and fchmodat syscalls. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000186 - The audit system must be configured to audit all discretionary access control permission modifications using fchmod - auid=0 32 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000186 - The audit system must be configured to audit all discretionary access control permission modifications using fchmod - auid=0 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000187 - The audit system must be configured to audit all discretionary access control permission modifications using fchmodat - auid=0 32 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000187 - The audit system must be configured to audit all discretionary access control permission modifications using fchmodat - auid=0 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000187 - The audit system must be configured to audit all discretionary access control permission modifications using fchmodat - auid>=500 32 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000188 - The audit system must be configured to audit all discretionary access control permission modifications using fchown - auid=0 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000189 - The audit system must be configured to audit all discretionary access control permission modifications using fchownat - auid>=500 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000190 - The audit system must be configured to audit all discretionary access control permission modifications using fremovexattr - auid=0 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000192 - The audit system must be configured to audit all discretionary access control permission modifications using lchown - auid=0 64 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000193 - The audit system must be configured to audit all discretionary access control permission modifications using lremovexattr - auid>=500 32 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000199 - The audit system must be configured to audit successful file system mounts - auid=0 32 bit | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-030819 - The Red Hat Enterprise Linux operating system must audit all uses of the create_module syscall. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-030840 - The Red Hat Enterprise Linux operating system must audit all uses of the kmod command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010120 - The operating system must generate audit records for the selected list of auditable events as defined in DoD list of events. | DISA STIG Solaris 11 SPARC v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037700 - SQL Server must generate Trace or Audit records for all privileged activities or other system-level access - SERVER_OBJECT_CHANGE_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037700 - SQL Server must generate Trace or Audit records for all privileged activities or other system-level access - SERVER_OBJECT_PERMISSION_CHANGE_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037700 - SQL Server must generate Trace or Audit records for all privileged activities or other system-level access - SERVER_PERMISSION_CHANGE_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037700 - SQL Server must generate Trace or Audit records for all privileged activities or other system-level access - SERVER_PRINCIPAL_IMPERSONATION_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037800 - SQL Server must generate Trace or Audit records when unsuccessful attempts to execute privileged activities or other system-level access occur - DATABASE_OWNERSHIP_CHANGE_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037800 - SQL Server must generate Trace or Audit records when unsuccessful attempts to execute privileged activities or other system-level access occur - Event ID 83 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037800 - SQL Server must generate Trace or Audit records when unsuccessful attempts to execute privileged activities or other system-level access occur - Event ID 91 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037800 - SQL Server must generate Trace or Audit records when unsuccessful attempts to execute privileged activities or other system-level access occur - Event ID 170 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037800 - SQL Server must generate Trace or Audit records when unsuccessful attempts to execute privileged activities or other system-level access occur - Event ID 173 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037800 - SQL Server must generate Trace or Audit records when unsuccessful attempts to execute privileged activities or other system-level access occur - SCHEMA_OBJECT_ACCESS_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037800 - SQL Server must generate Trace or Audit records when unsuccessful attempts to execute privileged activities or other system-level access occur - SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037800 - SQL Server must generate Trace or Audit records when unsuccessful attempts to execute privileged activities or other system-level access occur - SERVER_OBJECT_CHANGE_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037800 - SQL Server must generate Trace or Audit records when unsuccessful attempts to execute privileged activities or other system-level access occur - SERVER_PERMISSION_CHANGE_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037800 - SQL Server must generate Trace or Audit records when unsuccessful attempts to execute privileged activities or other system-level access occur - SUCCESSFUL_LOGIN_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037900 - SQL Server must generate Trace or Audit records when logoffs or disconnections occur - Event ID 17 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037900 - SQL Server must generate Trace or Audit records when logoffs or disconnections occur - LOGOUT_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037900 - SQL Server must generate Trace or Audit records when logoffs or disconnections occur. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-038000 - SQL Server must generate Trace or Audit records when concurrent logons/connections by the same user from different workstations occur - SUCCESSFUL_LOGIN_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-013200 - SQL Server must generate audit records when successful and unsuccessful attempts to access categorized information (e.g., classification levels/security levels) occur. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-014800 - SQL Server must generate audit records when successful and unsuccessful logons or connection attempts occur. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-014900 - SQL Server must generate audit records for all privileged activities or other system-level access. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-015200 - SQL Server must generate audit records when concurrent logons/connections by the same user from different workstations occur. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| WBLC-01-000030 - Oracle WebLogic must provide access logging that ensures users who are granted a privileged role (or roles) have their privileged activity logged. | Oracle WebLogic Server 12c Linux v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000069 - Oracle WebLogic must generate audit records for the DoD-selected list of auditable events - HTTP Access Log | Oracle WebLogic Server 12c Linux v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000005 - The system must be configured to audit Account Logon - Credential Validation failures. | DISA Microsoft Windows 10 STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000084 - Windows 10 must be configured to audit Object Access - Other Object Access Events failures. | DISA Microsoft Windows 10 STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000107 - The system must be configured to audit Policy Change - Authorization Policy Change successes. | DISA Microsoft Windows 10 STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000059 - The system must be configured to audit Object Access - Central Access Policy Staging successes. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000103 - The system must be configured to audit System - IPsec Driver successes. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
