| 1.1.16 Ensure that the --audit-log-path argument is set as appropriate | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.37 Ensure that the AdvancedAuditing argument is not set to false - audit-policy-file parameter | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.7 Ensure auditing is configured for Docker files and directories - /etc/docker | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
| 1.54 WN10-AU-000005 | CIS Microsoft Windows 10 STIG v1.0.0 CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.61 WN10-AU-000054 | CIS Microsoft Windows 10 STIG v1.0.0 CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.64 WN16-AU-000080 | CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.65 WN10-AU-000075 | CIS Microsoft Windows 10 STIG v1.0.0 CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.65 WN16-AU-000100 | CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.66 WN10-AU-000080 | CIS Microsoft Windows 10 STIG v1.0.0 CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.68 WN16-AU-000150 | CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.69 WN10-AU-000083 | CIS Microsoft Windows 10 STIG v1.0.0 CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.73 WN16-AU-000250 | CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.78 WN10-AU-000120 | CIS Microsoft Windows 10 STIG v1.0.0 CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.78 WN16-AU-000286 | CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.81 WN16-AU-000310 | CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.82 WN16-AU-000320 | CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.90 WN19-AU-000350 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.91 WN16-AU-000410 | CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.92 WN10-AU-000560 | CIS Microsoft Windows 10 STIG v1.0.0 CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.94 WN16-AU-000450 | CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure auditing for processes that start prior to auditd is enabled - '/boot/grub/grub.cfg' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - '/etc/localtime' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - 'auditctl adjtimex (64-bit)' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - 'auditctl clock_settime' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - '/etc/gshadow' | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - '/etc/passwd' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - 'auditctl /etc/gshadow' | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - 32b sethostname | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - 64b sethostname | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl 64b sethostname | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl issue.net | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - 'auditctl chmod (64-bit)' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - 'chmod' (64-bit) | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - 'setxattr' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl b64 | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - b64 chmod/fchmod/fchmodat | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - b64 setxattr/lsetxattr/fsetxattr/removexattr | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - setxattr/lsetxattr/fsetxattr/removexattr | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - 'auditctl EPERM (64-bit)' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - 'EPERM' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - b64 EACCES | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.12 Ensure use of privileged commands is collected | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure successful file system mounts are collected - 'auditctl mounts' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.15 Ensure changes to system administration scope (sudoers) is collected - '/etc/sudoers' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '/sbin/rmmod' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - '32bit' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl 32-bit' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - 'auditctl 64-bit' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.2 Configure a Logging File Channel - category security | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | AUDIT AND ACCOUNTABILITY |
| 8.2 Configure a Logging File Channel - category xfer-in | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | AUDIT AND ACCOUNTABILITY |
