| 4.2.2.3 Ensure journald is configured to compress large log files | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1.3 Ensure journald is configured to compress large log files | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1.3 Ensure journald is configured to compress large log files | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1.3 Ensure journald is configured to compress large log files | CIS Debian 10 Server L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2.3 Ensure journald is configured to compress large log files | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2.3 Ensure journald is configured to compress large log files | CIS Rocky Linux 8 Server L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2.3 Ensure journald is configured to compress large log files | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.2.3 Ensure journald is configured to compress large log files | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1.2.3 Ensure journald Compress is configured | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.1.1.6 Ensure journald Compress is configured | CIS Debian Linux 11 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.2.3 Ensure journald Compress is configured | CIS SUSE Linux Enterprise 15 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.2.3 Ensure journald Compress is configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.2.3 Ensure journald Compress is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.2.3 Ensure journald Compress is configured | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-052710 - AlmaLinux OS 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-13-001029 - The macOS system must allocate audit record storage capacity to store at least seven days of audit records when audit records are not immediately sent to a central audit record storage facility. | DISA STIG Apple macOS 13 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001029 The macOS system must configure audit retention to seven days. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-004050 - The macOS system must configure install.log retention to 365. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000920 - The Cisco ASA must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA STIG Cisco ASA NDM v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| ESXI-70-000045 - The ESXi host must enable a persistent log location for all locally stored logs. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000110 - The FortiGate device must off-load audit records on to a different system or media than the system being audited. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| MADB-10-012400 - MariaDB must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| O19C-00-005700 - Oracle Database must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| OL08-00-030660 - OL 8 must allocate audit record storage capacity to store at least one week of audit records when audit records are not immediately sent to a central audit record storage facility. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000055 - The Photon operating system must configure auditd to keep five rotated log files. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000058 - The Photon operating system must configure auditd to keep five rotated log files. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030660 - RHEL 8 must allocate audit record storage capacity to store at least one week of audit records, when audit records are not immediately sent to a central audit record storage facility. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030690 - The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030700 - RHEL 8 must take appropriate action when the internal event queue is full. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030710 - RHEL 8 must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-652045 - RHEL 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-010580 - The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030800 - Audispd must take appropriate action when the SUSE operating system audit storage is full. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL2-00-010400 - SQL Server auditing configuration maximum file size must be configured to reduce the likelihood of storage capacity being exceeded, while meeting organization-defined auditing requirements - 'max_size' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-010500 - SQL Server auditing configuration maximum number of files must be configured to reduce the likelihood of storage capacity being exceeded, while meeting organization-defined auditing requirements - 'max_size' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| UBTU-24-100450 - Ubuntu 24.04 LTS audit event multiplexor must be configured to offload audit logs onto a different system or storage media from the system being audited. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900920 - Ubuntu 24.04 LTS must allocate audit record storage capacity to store at least one week's worth of audit records, when audit records are not immediately sent to a central audit record storage facility. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCFL-67-000027 - Rsyslog must be configured to monitor and ship vSphere Client log files - access | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLU-70-000027 - Lookup Service must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLU-80-000081 The vCenter Lookup service must offload log records onto a different system or media from the system being logged. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCPF-67-000026 - Performance Charts must properly configure log sizes and rotation - MaxBackupIndex | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCPF-70-000029 - Performance Charts must properly configure log sizes and rotation. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCPF-80-000081 The vCenter Perfcharts service must offload log records onto a different system or media from the system being logged. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCRP-70-000007 - Envoy (rhttpproxy) log files must be shipped via syslog to a central log server. | DISA STIG VMware vSphere 7.0 RhttpProxy v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCSA-70-000280 - The vCenter server must be configured to send events to a central log server. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | AUDIT AND ACCOUNTABILITY |
| VCSA-80-000280 - The vCenter server must be configured to send events to a central log server. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | AUDIT AND ACCOUNTABILITY |
| VCUI-70-000028 - vSphere UI must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000580 - The WebSphere Application Server must allocate JVM log record storage capacity in accordance with requirements - err | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000580 - The WebSphere Application Server must allocate JVM log record storage capacity in accordance with requirements - out | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WN22-AU-000010 - Windows Server 2022 audit records must be backed up to a different system or media than the system being audited. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
