| 1.4.1 Enable logging | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.4.3 Set 'logging console critical' | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.9.1.1 Ensure 'NTP authentication' is enabled | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.9.1.2 Ensure 'NTP authentication key' is configured correctly | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.1 Set 'logging enable' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.2.3 Set 'logging console critical' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.3.11.11 (L1) Ensure 'Network security: Restrict NTLM: Audit Incoming NTLM Traffic' is set to 'Enable auditing for all accounts' | CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server | Windows | AUDIT AND ACCOUNTABILITY |
| 2.3.11.11 Ensure 'Network security: Restrict NTLM: Audit Incoming NTLM Traffic' is set to 'Enable auditing for all accounts' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | AUDIT AND ACCOUNTABILITY |
| 2.3.11.12 (L1) Ensure 'Network security: Restrict NTLM: Audit Incoming NTLM Traffic' is set to 'Enable auditing for all accounts' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 2.3.11.13 (L1) Ensure 'Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers' is set to 'Audit all' or higher | CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller | Windows | AUDIT AND ACCOUNTABILITY |
| 2.3.11.13 (L1) Ensure 'Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers' is set to 'Audit all' or higher | CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server | Windows | AUDIT AND ACCOUNTABILITY |
| 3.1.11 Ensure syslog messages are not suppressed | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.12 Ensure syslog messages are not lost due to size | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.2.2 Ensure that the audit policy covers key security concerns | CIS Kubernetes v1.10.0 L2 Master | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1 Ensure 'Receive connector: Configure protocol logging' is set to 'Verbose' | CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl init_module | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl insmod | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - modprobe | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - rmmod | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS Debian 10 Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS Debian 10 Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS Ubuntu Linux 20.04 LTS Workstation L2 v2.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1.4 Ensure 'AuditBypassEnabled' is not enabled on mailboxes | CIS Microsoft 365 Foundations E3 L1 v3.1.0 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
| 6.2.2 Ensure That the 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On' | CIS Google Cloud Platform v3.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 6.2.2.4 Ensure system warns when audit logs are low on space | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.2.4 Ensure system warns when audit logs are low on space | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.2.4 Ensure system warns when audit logs are low on space | CIS Debian Linux 12 v1.1.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.2.4 Ensure system warns when audit logs are low on space | CIS Debian Linux 12 v1.1.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.5 Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning' | CIS Google Cloud Platform v3.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 6.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
| 6.2.9 Ensure that Activity Log Alert exists for Create or Update Public IP Address rule | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
| 6.3.2.4 Ensure system warns when audit logs are low on space | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.2.4 Ensure system warns when audit logs are low on space | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.4.2.4 Ensure system warns when audit logs are low on space | CIS Debian Linux 11 v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.4.2.4 Ensure system warns when audit logs are low on space | CIS Debian Linux 11 v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.5 Ensure Audit Filters Capture Connection Attempts - audit_log_user | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.5 Ensure Audit Filters Capture Connection Attempts - Legacy Audit Mode | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.7 Set audit_log_strategy to SYNCHRONOUS or SEMISYNCRONOUS | CIS Oracle MySQL Enterprise Edition 8.0 v1.4.0 L2 Database | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web application | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web application | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists inin default | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in default | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in default | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in default | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web application | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web application | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.3 Ensure className is set correctly in context.xml | CIS Apache Tomcat 10 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
