| 17.9.2 Ensure 'Audit Other System Events' is set to 'Success and Failure' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-14-001029 - The macOS system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit record storage facility. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001029 - The macOS system must allocate audit record storage capacity to store at least one week's worth of audit records when audit records are not immediately sent to a central audit record storage facility. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000710 - The Apache web server must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the Apache web server. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000980 - The Cisco router must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000980 - The Cisco switch must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000980 - The Cisco switch must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001450 - The Cisco switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO). | DISA Cisco NX OS Switch NDM STIG v3r3 | Cisco | AUDIT AND ACCOUNTABILITY |
| DB2X-00-007500 - DB2 must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| ESXI-65-000045 - The ESXi host must enable a persistent log location for all locally stored logs. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | AUDIT AND ACCOUNTABILITY |
| F5BI-DM-000191 - The BIG-IP appliance must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA F5 BIG-IP Device Management STIG v2r4 | F5 | AUDIT AND ACCOUNTABILITY |
| IIST-SI-000238 - The IIS 10.0 website must use a logging mechanism configured to allocate log record storage capacity large enough to accommodate the logging requirements of the IIS 10.0 website. | DISA IIS 10.0 Site v2r11 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000145 - The IIS 10.0 web server must use a logging mechanism configured to allocate log record storage capacity large enough to accommodate the logging requirements of the IIS 10.0 web server. | DISA IIS 10.0 Server v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SI-000238 - The IIS 8.5 website must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the IIS 8.5 website. | DISA IIS 8.5 Site v2r9 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SV-000145 - The IIS 8.5 web server must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the IIS 8.5 web server. | DISA IIS 8.5 Server v2r7 | Windows | AUDIT AND ACCOUNTABILITY |
| JBOS-AS-000735 - JBoss servers must be configured to roll over and transfer logs on a minimum weekly basis. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| MD3X-00-000620 - MongoDB must allocate audit record storage capacity in accordance with site audit record storage requirements. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000137 - The operating system must support the requirement to centrally manage the content of audit records generated by organization defined information system components. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-021330 - The Oracle Linux operating system must use a separate file system for the system audit data path large enough to hold at least one week of audit data. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030310 - The Oracle Linux operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030321 - The Oracle Linux operating system must be configured so that the audit system takes appropriate action when there is an error sending audit records to a remote system. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000129 - The Photon operating system must be configured to offload audit logs to a syslog server. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| PPS9-00-007900 - The EDB Postgres Advanced Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| RHEL-07-030320 - The Red Hat Enterprise Linux operating system must be configured so that the audit system takes appropriate action when the audit storage volume is full. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653120 - RHEL 9 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020020 - The SUSE operating system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit record storage facility. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010400 - The operating system must allocate audit record storage capacity. | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010410 - The operating system must configure auditing to reduce the likelihood of storage capacity being exceeded. | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010410 - The operating system must configure auditing to reduce the likelihood of storage capacity being exceeded. | DISA STIG Solaris 11 SPARC v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020020 - The Ubuntu operating system must allocate audit record storage capacity to store at least one weeks worth of audit records, when audit records are not immediately sent to a central audit record storage facility. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010008 - The Ubuntu operating system must have a crontab script running weekly to off-load audit events of standalone systems. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010314 - The Ubuntu operating system must allocate audit record storage capacity to store at least one weeks worth of audit records, when audit records are not immediately sent to a central audit record storage facility. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - firstboot | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - stdout | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-70-000008 - ESX Agent Manager application files must be verified for their integrity. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| VCLD-67-000014 - Rsyslog must be configured to monitor VAMI logs. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLD-70-000008 - The rsyslog must be configured to monitor VAMI logs. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCST-67-000008 - The Security Token Service application files must be verified for their integrity. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| VCST-70-000008 - The Security Token Service application files must be verified for their integrity. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| WN10-AU-000500 - The Application event log size must be configured to 32768 KB or greater. | DISA Microsoft Windows 10 STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-CC-000084 - The Application event log size must be configured to 32768 KB or greater. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-CC-000085 - The Security event log size must be configured to 196608 KB or greater. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-CC-000085 - The Security event log size must be configured to 196608 KB or greater. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN16-AU-000020 - Windows Server 2016 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| WN16-CC-000310 - The Security event log size must be configured to 196608 KB or greater. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| WN16-CC-000320 - The System event log size must be configured to 32768 KB or greater. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| WN19-CC-000270 - Windows Server 2019 Application event log size must be configured to 32768 KB or greater. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN19-CC-000280 - Windows Server 2019 Security event log size must be configured to 196608 KB or greater. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN19-CC-000290 - Windows Server 2019 System event log size must be configured to 32768 KB or greater. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
