| AOSX-13-000120 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| AOSX-14-001001 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| AOSX-15-001001 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-11-001001 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions. | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-11-001001 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-12-001001 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-13-001001 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all nonlocal maintenance and diagnostic sessions. | DISA STIG Apple macOS 13 v1r5 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-14-001001 The macOS system must be configured to audit all administrative action events. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| APPL-15-001001 - The macOS system must be configured to audit all administrative action events. | DISA Apple macOS 15 (Sequoia) STIG v1r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ARST-ND-000150 - The Arista network device must be configured to audit all administrator activity. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| ARST-ND-000150 - The Arista network device must be configured to audit all administrator activity. | DISA STIG Arista MLS EOS 4.x NDM v2r2 | Arista | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity. | DISA Cisco IOS Switch NDM STIG v3r5 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity. | DISA Cisco IOS XE Switch NDM STIG v3r4 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity. | DISA Cisco IOS XE Router NDM STIG v3r5 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| DKER-EE-003230 - An appropriate Docker Engine - Enterprise log driver plugin must be configured to collect audit events from Universal Control Plane (UCP) and Docker Trusted Registry (DTR). | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| Monterey - Configure System to Audit All Administrative Action Events | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| UBTU-16-020350 - The audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software - egid b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL |
| UBTU-18-010358 - The Ubuntu operating system must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL |
| WBSP-AS-000070 - The WebSphere Application Server security auditing must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| WBSP-AS-000070 - The WebSphere Application Server security auditing must be enabled. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| WBSP-AS-000070 - The WebSphere Application Server security auditing must be enabled. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| WN10-AU-000030 - The system must be configured to audit Account Management - Security Group Management successes. | DISA Microsoft Windows 10 STIG v3r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN10-AU-000035 - The system must be configured to audit Account Management - User Account Management failures. | DISA Microsoft Windows 10 STIG v3r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN10-AU-000040 - The system must be configured to audit Account Management - User Account Management successes. | DISA Microsoft Windows 10 STIG v3r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000017 - The system must be configured to audit Account Management - Security Group Management successes. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000017 - The system must be configured to audit Account Management - Security Group Management successes. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000019 - The system must be configured to audit Account Management - User Account Management successes. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000019 - The system must be configured to audit Account Management - User Account Management successes. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000020 - The system must be configured to audit Account Management - User Account Management failures. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000020 - The system must be configured to audit Account Management - User Account Management failures. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000031-DC - The system must be configured to audit DS Access - Directory Service Access successes. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000032-DC - The system must be configured to audit DS Access - Directory Service Access failures. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000035-DC - The system must be configured to audit DS Access - Directory Service Changes successes. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000207-DC - Active Directory Group Policy objects must be configured with proper audit settings. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000209-DC - The Active Directory Infrastructure object must be configured with proper audit settings. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000210-DC - The Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN16-AU-000170 - Windows Server 2016 must be configured to audit Detailed Tracking - Process Creation successes. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN16-AU-000360 - Windows Server 2016 must be configured to audit Privilege Use - Sensitive Privilege Use failures. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN16-DC-000170 - Active Directory Group Policy objects must be configured with proper audit settings. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN16-DC-000180 - The Active Directory Domain object must be configured with proper audit settings. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN16-DC-000210 - The Active Directory AdminSDHolder object must be configured with proper audit settings. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-AU-000280 - Windows Server 2019 must be configured to audit Policy Change - Authentication Policy Change successes. | DISA Microsoft Windows Server 2019 STIG v3r5 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-AU-000330 - Windows Server 2019 must be configured to audit System - IPsec Driver failures. | DISA Microsoft Windows Server 2019 STIG v3r5 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-AU-000350 - Windows Server 2019 must be configured to audit System - Other System Events failures. | DISA Microsoft Windows Server 2019 STIG v3r5 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-AU-000390 - Windows Server 2019 must be configured to audit System - System Integrity failures. | DISA Microsoft Windows Server 2019 STIG v3r5 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-DC-000180 - Windows Server 2019 Active Directory Domain object must be configured with proper audit settings. | DISA Microsoft Windows Server 2019 STIG v3r5 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-DC-000190 - Windows Server 2019 Active Directory Infrastructure object must be configured with proper audit settings. | DISA Microsoft Windows Server 2019 STIG v3r5 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-DC-000200 - Windows Server 2019 Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings. | DISA Microsoft Windows Server 2019 STIG v3r5 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-DC-000260 - Windows Server 2019 must be configured to audit DS Access - Directory Service Changes successes. | DISA Microsoft Windows Server 2019 STIG v3r5 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
