| 2.5.14.3.24 (L1) Ensure 'Prevent users from customizing attachment security settings' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.1 Set cmdlets 'Turn on Administrator Audit Logging' to 'True' | CIS Microsoft Exchange Server 2013 UM v1.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.1 Set cmdlets 'Turn on Administrator Audit Logging' to 'True' | CIS Microsoft Exchange Server 2016 UM v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.4 Set 'Turn on Administrator Audit Logging' to 'True' | CIS Microsoft Exchange Server 2016 CAS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.4 Set 'Turn on Administrator Audit Logging' to 'True' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.11 Set mailbox 'Turn on Administrator Audit Logging' to 'True' | CIS Microsoft Exchange Server 2016 UM v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.11 Set mailbox 'Turn on Administrator Audit Logging' to 'True' | CIS Microsoft Exchange Server 2013 UM v1.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 6.2 (L1) Ensure 'Account Logon Logoff Audit Account Lockout' is set to include 'Failure' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.2 (L1) Ensure 'Account Logon Logoff Audit Account Lockout' is set to include 'Failure' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.3 (L1) Ensure 'Account Logon Logoff Audit Group Membership' is set to include 'Success' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.5 (L1) Ensure 'Account Logon Logoff Audit Logon' is set to 'Success and Failure' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.14 (L1) Ensure 'Audit Special Logon' is set to include 'Success' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.15 (L1) Ensure 'Audit User Account Management' is set to 'Success and Failure' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.16 (L1) Ensure 'Detailed Tracking Audit PNP Activity' is set to include 'Success' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.17 (L1) Ensure 'Detailed Tracking Audit Process Creation' is set to include 'Success' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.18 (L1) Ensure 'Object Access Audit Detailed File Share' is set to include 'Failure' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.22 (L1) Ensure 'Policy Change Audit Other Policy Change Events' is set to include 'Failure' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.24 (L1) Ensure 'System Audit I Psec Driver' is set to 'Success and Failure' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.25 (L1) Ensure 'System Audit Other System Events' is set to 'Success and Failure' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.27 (L1) Ensure 'System Audit System Integrity' is set to 'Success and Failure' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.3.6 (L1) Ensure 'Extended Protection for LDAP Authentication (Domain Controllers only)' is set to 'Enabled: Enabled, always (recommended)' (DC Only) | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| ALMA-09-056890 - AlmaLinux OS 9 must use cryptographic mechanisms to protect the integrity of audit tools. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| CIS_MS_Windows_Server_2008_R2_DC_Level_1_v3.3.1.audit from CIS MS Windows Server 2008 R2 Benchmark v3.3.1 | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | |
| CIS_MS_Windows_Server_2008_R2_DC_Level_2_v3.3.1.audit from CIS MS Windows Server 2008 R2 Benchmark v3.3.1 | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1 | Windows | |
| CIS_MS_Windows_Server_2008_R2_MS_Level_2_v3.3.1.audit from CIS MS Windows Server 2008 R2 Benchmark v3.3.1 | CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1 | Windows | |
| O365-OU-000008 - Outlook must be configured to prevent users overriding attachment security settings. | DISA STIG Microsoft Office 365 ProPlus v3r3 | Windows | ACCESS CONTROL |
| OL08-00-030070 - OL 8 audit logs must have a mode of "0600" or less permissive to prevent unauthorized read access. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030080 - OL 8 audit logs must be owned by root to prevent unauthorized read access. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030090 - OL 8 audit logs must be group-owned by root to prevent unauthorized read access. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030100 - The OL 8 audit log directory must be owned by root to prevent unauthorized read access. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030110 - The OL 8 audit log directory must be group-owned by root to prevent unauthorized read access. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030120 - The OL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-40-000026 The Photon operating system must protect audit logs from unauthorized access. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030090 - RHEL 8 audit logs must be group-owned by root to prevent unauthorized read access. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030100 - RHEL 8 audit log directory must be owned by root to prevent unauthorized read access. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030110 - RHEL 8 audit log directory must be group-owned by root to prevent unauthorized read access. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030120 - RHEL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000370 - Splunk Enterprise must enforce password complexity for the account of last resort by requiring that at least one special character be used. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-020100 - Audit log directories must have a mode of 0750 or less permissive to prevent unauthorized read access. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020110 - Audit logs must be owned by root to prevent unauthorized read access. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020130 - Audit log directory must be owned by root to prevent unauthorized read access. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020140 - Audit log directory must be group-owned by root to prevent unauthorized read access. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010123 - The Ubuntu operating system must be configured to permit only authorized users ownership of the audit log files. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010124 - The Ubuntu operating system must permit only authorized groups ownership of the audit log files. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-653050 - Ubuntu 22.04 LTS must be configured to permit only authorized users ownership of the audit log files. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-653055 - Ubuntu 22.04 LTS must permit only authorized groups ownership of the audit log files. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901310 - Ubuntu 24.04 LTS must be configured to permit only authorized users ownership of the audit log files. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901350 - Ubuntu 24.04 LTS must permit only authorized groups ownership of the audit log files. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
