| 5.2.4.1 Ensure the audit log directory is 0750 or more restrictive | CIS Oracle Linux 8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.1 Ensure the audit log directory is 0750 or more restrictive | CIS Oracle Linux 8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.1 Ensure the audit log directory is 0750 or more restrictive | CIS Red Hat EL8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.1 Ensure the audit log file directory mode is configured | CIS Rocky Linux 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.1 Ensure the audit log file directory mode is configured | CIS Oracle Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.1 Ensure the audit log file directory mode is configured | CIS SUSE Linux Enterprise 15 v2.0.1 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.1 Ensure the audit log file directory mode is configured | CIS SUSE Linux Enterprise 15 v2.0.1 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 8.1.18 Make the Audit Configuration Immutable | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-054030 - AlmaLinux OS 9 audit system must take appropriate action when an error writing to the audit storage volume occurs. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001010 The macOS system must configure system to shut down upon audit failure. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-001010 - The macOS system must be configured to shut down upon audit failure. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure System to Shut Down Upon Audit Failure | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure System to Shut Down Upon Audit Failure | NIST macOS Catalina v1.5.0 - 800-171 | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure System to Shut Down Upon Audit Failure | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure System to Shut Down Upon Audit Failure | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure System to Shut Down Upon Audit Failure | NIST macOS Catalina v1.5.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| CD12-00-011200 - PostgreSQL must protect its audit features from unauthorized removal. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| EPAS-00-003000 - The EDB Postgres Advanced Server must protect its audit configuration from unauthorized modification. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| EPAS-00-003100 - The EDB Postgres Advanced Server must protect its audit features from unauthorized removal. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure System to Shut Down Upon Audit Failure | NIST macOS Monterey v1.0.0 - 800-171 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-910055 - The Oracle Linux operating system must protect audit information from unauthorized read, modification, or deletion. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| PHTN-30-000051 - The Photon operating system package files must not be modified. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-40-000026 The Photon operating system must protect audit logs from unauthorized access. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000053 - The Photon operating system package files must not be modified. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PPS9-00-003000 - The EDB Postgres Advanced Server must protect its audit configuration from unauthorized modification. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030020 - The RHEL 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030030 - The RHEL 8 Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030090 - RHEL 8 audit logs must be group-owned by root to prevent unauthorized read access. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030110 - RHEL 8 audit log directory must be group-owned by root to prevent unauthorized read access. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030120 - RHEL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030122 - RHEL 8 audit system must protect logon UIDs from unauthorized change. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-232035 - RHEL 9 audit tools must have a mode of 0755 or less permissive. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653125 - RHEL 9 must have mail aliases to notify the information system security officer (ISSO) and system administrator (SA) (at a minimum) in the event of an audit processing failure. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL4-00-013900 - Audit tools used in, or in conjunction with, SQL Server must be protected from unauthorized access. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020110 - Audit logs must be owned by root to prevent unauthorized read access. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020140 - Audit log directory must be group-owned by root to prevent unauthorized read access. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010300 - The Ubuntu operating system must alert the ISSO and SA (at a minimum) in the event of an audit processing failure. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010423 - The Ubuntu operating system must have directories that contain system commands set to a mode of 0755 or less permissive. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010425 - The Ubuntu operating system must have directories that contain system commands group-owned by root. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-232040 - Ubuntu 22.04 LTS must have directories that contain system commands owned by "root". | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-653025 - Ubuntu 22.04 LTS must alert the information system security officer (ISSO) and system administrator (SA) in the event of an audit processing failure. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900980 - Ubuntu 24.04 LTS must alert the system administrator (SA) and information system security officer (ISSO) (at a minimum) in the event of an audit processing failure. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901230 - Ubuntu 24.04 LTS must configure audit tools with a mode of "0755" or less permissive. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901240 - Ubuntu 24.04 LTS must configure audit tools to be owned by root. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901250 - Ubuntu 24.04 LTS must configure the audit tools to be group-owned by root. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901270 - Ubuntu 24.04 LTS must have directories that contain system commands owned by root. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901280 - Ubuntu 24.04 LTS must have directories that contain system commands group-owned by root. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901310 - Ubuntu 24.04 LTS must be configured to permit only authorized users ownership of the audit log files. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCWN-65-000036 - The vCenter Server for Windows must produce audit records containing information to establish what type of events occurred. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| WN22-DC-000200 - Windows Server 2022 Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
