| 4.1 Create CIS Audit Class | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 4.1 Create CIS Audit Class | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.18 Ensure the audit configuration is immutable | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.19 Ensure the audit configuration is immutable | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.19 Ensure 'AUDIT_VIEWER' Is Revoked From Unauthorized 'GRANTEE' | CIS Oracle Database 23ai v1.0.0 L1 RDBMS | OracleDB | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1.1 Disable the Audit Buffer | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.18 Make the Audit Configuration Immutable | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| AIX7-00-002014 - Audit logs on the AIX system must be group-owned by system. | DISA STIG AIX 7.x v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| AIX7-00-002015 - Audit logs on the AIX system must be set to 660 or less permissive. | DISA STIG AIX 7.x v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| AIX7-00-002027 - AIX audit tools must be set to 4550 or less permissive. | DISA STIG AIX 7.x v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-056340 - AlmaLinux OS 9 audit tools must be owned by root. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000970 - The Apache web server must alert the ISSO and SA (at a minimum) in the event of an audit processing failure. | DISA STIG Apache Server 2.4 Windows Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| Big Sur - Alert Audit Processing Failure | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Alert Audit Processing Failure | NIST macOS Catalina v1.5.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure System to Shut Down Upon Audit Failure | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure System to Shut Down Upon Audit Failure | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | AUDIT AND ACCOUNTABILITY |
| CD12-00-010700 - PostgreSQL must protect its audit features from unauthorized access. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| CIS_DC_SERVER_2012_Level_2_v3.0.0.audit from CIS Security Benchmark For Microsoft Windows Server 2012 DC Level 2 | CIS Windows Server 2012 DC L2 v3.0.0 | Windows | |
| CIS_MS_SERVER_2012_Level_1_v3.0.0.audit from CIS Security Benchmark For Microsoft Windows Server 2012 MS Level 1 | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | |
| CISC-ND-000380 - The Cisco switch must be configured to protect audit information from unauthorized modification. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000380 - The Cisco switch must be configured to protect audit information from unauthorized modification. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000390 - The Cisco router must be configured to protect audit information from unauthorized deletion. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000390 - The Cisco switch must be configured to protect audit information from unauthorized deletion. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| DB2X-00-002500 - DB2 must protect its audit features from unauthorized access | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| DISA_STIG_Server_2012_and_2012_R2_MS_v3r7.audit from DISA Microsoft Windows Server 2012/2012 R2 Member Server v3r7 STIG | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | |
| EPAS-00-002800 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized deletion. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| F5BI-LT-000061 - The BIG-IP Core implementation must be configured to protect audit tools from unauthorized access. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | AUDIT AND ACCOUNTABILITY |
| F5BI-LT-000063 - The BIG-IP Core implementation must be configured to protect audit tools from unauthorized modification. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | AUDIT AND ACCOUNTABILITY |
| F5BI-LT-000065 - The BIG-IP Core implementation must be configured to protect audit tools from unauthorized deletion. | DISA F5 BIG-IP Local Traffic Manager STIG v2r4 | F5 | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000140 - The FortiGate device must protect audit tools from unauthorized modification. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| MADB-10-002300 - MariaDB must protect its audit features from unauthorized access. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MADB-10-002400 - MariaDB must protect its audit configuration from unauthorized modification. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MD7X-00-002300 MongoDB must protect its audit features from unauthorized access. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-008100 - The MySQL Database Server 8.0 must protect its audit configuration from unauthorized modification. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-008200 - The MySQL Database Server 8.0 must protect its audit features from unauthorized removal. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| O121-C2-009400 - The system must protect audit information from unauthorized modification. | DISA STIG Oracle 12c v3r2 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| OL08-00-030630 - OL 8 audit tools must be owned by root. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030640 - OL 8 audit tools must be group-owned by root. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-000400 - The audit information produced by PostgreSQL must be protected from unauthorized modification - log_file_mode | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020130 - The SUSE operating system audit tools must have the proper permissions configured to protect against unauthorized access. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL4-00-013800 - The audit information produced by SQL Server must be protected from unauthorized deletion. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020180 - Audit tools must have a mode of 0755 or less permissive - aureport | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020190 - Audit tools must be owned by root - audispd | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020190 - Audit tools must be owned by root - auditd | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020200 - Audit tools must be group-owned by root - auditctl | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020200 - Audit tools must be group-owned by root - ausearch | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010199 - The Ubuntu operating system must configure audit tools with a mode of 0755 or less permissive. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010200 - The Ubuntu operating system must configure audit tools to be owned by root. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010201 - The Ubuntu operating system must configure the audit tools to be group-owned by root. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-232035 - Ubuntu 22.04 LTS must configure audit tools with a mode of "755" or less permissive. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
