| 3.092 - The system must generate an audit event when the audit log reaches a percentage of full threshold. | DISA Windows Vista STIG v6r41 | Windows | AUDIT AND ACCOUNTABILITY |
| 4.1.3.20 Ensure the audit configuration is immutable | CIS CentOS Linux 8 Server L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.3.41 Ensure the audit configuration is immutable | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.17 Ensure the audit configuration is immutable | CIS CentOS 6 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure the audit configuration is immutable | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure the audit configuration is immutable | CIS SUSE Linux Enterprise 12 v3.2.1 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.3.20 Ensure the audit configuration is immutable | CIS CentOS Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 5.2.3.20 Ensure the audit configuration is immutable | CIS CentOS Linux 7 v4.0.0 L2 Workstation | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 5.2.3.20 Ensure the audit configuration is immutable | CIS Rocky Linux 8 Server L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 6.3.3.20 Ensure the audit configuration is immutable | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 6.3.3.20 Ensure the audit configuration is immutable | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 6.3.3.20 Ensure the audit configuration is immutable | CIS Rocky Linux 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 6.3.3.20 Ensure the audit configuration is immutable | CIS Rocky Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 18.10.76.1.5 (L1) Ensure 'Service Enabled' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.76.1.5 (L1) Ensure 'Service Enabled' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 76.1.4 (L1) Ensure 'Service Enabled' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Audit Record Reduction and Report Generation - reduction | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | AUDIT AND ACCOUNTABILITY |
| DB2X-00-002400 - The audit information produced by DB2 must be protected from unauthorized deletion | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows | Windows | AUDIT AND ACCOUNTABILITY |
| DG0141-ORACLE11 - Attempts to bypass access controls should be audited. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| F5BI-DM-000075 - The BIG-IP appliance must be configured to protect audit information from unauthorized modification. | DISA F5 BIG-IP Device Management STIG v2r4 | F5 | AUDIT AND ACCOUNTABILITY |
| JUNI-ND-000380 - The Juniper router must be configured to protect audit information from unauthorized modification. | DISA STIG Juniper Router NDM v3r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| MADB-10-001800 - MariaDB must be configurable to overwrite audit log records, oldest first (First-In-First-Out - FIFO), in the event of unavailability of space for more audit log records. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| PPS9-00-002800 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized deletion. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| Prevent users and apps from accessing dangerous websites | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent users and apps from accessing dangerous websites | MSCT Windows Server 2019 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent users and apps from accessing dangerous websites | MSCT Windows 10 1809 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent users and apps from accessing dangerous websites | MSCT Windows 10 v2004 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent users and apps from accessing dangerous websites | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent users and apps from accessing dangerous websites | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent users and apps from accessing dangerous websites | MSCT Windows 10 v22H2 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent users and apps from accessing dangerous websites | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent users and apps from accessing dangerous websites | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent users and apps from accessing dangerous websites | MSCT Windows 10 1909 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent users and apps from accessing dangerous websites | MSCT Windows 10 v21H1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent users and apps from accessing dangerous websites | MSCT Windows 10 v21H2 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent users and apps from accessing dangerous websites - EnableNetworkProtection | MSCT Windows 10 1803 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| RHEL-08-030630 - RHEL 8 audit tools must be owned by root. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030640 - RHEL 8 audit tools must be group-owned by root. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030620 - The SUSE operating system audit tools must have the proper permissions configured to protect against unauthorized access. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-070250 - The operating system must protect the audit records resulting from non-local accesses to privileged accounts and the execution of privileged functions. | DISA STIG Solaris 11 SPARC v3r1 | Unix | ACCESS CONTROL |
| SOL-11.1-070250 - The operating system must protect the audit records resulting from non-local accesses to privileged accounts and the execution of privileged functions. | DISA STIG Solaris 11 X86 v3r1 | Unix | ACCESS CONTROL |
| SQL2-00-013600 - SQL Server must protect audit information from any type of unauthorized access. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | AUDIT AND ACCOUNTABILITY |
| SQL2-00-014400 - SQL Server must protect the audit records generated as a result of remote access to privileged accounts and by the execution of privileged functions. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| SQL4-00-030600 - Where availability is paramount, the SQL Server must continue processing (preferably overwriting existing records, oldest first), in the event of lack of space for more Audit/Trace log records; and must keep processing after any failure of an Audit/Trace. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020200 - Audit tools must be group-owned by root - augenrules | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020200 - Audit tools must be group-owned by root - autrace | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010312 - The Ubuntu operating system must permit only authorized accounts to own the audit configuration files. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900040 - Ubuntu 24.04 LTS must be configured so that audit configuration files are not write-accessible by unauthorized users. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000095 - Oracle WebLogic must protect audit information from any type of unauthorized read access. | Oracle WebLogic Server 12c Linux v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000095 - Oracle WebLogic must protect audit information from any type of unauthorized read access. | Oracle WebLogic Server 12c Windows v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
