| 1.1.6 Ensure auditing is configured for Docker files and directories - /etc/docker | CIS Docker v1.8.0 L1 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.15 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim | CIS Docker v1.8.0 L2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.17 Ensure auditing is configured for Docker files and directories - /usr/bin/containerd-shim-runc-v2 | CIS Docker v1.8.0 L2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.12 Ensure single CPU core overloaded event is logged | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | AUDIT AND ACCOUNTABILITY |
| 2.2 Ensure That Sinks Are Configured for All Log Entries | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 2.2.1 Set 'logging enable' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.2.2 Set 'buffer size' for 'logging buffered' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure auditd service is enabled and running - enabled | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure auditd service is enabled and running - running | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - action_mail_acct | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - action_mail_acct | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - admin_space_left_action | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - admin_space_left_action | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - space_left_action | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - space_left_action | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.3 Ensure system is disabled when audit logs are full | CIS SUSE Linux Enterprise 12 v3.2.1 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.3 Ensure system is disabled when audit logs are full | CIS SUSE Linux Enterprise 12 v3.2.1 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.4 Ensure audit_backlog_limit is sufficient | CIS Red Hat 6 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.4 Ensure audit_backlog_limit is sufficient | CIS SUSE Linux Enterprise 12 v3.2.1 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.4 Ensure audit_backlog_limit is sufficient | CIS SUSE Linux Enterprise 12 v3.2.1 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.4 Ensure audit_backlog_limit is sufficient | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.5 Ensure system is disabled when audit logs are full | CIS Amazon Linux 2 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.5 Ensure system is disabled when audit logs are full | CIS Amazon Linux 2 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.5 Ensure system is disabled when audit logs are full | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.5 Ensure system is disabled when audit logs are full - 'action_mail_acct = root' | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.5 Ensure system is disabled when audit logs are full - 'admin_space_left_action = halt' | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.5 Ensure system is disabled when audit logs are full - 'space_left_action = email' | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.7 Ensure audit_backlog_limit is sufficient | CIS Amazon Linux 2 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.7 Ensure audit_backlog_limit is sufficient | CIS Amazon Linux 2 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.7 Ensure audit_backlog_limit is sufficient | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.7 Ensure audit_backlog_limit is sufficient | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.7 Ensure kernel module loading and unloading is collected | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.12 Ensure discretionary access control permission modification events are collected | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.21 Ensure audit of postdrop command | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.29 Ensure audit pam_timestamp_check command | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.31 Ensure audit of the create_module syscall | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - adjtimex settimeofday stime | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl /etc/localtime | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl settimeofday,adjtimex x64 | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod fchmod fchmodat | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - lsetxattr setxattr fsetxattr removexattr | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EACCES x64 | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.15 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers.d/ | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - /sbin/rmmod | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - init_module | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 (L1) Host must deactivate log filtering | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 6.3.3.2 Ensure actions as another user are always logged | CIS Ubuntu Linux 20.04 LTS v3.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.14 Ensure events that modify the system's Mandatory Access Controls are collected | CIS Ubuntu Linux 20.04 LTS v3.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.21 Ensure the running and on disk configuration is the same | CIS Ubuntu Linux 20.04 LTS v3.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
