| 4.1.3.14 Ensure events that modify user/group information are collected - group | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.3.14 Ensure events that modify user/group information are collected - gshadow | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.3.14 Ensure events that modify user/group information are collected - opasswd | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.3.14 Ensure events that modify user/group information are collected - passwd | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.3.14 Ensure events that modify user/group information are collected - shadow | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| ALMA-09-048860 - AlmaLinux OS 9 must generate audit records for any use of the "crontab" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-049300 - AlmaLinux OS 9 must audit all uses of the kmod command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-049960 - AlmaLinux OS 9 must generate audit records for any use of the "sudo" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-050290 - AlmaLinux OS 9 must generate audit records for any use of the "setfiles" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-050730 - AlmaLinux OS 9 must generate audit records for any use of the "sudoedit" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-051060 - AlmaLinux OS 9 must generate audit records for any use of the "unix_update" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| ALMA-09-051170 - AlmaLinux OS 9 must generate audit records for any use of the "userhelper" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| Big Sur - Configure System to Audit All Deletions of Object Attributes | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Big Sur - Configure System to Audit All Failed Change of Object Attributes | NIST macOS Big Sur v1.4.0 - 800-171 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Big Sur - Configure System to Audit All Failed Change of Object Attributes | NIST macOS Big Sur v1.4.0 - 800-53r4 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Big Sur - Configure System to Audit All Failed Change of Object Attributes | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Big Sur - Configure System to Audit All Failed Read Actions on the System | NIST macOS Big Sur v1.4.0 - 800-53r4 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Big Sur - Configure System to Audit All Failed Read Actions on the System | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Catalina - Configure System to Audit All Deletions of Object Attributes | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Catalina - Configure System to Audit All Failed Change of Object Attributes | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Catalina - Configure System to Audit All Failed Read Actions on the System | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Catalina - Configure System to Audit All Failed Read Actions on the System | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Catalina - Configure System to Audit All Failed Write Actions on the System | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Catalina - Configure System to Audit All Failed Write Actions on the System | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| EP11-00-001200 - The EDB Postgres Advanced Server must generate audit records for DoD-defined auditable events. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| OL07-00-030870 - The Oracle Linux operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | DISA Oracle Linux 7 STIG v3r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| RHEL-09-654025 - RHEL 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654035 - RHEL 9 must audit all uses of the chacl command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654045 - RHEL 9 must audit all uses of the chcon command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654065 - RHEL 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654095 - RHEL 9 must audit all uses of the crontab command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654105 - RHEL 9 must audit all uses of the kmod command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654130 - RHEL 9 must audit all uses of the postqueue command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654135 - RHEL 9 must audit all uses of the ssh-agent command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654140 - RHEL 9 must audit all uses of the ssh-keysign command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654145 - RHEL 9 must audit all uses of the su command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654170 - RHEL 9 must audit all uses of the userhelper command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654175 - RHEL 9 must audit all uses of the usermod command. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020280 - The SUSE operating system must generate audit records for all uses of the chfn command. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020300 - The SUSE operating system must generate audit records for all uses of the umount command. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030020 - The SUSE operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| UBTU-18-010244 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN16-AU-000120 - Windows Server 2016 must be configured to audit Account Management - Security Group Management successes. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN16-AU-000140 - Windows Server 2016 must be configured to audit Account Management - User Account Management successes. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN16-AU-000150 - Windows Server 2016 must be configured to audit Account Management - User Account Management failures. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN16-DC-000230 - Windows Server 2016 must be configured to audit Account Management - Computer Account Management successes. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-AU-000100 - Windows Server 2019 must be configured to audit Account Management - Security Group Management successes. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-AU-000110 - Windows Server 2019 must be configured to audit Account Management - User Account Management successes. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-AU-000120 - Windows Server 2019 must be configured to audit Account Management - User Account Management failures. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-DC-000230 - Windows Server 2019 must be configured to audit Account Management - Computer Account Management successes. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
