| 4.1.4.1 Ensure Audit logs are owned by root and mode 0600 or less permissive | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 5.2.4.8 Ensure audit tools are 755 or more restrictive | CIS Debian 10 Server L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.8 Ensure audit tools are 755 or more restrictive | CIS Rocky Linux 8 Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.9 Ensure audit tools are owned by root | CIS CentOS Linux 7 v4.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.9 Ensure audit tools are owned by root | CIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.9 Ensure audit tools are owned by root | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.9 Ensure audit tools are owned by root | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.9 Ensure audit tools are owned by root | CIS Oracle Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.10 Ensure audit tools belong to group root | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.10 Ensure audit tools belong to group root | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.10 Ensure audit tools belong to group root | CIS Oracle Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.10 Ensure audit tools belong to group root | CIS Oracle Linux 8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.4.8 Ensure audit tools mode is configured | CIS Debian Linux 12 v1.1.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.4.9 Ensure audit tools owner is configured | CIS Debian Linux 12 v1.1.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.4.10 Ensure audit tools group owner is configured | CIS Debian Linux 12 v1.1.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.4.10 Ensure audit tools group owner is configured | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.4.10 Ensure audit tools group owner is configured | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.8 Ensure audit tools mode is configured | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.8 Ensure audit tools mode is configured | CIS Rocky Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.8 Ensure audit tools mode is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.8 Ensure audit tools mode is configured | CIS Oracle Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.8 Ensure audit tools mode is configured | CIS SUSE Linux Enterprise 15 v2.0.1 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.9 Ensure audit tools owner is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.9 Ensure audit tools owner is configured | CIS AlmaLinux OS 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.9 Ensure audit tools owner is configured | CIS AlmaLinux OS 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.10 Ensure audit tools group owner is configured | CIS AlmaLinux OS 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.4.4.8 Ensure audit tools mode is configured | CIS Debian Linux 11 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.4.4.8 Ensure audit tools mode is configured | CIS Debian Linux 11 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| ALMA-09-055790 - AlmaLinux OS 9 audit log directory must have 0700 permissions to prevent unauthorized read access. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-056120 - AlmaLinux OS 9 audit logs must have 0600 permissions to prevent unauthorized read access. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern). | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern). | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY |
| EP11-00-003100 - The EDB Postgres Advanced Server must protect its audit features from unauthorized removal. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| OL08-00-030070 - OL 8 audit logs must have a mode of "0600" or less permissive to prevent unauthorized read access. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030121 - The OL 8 audit system must protect auditing rules from unauthorized change. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-012200 - PostgreSQL must protect its audit configuration from unauthorized modification. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030030 - The RHEL 8 Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030100 - RHEL 8 audit log directory must be owned by root to prevent unauthorized read access. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-232035 - RHEL 9 audit tools must have a mode of 0755 or less permissive. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653125 - RHEL 9 must have mail aliases to notify the information system security officer (ISSO) and system administrator (SA) (at a minimum) in the event of an audit processing failure. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020100 - Audit log directories must have a mode of 0750 or less permissive to prevent unauthorized read access. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020130 - Audit log directory must be owned by root to prevent unauthorized read access. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010122 - The Ubuntu operating system must be configured so that audit log files are not read or write-accessible by unauthorized users. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010423 - The Ubuntu operating system must have directories that contain system commands set to a mode of 0755 or less permissive. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-232040 - Ubuntu 22.04 LTS must have directories that contain system commands owned by "root". | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-653045 - Ubuntu 22.04 LTS must be configured so that audit log files are not read- or write-accessible by unauthorized users. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-653050 - Ubuntu 22.04 LTS must be configured to permit only authorized users ownership of the audit log files. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901230 - Ubuntu 24.04 LTS must configure audit tools with a mode of "0755" or less permissive. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901240 - Ubuntu 24.04 LTS must configure audit tools to be owned by root. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901350 - Ubuntu 24.04 LTS must permit only authorized groups ownership of the audit log files. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
