| 4.1.2 Ensure auditd is installed | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.6 Ensure audit system action is defined for sending errors | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.4.5 Ensure audit configuration files are 640 or more restrictive | CIS Ubuntu Linux 20.04 LTS Workstation L2 v2.0.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.5 Ensure audit configuration files are 640 or more restrictive | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.5 Ensure audit configuration files are 640 or more restrictive | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.5 Ensure audit configuration files are 640 or more restrictive | CIS Rocky Linux 8 Server L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.6 Ensure audit configuration files are owned by root | CIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.6 Ensure audit configuration files are owned by root | CIS Ubuntu Linux 20.04 LTS Workstation L2 v2.0.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.6 Ensure audit configuration files are owned by root | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.6 Ensure audit configuration files are owned by root | CIS AlmaLinux OS 8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.7 Ensure audit configuration files belong to group root | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.7 Ensure audit configuration files belong to group root | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.7 Ensure audit configuration files belong to group root | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.7 Ensure audit configuration files belong to group root | CIS Red Hat EL8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - SUCCESSFUL_LOGIN_GROUP | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - SUCCESSFUL_LOGIN_GROUP | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 6.2.4.6 Ensure audit configuration files owner is configured | CIS Debian Linux 12 v1.1.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.4.6 Ensure audit configuration files owner is configured | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.4.6 Ensure audit configuration files owner is configured | CIS Debian Linux 12 v1.1.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.4.7 Ensure audit configuration files group owner is configured | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.5 Ensure audit configuration files mode is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.5 Ensure audit configuration files mode is configured | CIS SUSE Linux Enterprise 15 v2.0.1 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.6 Ensure audit configuration files owner is configured | CIS AlmaLinux OS 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.6 Ensure audit configuration files owner is configured | CIS Rocky Linux 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.7 Ensure audit configuration files group owner is configured | CIS AlmaLinux OS 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.4.4.5 Ensure audit configuration files mode is configured | CIS Debian Linux 11 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| APPL-11-001029 - The macOS system must allocate audit record storage capacity to store at least one week's worth of audit records when audit records are not immediately sent to a central audit record storage facility. | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Big Sur v1.4.0 - 800-53r4 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | AUDIT AND ACCOUNTABILITY |
| DB2X-00-001900 - Unless it has been determined that availability is paramount, DB2 must, upon audit failure, cease all auditable activity. | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| Ensure non-default application inspection is configured correctly | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND INFORMATION INTEGRITY |
| Ensure timezone is properly configured | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | CONFIGURATION MANAGEMENT |
| GEN002700 - System audit logs must have mode 0640 or less permissive. | DISA STIG Solaris 10 SPARC v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002700 - System audit logs must have mode 0640 or less permissive. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| O112-C2-009700 - The DBMS must protect audit tools from unauthorized modification. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000049 - The Photon operating system audit files and directories must have correct permissions. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-000700 - SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-001300 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to SQL Server, etc.) must be owned by database/DBMS principals authorized for ownership. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| SQL6-D0-001500 - In the event of a system failure, hardware loss or disk failure, SQL Server must be able to restore necessary databases with least disruption to mission processes. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-001800 - The Certificate used for encryption must be backed up and stored in a secure location that is not on the SQL Server. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-002500 - SQL Server must associate organization-defined types of security labels having organization-defined security label values with information in storage. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-002700 - SQL Server must associate organization-defined types of security labels having organization-defined security label values with information in transmission. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-002900 - Execution of stored procedures and functions that utilize execute as must be restricted to necessary cases only. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | ACCESS CONTROL |
| SQL6-D0-003200 - SQL Server must use NSA-approved cryptography to protect classified information in accordance with the data owners requirements. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-003300 - SQL Server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBLC-02-000086 - Oracle WebLogic must notify administrative personnel as a group in the event of audit processing failure - Module-HealthState | Oracle WebLogic Server 12c Linux v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000086 - Oracle WebLogic must notify administrative personnel as a group in the event of audit processing failure - SMTP Notification | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000086 - Oracle WebLogic must notify administrative personnel as a group in the event of audit processing failure - SMTP Notification | Oracle WebLogic Server 12c Linux v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
