| 5.2.4.4 Ensure the audit log directory is 0750 or more restrictive | CIS Ubuntu Linux 20.04 LTS Workstation L2 v2.0.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.4 Ensure the audit log directory is 0750 or more restrictive | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.8 Ensure audit tools are 755 or more restrictive | CIS Oracle Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.8 Ensure audit tools are 755 or more restrictive | CIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.8 Ensure audit tools are 755 or more restrictive | CIS CentOS Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.8 Ensure audit tools are 755 or more restrictive | CIS AlmaLinux OS 8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.9 Ensure audit tools are owned by root | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.9 Ensure audit tools are owned by root | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.9 Ensure audit tools are owned by root | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.9 Ensure audit tools are owned by root | CIS AlmaLinux OS 8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.10 Ensure audit tools belong to group root | CIS Amazon Linux 2023 Server L2 v1.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.10 Ensure audit tools belong to group root | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.10 Ensure audit tools belong to group root | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.10 Ensure audit tools belong to group root | CIS CentOS Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.10 Ensure audit tools belong to group root | CIS AlmaLinux OS 8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.10 Ensure audit tools belong to group root | CIS Red Hat EL8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.10 Ensure audit tools belong to group root | CIS Red Hat EL8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.4.8 Ensure audit tools mode is configured | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.4.10 Ensure audit tools group owner is configured | CIS Debian Linux 12 v1.1.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.1 Ensure the audit log file directory mode is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.1 Ensure the audit log file directory mode is configured | CIS AlmaLinux OS 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.1 Ensure the audit log file directory mode is configured | CIS AlmaLinux OS 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.4 Ensure the audit log file directory mode is configured | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.8 Ensure audit tools mode is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.9 Ensure audit tools owner is configured | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.9 Ensure audit tools owner is configured | CIS Oracle Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.9 Ensure audit tools owner is configured | CIS Rocky Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.9 Ensure audit tools owner is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.10 Ensure audit tools group owner is configured | CIS Rocky Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.10 Ensure audit tools group owner is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.10 Ensure audit tools group owner is configured | CIS SUSE Linux Enterprise 15 v2.0.1 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 8.1.18 Make the Audit Configuration Immutable | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-054030 - AlmaLinux OS 9 audit system must take appropriate action when an error writing to the audit storage volume occurs. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-055680 - AlmaLinux OS 9 audit log directory must be owned by root to prevent unauthorized read access. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-056010 - AlmaLinux OS 9 audit logs must be owned by root to prevent unauthorized read access. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-14-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern). | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-12-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern). | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-001010 - The macOS system must be configured to shut down upon audit failure. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure System to Shut Down Upon Audit Failure | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure System to Shut Down Upon Audit Failure | NIST macOS Catalina v1.5.0 - 800-171 | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure System to Shut Down Upon Audit Failure | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure System to Shut Down Upon Audit Failure | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure System to Shut Down Upon Audit Failure | NIST macOS Catalina v1.5.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure System to Shut Down Upon Audit Failure | NIST macOS Monterey v1.0.0 - 800-171 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030620 - OL 8 audit tools must have a mode of "0755" or less permissive. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL4-00-013900 - Audit tools used in, or in conjunction with, SQL Server must be protected from unauthorized access. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-011800 - SQL Server must produce audit records of its enforcement of access restrictions associated with changes to the configuration of SQL Server or database(s). | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| UBTU-16-020040 - The System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-901380 - Ubuntu 24.04 LTS must be configured so that the audit log directory is not write-accessible by unauthorized users. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-909000 - Ubuntu 24.04 LTS audit system must protect auditing rules from unauthorized change. | DISA Canonical Ubuntu 24.04 LTS STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
