| 4.1.2.6 Ensure audit system action is defined for sending errors | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.7 Review suspend audit configuration when device is full | CIS Sybase 15.0 L2 DB v1.1.0 | SybaseDB | |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS Red Hat EL8 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - 'AUDIT_CHANGE_GROUP' | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - 'FAILED_LOGIN_GROUP' | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - AUDIT_CHANGE_GROUP | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - AUDIT_CHANGE_GROUP | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - FAILED_LOGIN_GROUP | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 6.2.2.3 Ensure system is disabled when audit logs are full | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.2.3 Ensure system is disabled when audit logs are full | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.2.3 Ensure system is disabled when audit logs are full | CIS Rocky Linux 9 v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.2.3 Ensure system is disabled when audit logs are full | CIS SUSE Linux Enterprise 15 v2.0.1 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.8 Ensure the Audit Plugin Can't be Unloaded | CIS MySQL 5.7 Enterprise Database L1 v2.0.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| AIX7-00-002003 - AIX must produce audit records containing information to establish where the events occurred. | DISA STIG AIX 7.x v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| AIX7-00-002004 - AIX must produce audit records containing information to establish the source and the identity of any individual or process associated with an event. | DISA STIG AIX 7.x v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| AIX7-00-002005 - AIX must produce audit records containing information to establish the outcome of the events. | DISA STIG AIX 7.x v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| AIX7-00-002006 - AIX must produce audit records containing the full-text recording of privileged commands. | DISA STIG AIX 7.x v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000295 - The macOS system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit record storage facility. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-14-001029 - The macOS system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit record storage facility. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001029 - The macOS system must allocate audit record storage capacity to store at least one week's worth of audit records when audit records are not immediately sent to a central audit record storage facility. | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-12-001029 - The macOS system must allocate audit record storage capacity to store at least one week's worth of audit records when audit records are not immediately sent to a central audit record storage facility. | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001029 The macOS system must configure audit retention to seven days. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | AUDIT AND ACCOUNTABILITY |
| DB2X-00-001000 - DB2 must initiate session auditing upon startup - AUDIT | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| DB2X-00-001000 - DB2 must initiate session auditing upon startup - CHECKING | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| DB2X-00-001000 - DB2 must initiate session auditing upon startup - CONTEXT | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| DB2X-00-001000 - DB2 must initiate session auditing upon startup - EXECUTE | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| DB2X-00-001000 - DB2 must initiate session auditing upon startup - OBJMAINT | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| DB2X-00-001000 - DB2 must initiate session auditing upon startup - SECMAINT | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000060 - The FortiGate firewall must protect the traffic log from unauthorized deletion of local log files and log records. | DISA Fortigate Firewall STIG v1r3 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Monterey v1.0.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Monterey v1.0.0 - 800-53r4 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Monterey v1.0.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-001200 - The audit information produced by the MySQL Database Server 8.0 must be protected from unauthorized read access. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000047 - The Photon operating system audit files and directories must have correct permissions. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000050 - The Photon operating system audit files and directories must have correct permissions - ausearch | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000050 - The Photon operating system audit files and directories must have correct permissions - autrace | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL4-00-013000 - Unless it has been determined that availability is paramount, SQL Server must shut down upon the failure of an Audit, or a Trace used for auditing purposes, to include the unavailability of space for more audit/trace log records. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000213 - Event Viewer must be protected from unauthorized modification and deletion. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000213 - Event Viewer must be protected from unauthorized modification and deletion. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN22-AU-000010 - Windows Server 2022 audit records must be backed up to a different system or media than the system being audited. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
