| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS AlmaLinux OS 8 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS Rocky Linux 8 Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS CentOS Linux 7 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS CentOS Linux 7 v4.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS Oracle Linux 8 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS Red Hat EL8 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - 'FAILED_LOGIN_GROUP' | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 6.2.2.3 Ensure system is disabled when audit logs are full | CIS Debian Linux 12 v1.1.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.2.3 Ensure system is disabled when audit logs are full | CIS Debian Linux 12 v1.1.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.2.3 Ensure system is disabled when audit logs are full | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.2.3 Ensure system is disabled when audit logs are full | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.2.3 Ensure system is disabled when audit logs are full | CIS Oracle Linux 9 v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.2.3 Ensure system is disabled when audit logs are full | CIS Oracle Linux 9 v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.2.3 Ensure system is disabled when audit logs are full | CIS SUSE Linux Enterprise 15 v2.0.1 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.2.3 Ensure system is disabled when audit logs are full | CIS AlmaLinux OS 9 v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.2.3 Ensure system is disabled when audit logs are full | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.4.4 Ensure audit log files group owner is configured | CIS SUSE Linux Enterprise 15 v2.0.1 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.4.2.3 Ensure system is disabled when audit logs are full | CIS Debian Linux 11 v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.4.2.3 Ensure system is disabled when audit logs are full | CIS Debian Linux 11 v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.5 Ensure the Audit Plugin Can't be Unloaded | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.11 Ensure the Audit Plugin Can't be Unloaded | CIS MySQL 5.6 Enterprise Database L1 v2.0.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| ALMA-09-052050 - AlmaLinux OS 9 must allocate audit record storage capacity to store at least one week's worth of audit records. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Log Files to be Owned by Root | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Big Sur v1.4.0 - 800-53r4 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Log Folders to be Owned by Root | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Log Folders to be Owned by Root | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Catalina v1.5.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | AUDIT AND ACCOUNTABILITY |
| ESXi: esxi-8.logs-audit-local-capacity | VMware vSphere Security Configuration and Hardening Guide | VMware | AUDIT AND ACCOUNTABILITY |
| GEN002751 - The audit system must be configured to audit account modification - 'User audit class assignments should be reviewed' | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN002751 - The audit system must be configured to audit account modification - 'User audit class assignments should be reviewed' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN002753 - The audit system must be configured to audit account termination - '/etc/security/audit/config USER_Remove exists' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN002753 - The audit system must be configured to audit account termination - '/etc/security/audit/events USER_Remove exists' | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN002753 - The audit system must be configured to audit account termination - 'User audit class assignments should be reviewed' | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| Monterey - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030660 - RHEL 8 must allocate audit record storage capacity to store at least one week of audit records, when audit records are not immediately sent to a central audit record storage facility. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653030 - RHEL 9 must allocate audit record storage capacity to store at least one week's worth of audit records. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
