| 4.1.2.3 Ensure audit system is set to single when the disk is full. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.41 Ensure the audit configuration is immutable | CIS Amazon Linux 2 STIG v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.17 Ensure the audit configuration is immutable | CIS Red Hat 6 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure the audit configuration is immutable | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.20 Ensure the audit configuration is immutable | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 5.2.3.20 Ensure the audit configuration is immutable | CIS Oracle Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 5.2.3.20 Ensure the audit configuration is immutable | CIS Ubuntu Linux 20.04 LTS Workstation L2 v2.0.1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 5.2.3.20 Ensure the audit configuration is immutable | CIS Amazon Linux 2023 Server L2 v1.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 5.2.3.20 Ensure the audit configuration is immutable | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 5.2.3.20 Ensure the audit configuration is immutable | CIS Debian 10 Server L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 5.2.3.20 Ensure the audit configuration is immutable | CIS Oracle Linux 8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 5.2.4.6 Ensure audit configuration files are owned by root | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.7 Ensure audit configuration files belong to group root | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.3.20 Ensure the audit configuration is immutable | CIS Debian Linux 12 v1.1.0 L2 Server | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 6.2.3.20 Ensure the audit configuration is immutable | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 6.3.3.20 Ensure the audit configuration is immutable | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 6.3.3.20 Ensure the audit configuration is immutable | CIS Oracle Linux 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 6.3.3.20 Ensure the audit configuration is immutable | CIS SUSE Linux Enterprise 15 v2.0.1 L2 Workstation | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 6.3.4.5 Ensure audit configuration files mode is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.6 Ensure audit configuration files owner is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.6 Ensure audit configuration files owner is configured | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.7 Ensure audit configuration files group owner is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | MSCT Windows 10 v21H1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | MSCT Windows Server v1909 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | MSCT Windows 10 1803 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | MSCT Windows 10 1903 v1.19.9 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | MSCT Windows 10 v22H2 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | MSCT Windows 11 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | MSCT Windows Server 1903 MS v1.19.9 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | MSCT Windows Server 2019 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | MSCT Windows 11 v23H2 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings - SCENoApplyLegacyAuditPolicy | MSCT Windows Server 2025 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| DB2X-00-000500 - DB2 must protect against a user falsely repudiating having performed organization-defined actions - table policies | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000190 - The Juniper EX switch must be configured to protect audit information from unauthorized modification. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUNI-ND-000390 - The Juniper router must be configured to protect audit information from unauthorized deletion. | DISA STIG Juniper Router NDM v3r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| MADB-10-002100 - The audit information produced by MariaDB must be protected from unauthorized modification. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MD3X-00-000190 - The audit information produced by MongoDB must be protected from unauthorized read access. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | AUDIT AND ACCOUNTABILITY |
| MD3X-00-000220 - MongoDB must protect its audit features from unauthorized access. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | AUDIT AND ACCOUNTABILITY |
| MD4X-00-000200 - The audit information produced by MongoDB must be protected from unauthorized access. | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-001400 - The audit information produced by the MySQL Database Server 8.0 must be protected from unauthorized deletion. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-008000 - The MySQL Database Server 8.0 must protect its audit features from unauthorized access. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| O19C-00-006600 - The audit information produced by the Oracle Database must be protected from unauthorized access, modification, or deletion. | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| O121-C2-009500 - The system must protect audit information from unauthorized deletion. | DISA STIG Oracle 12c v3r2 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-013800 - SQL Server must protect audit information from unauthorized deletion. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-005600 - SQL Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010133 - The Ubuntu operating system must be configured so that audit configuration files are not write-accessible by unauthorized users. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-653075 - Ubuntu 22.04 LTS must permit only authorized groups to own the audit configuration files. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
