| 1.4 Ensure Service Runlevel Is Registered And Set Correctly | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.2.41 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.2.44 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.52 Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.57 Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.1.20 Secure permissions for the log mirror location - MIRRORLOGPATH Setting | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | AUDIT AND ACCOUNTABILITY |
| 4.2.1.1 Ensure rsyslog is installed | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.1 Ensure rsyslog is installed | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.1 Ensure rsyslog is installed | CIS CentOS 6 Server L1 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.1 Ensure rsyslog is installed | CIS Red Hat 6 Server L1 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.1 Ensure rsyslog is installed | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.5 Database Manager Configuration Parameter: TRUST_CLNTAUTH | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL |
| 6.3 (L1) Ensure 'Account Logon Logoff Audit Group Membership' is set to include 'Success' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.4 Ensure 'SIGHUP' Runtime Parameters are Configured | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | SYSTEM AND SERVICES ACQUISITION |
| 6.4 Ensure 'SIGHUP' Runtime Parameters are Configured | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 (L1) Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 Ensure 'Audit Group Membership' is set to include 'Success' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| ALMA-09-051390 - AlmaLinux OS 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-12-000030 - The macOS system must be configured so that log files must not contain access control lists (ACLs). | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| APPL-15-005001 - The macOS system must ensure System Integrity Protection is enabled. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_AlmaLinux_OS_8_Workstation_L2_v3.0.0.audit from CIS AlmaLinux OS 8 Benchmark v3.0.0 | CIS AlmaLinux OS 8 Workstation L2 v3.0.0 | Unix | |
| MADB-10-002200 - The audit information produced by MariaDB must be protected from unauthorized deletion. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MADB-10-010600 - MariaDB must generate audit records when privileges/permissions are deleted. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MADB-10-010900 - MariaDB must generate audit records when unsuccessful attempts to delete security objects occur. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| OL07-00-030010 - The Oracle Linux operating system must shut down upon audit processing failure, unless availability is an overriding concern. If availability is a concern, the system must alert the designated staff (System Administrator [SA] and Information System Security Officer [ISSO] at a minimum) in the event of an audit processing failure - System Administrator [SA] and Information System Security Officer [ISSO] at a minimum in the event of an audit processing failure. | DISA Oracle Linux 7 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030180 - The OL 8 audit package must be installed. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| OL08-00-030181 - OL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| OL08-00-030317 - OL 8 must generate audit records for any use of the "unix_chkpwd" command. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030340 - OL 8 must generate audit records for any use of the "pam_timestamp_check" command. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030550 - OL 8 must generate audit records for any use of the "sudo" command. | DISA Oracle Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030010 - The Red Hat Enterprise Linux operating system must shut down upon audit processing failure, unless availability is an overriding concern. If availability is a concern, the system must alert the designated staff (System Administrator [SA] and Information System Security Officer [ISSO] at a minimum) in the event of an audit processing failure. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030180 - The RHEL 8 audit package must be installed. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030315 - Successful/unsuccessful uses of userhelper in RHEL 8 must generate an audit record. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653070 - RHEL 9 System Administrator (SA) and/or information system security officer (ISSO) (at a minimum) must be alerted of an audit processing failure event. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-654025 - RHEL 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020000 - The SUSE operating system must have the auditing package installed. | DISA SLES 12 STIG v3r2 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| UBTU-16-020000 - Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events - enabled | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| UBTU-16-020000 - Audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events - installed | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| UBTU-20-010201 - The Ubuntu operating system must configure the audit tools to be group-owned by root. | DISA Canonical Ubuntu 20.04 LTS STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-232110 - Ubuntu 22.04 LTS must configure audit tools to be owned by "root". | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCENTER-000016 - Log files must be cleaned up after failed installations of the vCenter Server. | DISA STIG VMWare ESXi vCenter 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000028 - Log files must be cleaned up after failed installations of the vCenter Server. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
