| 2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.5 Control access to audit records - /var/audit | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| Audit Logon | MSCT Windows Server 1903 MS v1.19.9 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Logon | MSCT Windows Server v2004 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Logon | MSCT Windows 11 v22H2 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Logon | MSCT Windows 10 1803 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Logon | MSCT Windows 10 1903 v1.19.9 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Logon | MSCT Windows 10 v2004 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Logon | MSCT Windows 10 v21H2 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Logon | MSCT Windows Server 2022 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Logon | MSCT Windows Server 2025 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Log Files to Not Contain Access Control Lists | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| Big Sur - Configure Audit Log Folders Group to Wheel | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Log Folders Group to Wheel | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Log Folders to Mode 700 or Less Permissive | NIST macOS Big Sur v1.4.0 - 800-171 | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Log Files Group to Wheel | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Log Files Group to Wheel | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Log Files to Not Contain Access Control Lists | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Configure Audit Log Folders Group to Wheel | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Log Folders Group to Wheel | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Log Folders to Mode 700 or Less Permissive | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Log Folders to Mode 700 or Less Permissive | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Log Folders to Mode 700 or Less Permissive | NIST macOS Catalina v1.5.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Log Folders to Mode 700 or Less Permissive | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | AUDIT AND ACCOUNTABILITY |
| DB2X-00-000600 - DB2 must provide audit record generation capability for DoD-defined auditable events within all DBMS/database components | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| DB2X-00-000900 - DB2 must generate audit records when unsuccessful attempts to retrieve privileges/permissions occur - database policies | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| DB2X-00-000900 - DB2 must generate audit records when unsuccessful attempts to retrieve privileges/permissions occur - SYSIBM.SYSCOLAUTH | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| DB2X-00-000900 - DB2 must generate audit records when unsuccessful attempts to retrieve privileges/permissions occur - SYSIBM.SYSLIBRARYAUTH | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| DB2X-00-000900 - DB2 must generate audit records when unsuccessful attempts to retrieve privileges/permissions occur - SYSIBM.SYSSECURITYPOLICYEXEMPTIONS | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| DB2X-00-000900 - DB2 must generate audit records when unsuccessful attempts to retrieve privileges/permissions occur - SYSIBM.SYSWORKLOADAUTH | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| DB2X-00-010200 - DB2 must generate audit records when privileges/permissions are modified | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| GEN002720 - System must be configured to audit failed attempts to access files/programs - '/etc/security/audit/events FILE_Open exists' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Files Group to Wheel | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Files Group to Wheel | NIST macOS Monterey v1.0.0 - 800-53r4 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Files Group to Wheel | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Files Group to Wheel | NIST macOS Monterey v1.0.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Files to Not Contain Access Control Lists | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| Monterey - Configure Audit Log Folders Group to Wheel | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Folders Group to Wheel | NIST macOS Monterey v1.0.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Folders Group to Wheel | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Folders to Mode 700 or Less Permissive | NIST macOS Monterey v1.0.0 - 800-171 | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Folders to Mode 700 or Less Permissive | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Folders to Mode 700 or Less Permissive | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Folders to Mode 700 or Less Permissive | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000385 - Audit log directories must have mode 0755 or less permissive. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020020 - The Ubuntu operating system must allocate audit record storage capacity to store at least one weeks worth of audit records, when audit records are not immediately sent to a central audit record storage facility. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020150 - The Ubuntu operating system must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - auditd.conf | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000083 - Oracle WebLogic must provide a real-time alert when organization-defined audit failure events occur - Module-HealthState | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000083 - Oracle WebLogic must provide a real-time alert when organization-defined audit failure events occur - SMTP Notification | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
