| 5.2.4.5 Ensure audit configuration files are 640 or more restrictive | CIS CentOS Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.5 Ensure audit configuration files are 640 or more restrictive | CIS Debian 10 Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.5 Ensure audit configuration files are 640 or more restrictive | CIS AlmaLinux OS 8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.5 Ensure audit configuration files are 640 or more restrictive | CIS Red Hat EL8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.6 Ensure audit configuration files are owned by root | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.6 Ensure audit configuration files are owned by root | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.6 Ensure audit configuration files are owned by root | CIS Red Hat EL8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.6 Ensure audit configuration files are owned by root | CIS Red Hat EL8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.7 Ensure audit configuration files belong to group root | CIS Amazon Linux 2023 Server L2 v1.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.7 Ensure audit configuration files belong to group root | CIS CentOS Linux 7 v4.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.7 Ensure audit configuration files belong to group root | CIS Red Hat EL8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - SUCCESSFUL_LOGIN_GROUP | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 6.2.4.6 Ensure audit configuration files owner is configured | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.4.7 Ensure audit configuration files group owner is configured | CIS Debian Linux 12 v1.1.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.5 Ensure audit configuration files mode is configured | CIS AlmaLinux OS 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.6 Ensure audit configuration files owner is configured | CIS Oracle Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.7 Ensure audit configuration files group owner is configured | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.7 Ensure audit configuration files group owner is configured | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.7 Ensure audit configuration files group owner is configured | CIS Oracle Linux 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.7 Ensure audit configuration files group owner is configured | CIS SUSE Linux Enterprise 15 v2.0.1 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.4.4.6 Ensure audit configuration files owner is configured | CIS Debian Linux 11 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1.2 Ensure Audit configuration defines audit classes | CIS IBM AIX 7 v1.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full. | DISA STIG AIX 7.x v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| AMLS-L3-000230 - The Arista Multilayer Switch must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-001029 - The macOS system must allocate audit record storage capacity to store at least one week's worth of audit records when audit records are not immediately sent to a central audit record storage facility. | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Big Sur v1.4.0 - 800-53r4 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Retention to a Minimum of Seven Days | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Audit Record Reduction and Report Generation - reduction | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Catalina v1.5.0 - 800-171 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| DB2X-00-000500 - DB2 must protect against a user falsely repudiating having performed organization-defined actions - audit policies used | DISA STIG IBM DB2 v10.5 LUW v2r1 Database | IBM_DB2DB | AUDIT AND ACCOUNTABILITY |
| GEN002700 - System audit logs must have mode 0640 or less permissive. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002750 - The audit system must be configured to audit account creation - '/etc/security/audit/config USER_Create exists' | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| MADB-10-002200 - The audit information produced by MariaDB must be protected from unauthorized deletion. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| Monterey - Audit Record Reduction and Report Generation - reduction | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Audit Record Reduction and Report Generation - reduction | NIST macOS Monterey v1.0.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Monterey v1.0.0 - 800-53r4 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | AUDIT AND ACCOUNTABILITY |
| O112-C2-009700 - The DBMS must protect audit tools from unauthorized modification. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000049 - The Photon operating system audit files and directories must have correct permissions. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-060180 - The operating system must use cryptographic mechanisms to protect the integrity of audit information. | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL4-00-038200 - SQL Server must generate Trace or Audit records when unsuccessful accesses to designated objects occur - SUCCESSFUL_LOGIN_GROUP | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-002000 - Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL6-D0-002400 - SQL Server must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. | DISA STIG SQL Server 2016 Database Audit v3r2 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| SQL6-D0-018100 - When using command-line tools such as SQLCMD in a mixed-mode authentication environment, users must use a logon method that does not expose the password. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| WBLC-02-000086 - Oracle WebLogic must notify administrative personnel as a group in the event of audit processing failure - SMTP Notification | Oracle WebLogic Server 12c Linux v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WN12-SO-000049 - The system must generate an audit event when the audit log reaches a percentage of full threshold. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
