| 1.4.4 Set IP address for 'logging host' | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Configure Netflow on Strategic Ports | CIS Cisco NX-OS v1.2.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY |
| 2.1 Ensure monitoring and alerting exist for ACCOUNTADMIN and SECURITYADMIN role grants | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.1 Ensure That Cloud Audit Logging Is Configured Properly | CIS Google Cloud Platform v3.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 2.1.1 Ensure Firewall Is Enabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1 Ensure Firewall Is Enabled | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1 Ensure Firewall Is Enabled | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.2 Ensure monitoring and alerting exist for MANAGE GRANTS privilege grants | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.2.1 Ensure Firewall Is Enabled | CIS Apple macOS 13.0 Ventura v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.2.1 Ensure Firewall Is Enabled | CIS Apple macOS 14.0 Sonoma v2.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.2.1 Ensure Firewall Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4 Set IP address for 'logging host' | CIS Cisco IOS XE 17.x v2.1.1 L2 | Cisco | AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4 Set IP address for 'logging host' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY |
| 2.3 Ensure monitoring and alerting exist for password sign-ins of SSO users | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.4 Ensure monitoring and alerting exist for password sign-in without MFA | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.4.1.1 Ensure Firewall Is Enabled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.5 Ensure monitoring and alerting exist for creation, update and deletion of security integrations | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.5.2.1 Ensure Firewall Is Enabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.5.2.1 Ensure Firewall Is Enabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.5.2.1 Ensure Firewall Is Enabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.5.2.2 Ensure Firewall Is Enabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.6 Ensure monitoring and alerting exist for changes to network policies and associated objects | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.7 Ensure monitoring and alerting exist for SCIM token creation | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.8 Ensure monitoring and alerting exists for new share exposures | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.9 Ensure monitoring and alerting exists for sessions from unsupported Snowflake Connector for Python and JDBC and ODBC drivers | CIS Snowflake Foundations v1.0.0 L2 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC Networks | CIS Google Cloud Platform v3.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 2.12.8 - Miscellaneous Config - enable sar accounting - 'activity reports are generated every 20 minutes or less on weekday 8a-5p' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.12.8 - Miscellaneous Config - enable sar accounting - 'activity reports are generated hourly on weekday 6p-7a' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.12.8 - Miscellaneous Config - enable sar accounting - 'activity reports are generated hourly on weekends' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.12.8 - Miscellaneous Config - enable sar accounting - 'daily summaries are being prepared' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure CloudTrail log file validation is enabled | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 3.3.2 Configure Storm Control | CIS Cisco NX-OS v1.2.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, INCIDENT RESPONSE, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.7 Ensure proxies pass source IP information - X-Real-IP | CIS NGINX Benchmark v2.1.0 L1 Proxy | Unix | AUDIT AND ACCOUNTABILITY |
| 3.7 Ensure proxies pass source IP information - X-Real-IP | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1 Ensure unauthorized API calls are monitored | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.2 Ensure management console sign-in without MFA is monitored | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.3 Ensure usage of the 'root' account is monitored | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.4 Ensure IAM policy changes are monitored | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.5 Ensure CloudTrail configuration changes are monitored | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.6 Ensure AWS Management Console authentication failures are monitored | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.7 Ensure disabling or scheduled deletion of customer created CMKs is monitored | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.8 Ensure S3 bucket policy changes are monitored | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.9 Ensure AWS Config configuration changes are monitored | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.10 Ensure security group changes are monitored | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 4.11 Ensure Network Access Control List (NACL) changes are monitored | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.12 Ensure changes to network gateways are monitored | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.13 Ensure route table changes are monitored | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.14 Ensure VPC changes are monitored | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.15 Ensure AWS Organizations changes are monitored | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| SHPT-00-000405 - To support audit review, analysis, and reporting, SharePoint must integrate audit review, analysis, and reporting processes to support organizational processes for investigation and response to suspicious activities. | DISA STIG SharePoint 2010 v1r9 | Windows | AUDIT AND ACCOUNTABILITY |
