| 1.58 WN22-AU-000020 | CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.280 OL08-00-030710 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | AUDIT AND ACCOUNTABILITY |
| 1.281 OL08-00-030720 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | AUDIT AND ACCOUNTABILITY |
| 1.365 RHEL-09-652055 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.3 Ensure audit system is set to single when the disk is full. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.6 Ensure audit system action is defined for sending errors | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.8 Ensure audit logs are stored on a different system. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.9 Ensure audit logs on separate system are encrypted. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.11 Ensure off-load of audit logs - direction | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.11 Ensure off-load of audit logs - path | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.11 Ensure off-load of audit logs - type | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.12 Ensure action is taken when audisp-remote buffer is full | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.13 Ensure off-loaded audit logs are labeled. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-052270 - AlmaLinux OS 9 must label all offloaded audit logs before sending them to the central log server. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-052380 - AlmaLinux OS 9 must take appropriate action when the internal event queue is full. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-052710 - AlmaLinux OS 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-052930 - AlmaLinux OS 9 must have the rsyslog package installed. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-053150 - The rsyslog service on AlmaLinux OS 9 must be active. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AZLX-23-002030 - Amazon Linux 2023 must take appropriate action when the internal event queue is full. | DISA Amazon Linux 2023 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Off-Load Audit Records | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Off-Load Audit Records | NIST macOS Catalina v1.5.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| EPAS-00-013000 - The EDB Postgres Advanced Server must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| ESXI-80-000233 - The ESXi host must off-load audit records via syslog. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-80-000233 - The ESXi host must off-load audit records via syslog. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | AUDIT AND ACCOUNTABILITY |
| ESXi: esxi-8.logs-audit-remote | VMware vSphere Security Configuration and Hardening Guide | VMware | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000100 - The FortiGate firewall must send traffic log entries to a central audit server for management and configuration of the traffic log entries. | DISA Fortigate Firewall STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Monterey - Off-Load Audit Records | NIST macOS Monterey v1.0.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| O19C-00-005800 - Oracle Database must off-load audit data to a separate log management facility; this must be continuous and in near-real-time for systems with a network connection to the storage facility, and weekly or more often for stand-alone systems. | DISA Oracle Database 19c STIG v1r5 OracleDB | OracleDB | AUDIT AND ACCOUNTABILITY |
| O19C-00-005800 - Oracle Database must off-load audit data to a separate log management facility; this must be continuous and in near-real-time for systems with a network connection to the storage facility, and weekly or more often for stand-alone systems. | DISA Oracle Database 19c STIG v1r3 OracleDB | OracleDB | AUDIT AND ACCOUNTABILITY |
| OL08-00-030062 - OL 8 must label all offloaded audit logs before sending them to the central log server. | DISA Oracle Linux 8 STIG v2r8 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030690 - The OL 8 audit records must be offloaded onto a different system or storage media from the system being audited. | DISA Oracle Linux 8 STIG v2r8 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030700 - OL 8 must take appropriate action when the internal event queue is full. | DISA Oracle Linux 8 STIG v2r8 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030710 - OL 8 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited. | DISA Oracle Linux 8 STIG v2r8 | Unix | AUDIT AND ACCOUNTABILITY |
| OL09-00-000860 - OL 9 must take appropriate action when the internal event queue is full. | DISA Oracle Linux 9 STIG v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030690 - The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030700 - RHEL 8 must take appropriate action when the internal event queue is full. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030720 - RHEL 8 must authenticate the remote logging server for off-loading audit logs. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-652040 - RHEL 9 must authenticate the remote logging server for offloading audit logs via rsyslog. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-652050 - RHEL 9 must encrypt via the gtls driver the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-500115 - RHEL 10 must take appropriate action when the internal event queue is full. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SLEM-05-653045 - Audispd must take appropriate action when SLEM 5 audit storage is full. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SLEM-05-653065 - SLEM 5 audit event multiplexor must be configured to use Kerberos. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - Syslog IP | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| UBTU-22-651035 - Ubuntu 22.04 LTS must have a crontab script running weekly to offload audit events of standalone systems. | DISA Canonical Ubuntu 22.04 LTS STIG v2r8 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-100450 - Ubuntu 24.04 LTS audit event multiplexor must be configured to offload audit logs onto a different system or storage media from the system being audited. | DISA Canonical Ubuntu 24.04 LTS STIG v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| vCenter: vcenter-8.events-remote-logging | VMware vSphere Security Configuration and Hardening Guide | VMware | AUDIT AND ACCOUNTABILITY |
| vCenter: vcenter-8.vami-syslog | VMware vSphere Security Configuration and Hardening Guide | VMware | AUDIT AND ACCOUNTABILITY |
| VCPF-80-000081 The vCenter Perfcharts service must offload log records onto a different system or media from the system being logged. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WN22-AU-000020 - Windows Server 2022 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | AUDIT AND ACCOUNTABILITY |
| WN25-AU-000020 - Windows Server 2025 must, at a minimum, off-load audit records of interconnected systems in real time and off-load stand-alone or nondomain-joined systems weekly. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | AUDIT AND ACCOUNTABILITY |
