| 4.1.4.1 Ensure Audit logs are owned by root and mode 0600 or less permissive | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| AIX7-00-002013 - Audit logs on the AIX system must be owned by root. | DISA STIG AIX 7.x v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AIX7-00-002014 - Audit logs on the AIX system must be group-owned by system. | DISA STIG AIX 7.x v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AIX7-00-002015 - Audit logs on the AIX system must be set to 660 or less permissive. | DISA STIG AIX 7.x v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000336 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-14-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | DISA STIG Apple Mac OSX 10.15 v1r8 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000190 - The log information from the Apache web server must be protected from unauthorized modification or deletion. | DISA STIG Apache Server 2.4 Unix Server v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000190 - The log information from the Apache web server must be protected from unauthorized modification or deletion. | DISA STIG Apache Server 2.4 Unix Server v2r5 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000200 - The log information from the Apache web server must be protected from unauthorized deletion and modification. | DISA STIG Apache Server 2.4 Windows Server v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000390 - The Cisco router must be configured to protect audit information from unauthorized deletion. | DISA STIG Cisco IOS Router NDM v2r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000390 - The Cisco router must be configured to protect audit information from unauthorized deletion. | DISA STIG Cisco IOS XE Router NDM v2r5 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000390 - The Cisco switch must be configured to protect audit information from unauthorized deletion. | DISA STIG Cisco IOS XE Switch NDM v2r3 | Cisco | AUDIT AND ACCOUNTABILITY |
| EP11-00-002800 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized deletion. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r1 | Windows | AUDIT AND ACCOUNTABILITY |
| EX13-MB-000075 - Exchange must protect audit data against unauthorized deletion. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| EX16-ED-000130 - Exchange audit data must be protected against unauthorized access for deletion. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| EX16-MB-000150 - Exchange must protect audit data against unauthorized deletion. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| F5BI-LT-000059 - The BIG-IP Core implementation must be configured to protect audit information from unauthorized deletion. | DISA F5 BIG-IP Local Traffic Manager 11.x STIG v2r1 | F5 | AUDIT AND ACCOUNTABILITY |
| IISW-SV-000115 - The log information from the IIS 8.5 web server must be protected from unauthorized modification or deletion. | DISA IIS 8.5 Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| MD3X-00-000190 - The audit information produced by MongoDB must be protected from unauthorized read access. | DISA STIG MongoDB Enterprise Advanced 3.x v2r1 OS | Unix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-002300 - The audit information produced by PostgreSQL must be protected from unauthorized deletion - log directory | DISA STIG PostgreSQL 9.x on RHEL OS v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-002300 - The audit information produced by PostgreSQL must be protected from unauthorized deletion - log_file_mode | DISA STIG PostgreSQL 9.x on RHEL OS v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| PPS9-00-002800 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized deletion. | EDB PostgreSQL Advanced Server OS Linux Audit v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000385 - Audit log directories must have mode 0755 or less permissive. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-07-910055 - The Red Hat Enterprise Linux operating system must protect audit information from unauthorized read, modification, or deletion. | DISA Red Hat Enterprise Linux 7 STIG v3r9 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| SLES-12-020120 - The SUSE operating system must protect audit rules from unauthorized modification - /etc/audit/audit.rules | DISA SLES 12 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020120 - The SUSE operating system must protect audit rules from unauthorized modification - /etc/audit/rules.d/audit.rules | DISA SLES 12 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020120 - The SUSE operating system must protect audit rules from unauthorized modification - /var/log/audit | DISA SLES 12 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020120 - The SUSE operating system must protect audit rules from unauthorized modification - /var/log/audit/audit.log | DISA SLES 12 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020120 - The SUSE operating system must protect audit rules from unauthorized modification - chkstat | DISA SLES 12 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020100 - Audit log directories must have a mode of 0750 or less permissive to prevent unauthorized read access. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020110 - Audit logs must be owned by root to prevent unauthorized read access. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020130 - Audit log directory must be owned by root to prevent unauthorized read access. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020140 - Audit log directory must be group-owned by root to prevent unauthorized read access. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010308 - The Ubuntu operating system must be configured so that the audit log directory is not write-accessible by unauthorized users. | DISA STIG Ubuntu 18.04 LTS v2r8 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010310 - The Ubuntu operating system must ensure only authorized groups can own the audit log directory and its underlying files. | DISA STIG Ubuntu 18.04 LTS v2r8 | Unix | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000515 - Windows 10 permissions for the Application event log must prevent access by non-privileged accounts. | DISA Windows 10 STIG v2r5 | Windows | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000520 - Windows 10 permissions for the Security event log must prevent access by non-privileged accounts. | DISA Windows 10 STIG v2r5 | Windows | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000525 - Windows 10 permissions for the System event log must prevent access by non-privileged accounts. | DISA Windows 10 STIG v2r5 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000204 - Permissions for the Application event log must prevent access by nonprivileged accounts. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000204 - Permissions for the Application event log must prevent access by nonprivileged accounts. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r5 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000205 - Permissions for the Security event log must prevent access by nonprivileged accounts. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000205 - Permissions for the Security event log must prevent access by nonprivileged accounts. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r5 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000206 - Permissions for the System event log must prevent access by nonprivileged accounts. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN16-AU-000030 - Permissions for the Application event log must prevent access by non-privileged accounts. | DISA Windows Server 2016 STIG v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN16-AU-000040 - Permissions for the Security event log must prevent access by non-privileged accounts. | DISA Windows Server 2016 STIG v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN16-AU-000050 - Permissions for the System event log must prevent access by non-privileged accounts. | DISA Windows Server 2016 STIG v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN19-AU-000030 - Windows Server 2019 permissions for the Application event log must prevent access by non-privileged accounts. | DISA Windows Server 2019 STIG v2r5 | Windows | AUDIT AND ACCOUNTABILITY |
| WN19-AU-000040 - Windows Server 2019 permissions for the Security event log must prevent access by non-privileged accounts. | DISA Windows Server 2019 STIG v2r5 | Windows | AUDIT AND ACCOUNTABILITY |
| WN19-AU-000050 - Windows Server 2019 permissions for the System event log must prevent access by non-privileged accounts. | DISA Windows Server 2019 STIG v2r5 | Windows | AUDIT AND ACCOUNTABILITY |
