| AIX7-00-002004 - AIX must produce audit records containing information to establish the source and the identity of any individual or process associated with an event. | DISA STIG AIX 7.x v2r9 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001003 - The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT), to generate audit records containing information to establish what type of events occurred, the identity of any individual or process associated with the event, including individual identities of group account users, establish where the events occurred, source of the event, and outcome of the events including all account enabling actions, full-text recording of privileged commands, and information about the use of encryption for access wireless access to and from the system. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| APPL-12-001003 - The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT), in order to generate audit records containing information to establish what type of events occurred, the identity of any individual or process associated with the event, including individual identities of group account users, establish where the events occurred, source of the event, and outcome of the events including all account enabling actions, full-text recording of privileged commands, and information about the use of encryption for access wireless access to and from the system. | DISA STIG Apple macOS 12 v1r8 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| APPL-13-001003 - The macOS system must produce audit records containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions. | DISA STIG Apple macOS 13 v1r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| ARST-ND-000790 - The Arista network device must be configured to capture all DOD auditable events. | DISA STIG Arista MLS EOS 4.2x NDM v1r1 | Arista | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events - log_config_module | DISA STIG Apache Server 2.4 Unix Server v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events - log_config_module | DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events - LogFormat | DISA STIG Apache Server 2.4 Unix Server v2r6 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events - LogFormat | DISA STIG Apache Server 2.4 Unix Server v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000090 - The Apache web server must produce log records containing sufficient information to establish what type of events occurred. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W2-000090 - The Apache web server must produce log records containing sufficient information to establish what type of events occurred. | DISA STIG Apache Server 2.4 Windows Site v2r1 | Windows | AUDIT AND ACCOUNTABILITY |
| CNTR-K8-000700 - Kubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event. | DISA STIG Kubernetes v1r11 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| EP11-00-001200 - The EDB Postgres Advanced Server must generate audit records for DoD-defined auditable events. | EDB PostgreSQL Advanced Server v11 DB Audit v2r2 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| IIST-SI-000210 - The IIS 10.0 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event. | DISA IIS 10.0 Site v2r9 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000111 - The IIS 10.0 web server must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event. | DISA IIS 10.0 Server v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SI-000210 - The IIS 8.5 website must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event. | DISA IIS 8.5 Site v2r9 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SV-000111 - The IIS 8.5 web server must produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event. | DISA IIS 8.5 Server v2r7 | Windows | AUDIT AND ACCOUNTABILITY |
| O112-C2-007900 - The DBMS must produce audit records containing sufficient information to establish the identity of any user/subject or process associated with the event. | DISA STIG Oracle 11.2g v2r3 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| O121-C2-007900 - The DBMS must produce audit records containing sufficient information to establish the identity of any user/subject or process associated with the event. | DISA STIG Oracle 12c v2r8 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000069 - OHS must have a log format defined to produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000070 - OHS must have a SSL log format defined to produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000071 - OHS must have a log file defined for each site/virtual host to produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000145 - The operating system must produce audit records containing sufficient information to establish the identity of any user/subject associated with the event - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000145 - The operating system must produce audit records containing sufficient information to establish the identity of any user/subject associated with the event - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030000 - The Oracle Linux operating system must be configured so that auditing is configured to produce records containing information to establish what type of events occurred, where the events occurred, the source of the events, and the outcome of the events. These audit records must also identify individual identities of group account users. | DISA Oracle Linux 7 STIG v2r14 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| PGS9-00-007800 - PostgreSQL must produce audit records containing sufficient information to establish the identity of any user/subject or process associated with the event. | DISA STIG PostgreSQL 9.x on RHEL DB v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000013 - The Photon operating system must have the auditd service running. | DISA STIG VMware vSphere 7.0 Photon OS v1r2 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| PHTN-67-000018 - The Photon operating system must have the auditd service running. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| PPS9-00-002100 - The EDB Postgres Advanced Server must produce audit records containing sufficient information to establish the identity of any user/subject or process associated with the event. | EDB PostgreSQL Advanced Server DB Audit v2r2 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000145 - The operating system must produce audit records containing sufficient information to establish the identity of any user/subject associated with the event - 'CHKCONFIG'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000145 - The operating system must produce audit records containing sufficient information to establish the identity of any user/subject associated with the event - 'PROCESS_CHECK'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010040 - The audit system must produce records containing sufficient information to establish the identity of any user/subject associated with the event. | DISA STIG Solaris 11 X86 v2r9 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010040 - The audit system must produce records containing sufficient information to establish the identity of any user/subject associated with the event. | DISA STIG Solaris 11 SPARC v2r9 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL4-00-012300 - SQL Server must produce Trace or Audit records containing sufficient information to establish the identity of any user/subject associated with the event. | DISA STIG SQL Server 2014 Instance DB Audit v2r3 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| TCAT-AS-000180 - AccessLogValve must be configured per each virtual host. | DISA STIG Apache Tomcat Application Server 9 v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| TCAT-AS-000180 - AccessLogValve must be configured per each virtual host. | DISA STIG Apache Tomcat Application Server 9 v2r6 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000005 - ESX Agent Manager must record user access in a format that enables monitoring of remote access. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| VCEM-70-000005 - ESX Agent Manager must record user access in a format that enables monitoring of remote access. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| VCFL-67-000009 - vSphere Client must record user access in a format that enables monitoring of remote access. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| VCLD-67-000006 - VAMI must produce log records containing sufficient information to establish what type of events occurred. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLD-70-000006 - VAMI must produce log records containing sufficient information to establish what type of events occurred. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLU-70-000005 - Lookup Service must record user access in a format that enables monitoring of remote access. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| VCPF-67-000005 - Performance Charts must record user access in a format that enables monitoring of remote access. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| VCPF-70-000005 - Performance Charts must record user access in a format that enables monitoring of remote access. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| VCPG-70-000002 - VMware Postgres log files must contain required fields. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCST-67-000005 - The Security Token Service must record user access in a format that enables monitoring of remote access. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| VCST-70-000005 - The Security Token Service must record user access in a format that enables monitoring of remote access. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| VCUI-67-000005 - vSphere UI must record user access in a format that enables monitoring of remote access. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| VCUI-70-000005 - vSphere UI must record user access in a format that enables monitoring of remote access. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WBLC-02-000080 - Oracle WebLogic must produce audit records containing sufficient information to establish the identity of any user/subject or process associated with the event. | Oracle WebLogic Server 12c Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
