| 4.1.2.3 Ensure audit system is set to single when the disk is full. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.6 Ensure audit system action is defined for sending errors | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.8 Ensure audit logs are stored on a different system. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.9 Ensure audit logs on separate system are encrypted. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.11 Ensure off-load of audit logs - direction | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.11 Ensure off-load of audit logs - path | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.11 Ensure off-load of audit logs - type | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.12 Ensure action is taken when audisp-remote buffer is full | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.13 Ensure off-loaded audit logs are labeled. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Off-Load Audit Records | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| CASA-ND-001260 - The Cisco ASA must be configured to offload audit records onto a different system or media than the system being audited - logging host | DISA STIG Cisco ASA NDM v1r6 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-ND-001260 - The Cisco ASA must be configured to offload audit records onto a different system or media than the system being audited - logging trap | DISA STIG Cisco ASA NDM v1r6 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-ND-001410 - The Cisco ASA must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to organization-defined personnel and/or the firewall administrator - logging host | DISA STIG Cisco ASA NDM v1r6 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-ND-001410 - The Cisco ASA must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to organization-defined personnel and/or the firewall administrator - logging trap | DISA STIG Cisco ASA NDM v1r6 | Cisco | AUDIT AND ACCOUNTABILITY |
| Catalina - Off-Load Audit Records | NIST macOS Catalina v1.5.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000110 - The FortiGate device must off-load audit records on to a different system or media than the system being audited. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FNFG-FW-000100 - The FortiGate firewall must send traffic log entries to a central audit server for management and configuration of the traffic log entries. | DISA Fortigate Firewall STIG v1r3 | FortiGate | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000600 - The Juniper EX switch must be configured to offload audit records onto a different system or media than the system being audited. | DISA Juniper EX Series Network Device Management v1r4 | Juniper | AUDIT AND ACCOUNTABILITY |
| Monterey - Off-Load Audit Records | NIST macOS Monterey v1.0.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030690 - The OL 8 audit records must be offloaded onto a different system or storage media from the system being audited. | DISA Oracle Linux 8 STIG v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030700 - OL 8 must take appropriate action when the internal event queue is full. | DISA Oracle Linux 8 STIG v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030710 - OL 8 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited. | DISA Oracle Linux 8 STIG v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030720 - OL 8 must authenticate the remote logging server for offloading audit logs. | DISA Oracle Linux 8 STIG v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030062 - RHEL 8 must label all off-loaded audit logs before sending them to the central log server. | DISA Red Hat Enterprise Linux 8 STIG v1r13 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030690 - The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited. | DISA Red Hat Enterprise Linux 8 STIG v1r13 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030700 - RHEL 8 must take appropriate action when the internal event queue is full. | DISA Red Hat Enterprise Linux 8 STIG v1r13 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030710 - RHEL 8 must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited. | DISA Red Hat Enterprise Linux 8 STIG v1r13 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030720 - RHEL 8 must authenticate the remote logging server for off-loading audit logs. | DISA Red Hat Enterprise Linux 8 STIG v1r13 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-010580 - The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly. | DISA SLES 15 STIG v1r12 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030670 - The audit-audispd-plugins must be installed on the SUSE operating system. | DISA SLES 15 STIG v1r12 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030680 - The SUSE operating system audit event multiplexor must be configured to use Kerberos. | DISA SLES 15 STIG v1r12 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030690 - Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited. | DISA SLES 15 STIG v1r12 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030790 - The SUSE operating system must off-load audit records onto a different system or media from the system being audited. | DISA SLES 15 STIG v1r12 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030800 - Audispd must take appropriate action when the SUSE operating system audit storage is full. | DISA SLES 15 STIG v1r12 | Unix | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000150 - Splunk Enterprise must be configured to offload log records onto a different system or media than the system being audited. | DISA STIG Splunk Enterprise 8.x for Linux v1r5 STIG REST API | Splunk | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000210 - Symantec ProxySG must use a centralized log server. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000220 - Symantec ProxySG must be configured to send the access logs to the centralized log server continuously. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - enable | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - Syslog IP | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010216 - The Ubuntu operating system audit event multiplexor must be configured to off-load audit logs onto a different system or storage media from the system being audited. | DISA STIG Ubuntu 20.04 LTS v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010300 - The Ubuntu operating system must have a crontab script running weekly to offload audit events of standalone systems. | DISA STIG Ubuntu 20.04 LTS v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| VCFL-67-000027 - Rsyslog must be configured to monitor and ship vSphere Client log files - access | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCFL-67-000027 - Rsyslog must be configured to monitor and ship vSphere Client log files - runtime | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCRP-67-000009 - The rhttpproxy log files must be moved to a permanent repository in accordance with site policy. | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCRP-70-000007 - Envoy (rhttpproxy) log files must be shipped via syslog to a central log server. | DISA STIG VMware vSphere 7.0 RhttpProxy v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCRP-70-000008 - Envoy log files must be shipped via syslog to a central log server | DISA STIG VMware vSphere 7.0 RhttpProxy v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCSA-70-000148 - The vCenter Server must be configured to send logs to a central log server. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | AUDIT AND ACCOUNTABILITY |
| VCSA-70-000280 - The vCenter server must be configured to send events to a central log server. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | AUDIT AND ACCOUNTABILITY |
| WN22-AU-000010 - Windows Server 2022 audit records must be backed up to a different system or media than the system being audited. | DISA Windows Server 2022 STIG v1r4 | Windows | AUDIT AND ACCOUNTABILITY |
| WN22-AU-000020 - Windows Server 2022 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly. | DISA Windows Server 2022 STIG v1r4 | Windows | AUDIT AND ACCOUNTABILITY |
