| 1.10 Audit Docker files and directories - docker.service | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.11 Audit Docker files and directories - docker.socket | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.12 Audit Docker files and directories - docker.service | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.17 Audit Docker files and directories - /etc/sysconfig/docker-storage | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 1.18 Audit Docker files and directories - /etc/default/docker | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.3 Ensure SNMP traps is enabled - authorizationError | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 2.2.3 Set 'logging console critical' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.6.3 Ensure cplogs is set to on | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 3.1 Enable security auditing | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.12 Set administrative notification level | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Configure Security Auditing Flags - 'audit successful/failed login/logout events' | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Configure Security Auditing Flags per local organizational requirements - 'audit successful/failed file attribute modification events' | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.6 Ensure Firewall is configured to log | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure file deletion events by users are collected - auditctl | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure file deletion events by users are collected - b64 | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_inetd_connect : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_SOCKCONNECT : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_FACLSET : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_FCHMOD : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_FCHOWN : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_FCHOWN : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_FCHROOT : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETEGID : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETEUID : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETPGID : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETREGID : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - active audit policies = argv,cnt,zonename | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - active user flags = cis,ex,aa,ua,as,ss,lo,ft | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit condition = auditing | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit_binfile (active) | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - not_terminated | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.7 Enable cron Logging - Check if CRONLOG is set to yes in /etc/default/cron. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.9 Enable Kernel Level Auditing - Check audit condition is set to auditing | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.5 Ensure Cloudwatch Log Group is created for App Tier | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 8.1.1.3 Keep All Auditing Information | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.4 Record Events That Modify Date and Time Information - 64 bit clock_settime | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.5 Record Events That Modify User/Group Information - /etc/group | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.6 Record Events That Modify the System's Network Environment - /etc/hosts | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.6 Record Events That Modify the System's Network Environment - /etc/issue.net | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.8 Collect Login and Logout Events - /var/log/faillog | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.10 Collect Discretionary Access Control Permission Modification Events - 32 bit setxattr | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.10 Collect Discretionary Access Control Permission Modification Events - 64 bit chmod | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.11 Collect Unsuccessful Unauthorized Access Attempts to Files - 64 bit EPERM | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.12 Collect Use of Privileged Commands | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.15 Collect Changes to System Administration Scope (sudoers) | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.2.4 Create and Set Permissions on rsyslog Log Files - created | CIS Debian Linux 7 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 9.3.2 Set LogLevel to INFO | CIS Debian Linux 7 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| IBM i : Auditing Control (QAUDCTL) - '!= *NONE' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | AUDIT AND ACCOUNTABILITY |
| IBM i : Auditing Level (QAUDLVL2) - '*SECURITY' | IBM System i Security Reference for V7R2 | AS/400 | AUDIT AND ACCOUNTABILITY |
| User Authentication Security - Centralized authentication - Configure accounting to trace activity and usage - Radius | Juniper Hardening JunOS 12 Devices Checklist | Juniper | AUDIT AND ACCOUNTABILITY |
