Item Search

NameAudit NamePluginCategory
3.200 - The system must be configured to use the au-remote plugin.Tenable Fedora Linux Best Practices v2.0.0Unix

AUDIT AND ACCOUNTABILITY

3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - directionTenable Fedora Linux Best Practices v2.0.0Unix

AUDIT AND ACCOUNTABILITY

3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - pathTenable Fedora Linux Best Practices v2.0.0Unix

AUDIT AND ACCOUNTABILITY

3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - typeTenable Fedora Linux Best Practices v2.0.0Unix

AUDIT AND ACCOUNTABILITY

3.0210 - The system must take appropriate action when the audisp-remote buffer is full.Tenable Fedora Linux Best Practices v2.0.0Unix

AUDIT AND ACCOUNTABILITY

3.0211 - The system must label all off-loaded audit logs before sending them to the central log server.Tenable Fedora Linux Best Practices v2.0.0Unix

AUDIT AND ACCOUNTABILITY

Big Sur - Off-Load Audit RecordsNIST macOS Big Sur v1.4.0 - All ProfilesUnix

AUDIT AND ACCOUNTABILITY

CASA-ND-001260 - The Cisco ASA must be configured to offload audit records onto a different system or media than the system being audited - logging trapDISA STIG Cisco ASA NDM v1r1Cisco
CASA-ND-001410 - The Cisco ASA must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to organization-defined personnel and/or the firewall administrator - logging trapDISA STIG Cisco ASA NDM v1r5Cisco
Catalina - Off-Load Audit RecordsNIST macOS Catalina v1.5.0 - All ProfilesUnix

AUDIT AND ACCOUNTABILITY

MADB-10-012400 - MariaDB must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.DISA MariaDB Enterprise 10.x v1r2 DBMySQLDB
Monterey - Off-Load Audit RecordsNIST macOS Monterey v1.0.0 - All ProfilesUnix

AUDIT AND ACCOUNTABILITY

MYS8-00-009700 - The MySQL Database Server 8.0 must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.DISA Oracle MySQL 8.0 v1r4 DBMySQLDB
OL08-00-030720 - OL 8 must authenticate the remote logging server for offloading audit logs.DISA Oracle Linux 8 STIG v1r1Unix
OL08-00-030720 - OL 8 must authenticate the remote logging server for offloading audit logs.DISA Oracle Linux 8 STIG v1r2Unix
RHEL-08-030062 - RHEL 8 must label all off-loaded audit logs before sending them to the central log server.DISA Red Hat Enterprise Linux 8 STIG v1r1Unix
RHEL-08-030062 - RHEL 8 must label all off-loaded audit logs before sending them to the central log server.DISA Red Hat Enterprise Linux 8 STIG v1r8Unix
RHEL-08-030690 - The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited.DISA Red Hat Enterprise Linux 8 STIG v1r1Unix
RHEL-08-030690 - The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited.DISA Red Hat Enterprise Linux 8 STIG v1r11Unix
RHEL-08-030690 - The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited.DISA Red Hat Enterprise Linux 8 STIG v1r3Unix
RHEL-08-030690 - The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited.DISA Red Hat Enterprise Linux 8 STIG v1r5Unix
RHEL-08-030700 - RHEL 8 must take appropriate action when the internal event queue is full.DISA Red Hat Enterprise Linux 8 STIG v1r3Unix
RHEL-08-030710 - RHEL 8 must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited - DefaultNetstreamDriverDISA Red Hat Enterprise Linux 8 STIG v1r6Unix
RHEL-08-030710 - RHEL 8 must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited - DefaultNetstreamDriverDISA Red Hat Enterprise Linux 8 STIG v1r9Unix
RHEL-08-030720 - RHEL 8 must authenticate the remote logging server for off-loading audit logs.DISA Red Hat Enterprise Linux 8 STIG v1r1Unix
RHEL-08-030720 - RHEL 8 must authenticate the remote logging server for off-loading audit logs.DISA Red Hat Enterprise Linux 8 STIG v1r7Unix
RHEL-08-030720 - RHEL 8 must authenticate the remote logging server for off-loading audit logs.DISA Red Hat Enterprise Linux 8 STIG v1r9Unix
RHEL-09-652040 - RHEL 9 must authenticate the remote logging server for offloading audit logs via rsyslog.DISA Red Hat Enterprise Linux 9 STIG v1r1Unix
RHEL-09-652040 - RHEL 9 must authenticate the remote logging server for offloading audit logs via rsyslog.DISA Red Hat Enterprise Linux 9 STIG v1r2Unix
RHEL-09-652045 - RHEL 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.DISA Red Hat Enterprise Linux 9 STIG v1r1Unix
RHEL-09-652050 - RHEL 9 must encrypt via the gtls driver the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.DISA Red Hat Enterprise Linux 9 STIG v1r1Unix
RHEL-09-653065 - RHEL 9 must take appropriate action when the internal event queue is full.DISA Red Hat Enterprise Linux 9 STIG v1r1Unix
RHEL-09-653130 - RHEL 9 audispd-plugins package must be installed.DISA Red Hat Enterprise Linux 9 STIG v1r1Unix
SLES-15-010580 - The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly.DISA SLES 15 STIG v1r10Unix
SLES-15-030670 - The audit-audispd-plugins must be installed on the SUSE operating system - audit-audispd-pluginsDISA SLES 15 STIG v1r6Unix
SLES-15-030670 - The audit-audispd-plugins must be installed on the SUSE operating system - audit-audispd-pluginsDISA SLES 15 STIG v1r9Unix
SLES-15-030670 - The audit-audispd-plugins must be installed on the SUSE operating system.DISA SLES 15 STIG v1r11Unix
SLES-15-030680 - The SUSE operating system audit event multiplexor must be configured to use Kerberos.DISA SLES 15 STIG v1r6Unix
SLES-15-030680 - The SUSE operating system audit event multiplexor must be configured to use Kerberos.DISA SLES 15 STIG v1r9Unix
SLES-15-030690 - Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited.DISA SLES 15 STIG v1r6Unix
SLES-15-030790 - The SUSE operating system must off-load audit records onto a different system or media from the system being audited.DISA SLES 15 STIG v1r10Unix
SLES-15-030790 - The SUSE operating system must off-load audit records onto a different system or media from the system being audited.DISA SLES 15 STIG v1r12Unix
SLES-15-030790 - The SUSE operating system must off-load audit records onto a different system or media from the system being audited.DISA SLES 15 STIG v1r9Unix
SLES-15-030800 - Audispd must take appropriate action when the SUSE operating system audit storage is full.DISA SLES 15 STIG v1r11Unix
SLES-15-030800 - Audispd must take appropriate action when the SUSE operating system audit storage is full.DISA SLES 15 STIG v1r6Unix
SPLK-CL-000150 - Splunk Enterprise must be configured to offload log records onto a different system or media than the system being audited.DISA STIG Splunk Enterprise 8.x for Linux v1r3 STIG REST APISplunk
UBTU-20-010300 - The Ubuntu operating system must have a crontab script running weekly to offload audit events of standalone systems.DISA STIG Ubuntu 20.04 LTS v1r1Unix
UBTU-20-010300 - The Ubuntu operating system must have a crontab script running weekly to offload audit events of standalone systems.DISA STIG Ubuntu 20.04 LTS v1r5Unix
VCRP-67-000009 - The rhttpproxy log files must be moved to a permanent repository in accordance with site policy.DISA STIG VMware vSphere 6.7 RhttpProxy v1r1Unix
WN22-AU-000020 - Windows Server 2022 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly.DISA Windows Server 2022 STIG v1r1Windows