| 1.58 WN22-AU-000020 | CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 1.280 OL08-00-030710 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | AUDIT AND ACCOUNTABILITY |
| 1.281 OL08-00-030720 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.3 Ensure audit system is set to single when the disk is full. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.6 Ensure audit system action is defined for sending errors | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.8 Ensure audit logs are stored on a different system. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.9 Ensure audit logs on separate system are encrypted. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.11 Ensure off-load of audit logs - direction | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.11 Ensure off-load of audit logs - path | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.11 Ensure off-load of audit logs - type | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.12 Ensure action is taken when audisp-remote buffer is full | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.13 Ensure off-loaded audit logs are labeled. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-052380 - AlmaLinux OS 9 must take appropriate action when the internal event queue is full. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-053150 - The rsyslog service on AlmaLinux OS 9 must be active. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AZLX-23-002025 - Amazon Linux 2023 must label all off-loaded audit logs before sending them to the central log server. | DISA Amazon Linux 2023 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| AZLX-23-002030 - Amazon Linux 2023 must take appropriate action when the internal event queue is full. | DISA Amazon Linux 2023 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| AZLX-23-002060 - Amazon Linux 2023 must be configured to off-load audit records onto a different system from the system being audited via syslog. | DISA Amazon Linux 2023 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| AZLX-23-002080 - Amazon Linux 2023 must be configured to off-load audit records onto a different system from the system being audited via syslog. | DISA Amazon Linux 2023 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Off-Load Audit Records | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Off-Load Audit Records | NIST macOS Catalina v1.5.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| EPAS-00-013000 - The EDB Postgres Advanced Server must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| ESXI-80-000233 - The ESXi host must off-load audit records via syslog. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-80-000233 - The ESXi host must off-load audit records via syslog. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | AUDIT AND ACCOUNTABILITY |
| ESXi: esxi-8.logs-audit-remote | VMware vSphere Security Configuration and Hardening Guide | VMware | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000110 - The FortiGate device must off-load audit records on to a different system or media than the system being audited. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| MADB-10-012400 - MariaDB must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems. | DISA MariaDB Enterprise 10.x v2r4 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| Monterey - Off-Load Audit Records | NIST macOS Monterey v1.0.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| O19C-00-005800 - Oracle Database must off-load audit data to a separate log management facility; this must be continuous and in near-real-time for systems with a network connection to the storage facility, and weekly or more often for stand-alone systems. | DISA Oracle Database 19c STIG v1r5 OracleDB | OracleDB | AUDIT AND ACCOUNTABILITY |
| O19C-00-005800 - Oracle Database must off-load audit data to a separate log management facility; this must be continuous and in near-real-time for systems with a network connection to the storage facility, and weekly or more often for stand-alone systems. | DISA Oracle Database 19c STIG v1r3 OracleDB | OracleDB | AUDIT AND ACCOUNTABILITY |
| OL08-00-030062 - OL 8 must label all offloaded audit logs before sending them to the central log server. | DISA Oracle Linux 8 STIG v2r8 | Unix | AUDIT AND ACCOUNTABILITY |
| OS10-NDM-000970 - The Dell OS10 Switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO). | DISA Dell OS10 Switch NDM STIG v1r1 | Dell_OS10 | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030062 - RHEL 8 must label all off-loaded audit logs before sending them to the central log server. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030720 - RHEL 8 must authenticate the remote logging server for off-loading audit logs. | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-652040 - RHEL 9 must authenticate the remote logging server for offloading audit logs via rsyslog. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-200645 - RHEL 10 must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited via rsyslog. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-200662 - RHEL 10 must have the "audispd-plugins" package installed. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-500115 - RHEL 10 must take appropriate action when the internal event queue is full. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SLEM-05-653045 - Audispd must take appropriate action when SLEM 5 audit storage is full. | DISA SUSE Linux Enterprise Micro SLEM 5 STIG v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-010580 - The SUSE operating system must off-load rsyslog messages for networked systems in real time and off-load standalone systems at least weekly. | DISA SUSE Linux Enterprise Server 15 STIG v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030670 - The audit-audispd-plugins must be installed on the SUSE operating system. | DISA SUSE Linux Enterprise Server 15 STIG v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - enable | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - Syslog IP | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| vCenter: vcenter-8.events-remote-logging | VMware vSphere Security Configuration and Hardening Guide | VMware | AUDIT AND ACCOUNTABILITY |
| vCenter: vcenter-8.vami-syslog | VMware vSphere Security Configuration and Hardening Guide | VMware | AUDIT AND ACCOUNTABILITY |
| VCLU-80-000081 The vCenter Lookup service must offload log records onto a different system or media from the system being logged. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCPF-80-000081 The vCenter Perfcharts service must offload log records onto a different system or media from the system being logged. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCSA-70-000148 - The vCenter Server must be configured to send logs to a central log server. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | AUDIT AND ACCOUNTABILITY |
| VCUI-80-000081 The vCenter UI service must offload log records onto a different system or media from the system being logged. | DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WN22-AU-000020 - Windows Server 2022 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | AUDIT AND ACCOUNTABILITY |
| WN25-AU-000020 - Windows Server 2025 must, at a minimum, off-load audit records of interconnected systems in real time and off-load stand-alone or nondomain-joined systems weekly. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | AUDIT AND ACCOUNTABILITY |
