| 9.1.5 (L1) Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.1.7 (L1) Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.1.8 (L1) Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.2.5 (L1) Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\privatefw.log' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.2.7 (L1) Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.2.8 (L1) Ensure 'Windows Firewall: Private: Logging: Log successful connections' is set to 'Yes' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.3.7 (L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.3.9 (L1) Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.3.10 (L1) Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 17.9.4 (L1) Ensure 'Audit Security System Extension' is set to include 'Success' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 17.9.5 (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 18.4.13 (L1) Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| APPL-11-001012 - The macOS system must be configured with audit log files owned by root. | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001015 - The macOS system must be configured with audit log folders group-owned by wheel. | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-12-001014 - The macOS system must be configured with audit log files group-owned by wheel. | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Catalina v1.5.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| Catalina - Configure Audit Log Folder to Not Contain Access Control Lists | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| EPAS-00-002600 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized read access. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| EPAS-00-002700 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized modification. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| EX19-MB-000053 Exchange must protect audit data against unauthorized access. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | AUDIT AND ACCOUNTABILITY |
| GEN002716 - System audit tool executables must be group-owned by bin, sys, or system - '/usr/sbin/auditmerge' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002716 - System audit tool executables must be group-owned by bin, sys, or system - '/usr/sbin/auditpr' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002716 - System audit tool executables must be group-owned by bin, sys, or system - '/usr/sbin/auditstream' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002717 - System audit tool executables must have mode 0750 or less permissive - '/usr/sbin/auditbin' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002717 - System audit tool executables must have mode 0750 or less permissive - '/usr/sbin/auditbin' - suid | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002717 - System audit tool executables must have mode 0750 or less permissive - '/usr/sbin/auditcat' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002717 - System audit tool executables must have mode 0750 or less permissive - '/usr/sbin/auditcat' - suid | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002717 - System audit tool executables must have mode 0750 or less permissive - '/usr/sbin/auditmerge' - umask | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002718 - System audit tool executables must not have extended ACLs - '/usr/sbin/auditbin' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002718 - System audit tool executables must not have extended ACLs - '/usr/sbin/auditstream' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000190 - The Juniper EX switch must be configured to protect audit information from unauthorized modification. | DISA Juniper EX Series Network Device Management v2r1 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000210 - The Juniper EX switch must be configured to protect audit tools from unauthorized access. | DISA Juniper EX Series Network Device Management v2r1 | Juniper | AUDIT AND ACCOUNTABILITY |
| MADB-10-002100 - The audit information produced by MariaDB must be protected from unauthorized modification. | DISA MariaDB Enterprise 10.x v2r1 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MADB-10-002300 - MariaDB must protect its audit features from unauthorized access. | DISA MariaDB Enterprise 10.x v2r1 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-013600 - SQL Server must protect audit information from any type of unauthorized access. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | AUDIT AND ACCOUNTABILITY |
| SQL2-00-013700 - SQL Server must protect audit information from unauthorized modification. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | AUDIT AND ACCOUNTABILITY |
| UBTU-22-653060 - Ubuntu 22.04 LTS must be configured so that the audit log directory is not write-accessible by unauthorized users. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000740 - The WebSphere Application Server must be configured to protect log information from any type of unauthorized read access. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000750 - The WebSphere Application Server must protect log information from unauthorized modification. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000780 - The WebSphere Application Server wsadmin file must be protected from unauthorized modification. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000790 - The WebSphere Application Server wsadmin file must be protected from unauthorized deletion. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000790 - The WebSphere Application Server wsadmin file must be protected from unauthorized deletion. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000790 - The WebSphere Application Server wsadmin file must be protected from unauthorized deletion. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\system32\inetsrv\oblt-log.log | DISA STIG IIS 6.0 Server v6r16 | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| WG300 IIS6 - Web server system files must conform to minimum file permission requirements. - '\system32\inetsrv\oblt-undone.lob | DISA STIG IIS 6.0 Server v6r16 | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| WG300 W22 - Web server system files must conform to minimum file permission requirements. - 'logs' | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
