| AOSX-13-000605 - The macOS system must not use telnet. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-11-001001 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions. | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-11-001001 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-12-001001 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-13-001001 - The macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all nonlocal maintenance and diagnostic sessions. | DISA STIG Apple macOS 13 v1r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-14-000054 - The macOS system must limit SSHD to FIPS-compliant connections. | DISA Apple macOS 14 (Sonoma) STIG v2r2 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-000054 - The macOS system must limit SSHD to FIPS-compliant connections. | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-001020 - The macOS system must be configured to audit all deletions of object attributes. | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-15-001021 - The macOS system must be configured to audit all changes of object attributes. | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-15-001022 - The macOS system must be configured to audit all failed read actions on the system. | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| APPL-15-001023 - The macOS system must be configured to audit all failed write actions on the system. | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL07-00-040110 - The Oracle Linux 7 operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections. | DISA Oracle Linux 7 STIG v2r14 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| OL08-00-030320 - OL 8 must generate audit records for any use of the 'ssh-keysign' command. | DISA Oracle Linux 8 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030340 - OL 8 must generate audit records for any use of the 'pam_timestamp_check' command. | DISA Oracle Linux 8 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030350 - OL 8 must generate audit records for any use of the 'newgrp' command. | DISA Oracle Linux 8 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030361 - OL 8 must generate audit records for any use of the 'rename', 'unlink', 'rmdir', 'renameat', and 'unlinkat' system calls. | DISA Oracle Linux 8 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030390 - OL 8 must generate audit records for any use of the delete_module syscall. | DISA Oracle Linux 8 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030400 - OL 8 must generate audit records for any use of the 'crontab' command. | DISA Oracle Linux 8 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030410 - OL 8 must generate audit records for any use of the 'chsh' command. | DISA Oracle Linux 8 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030550 - OL 8 must generate audit records for any use of the 'sudo' command. | DISA Oracle Linux 8 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030680 - The Red Hat Enterprise Linux operating system must audit all uses of the su command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030690 - The Red Hat Enterprise Linux operating system must audit all uses of the sudo command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030700 - The Red Hat Enterprise Linux operating system must audit all uses of the sudoers file and all files in the /etc/sudoers.d/ directory. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030710 - The Red Hat Enterprise Linux operating system must audit all uses of the newgrp command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-07-030720 - The Red Hat Enterprise Linux operating system must audit all uses of the chsh command. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-212055 - RHEL 9 must enable auditing of processes that start prior to the audit daemon. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020360 - Successful/unsuccessful uses of the su command must generate an audit record. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020370 - Successful/unsuccessful uses of the chfn command must generate an audit record. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020380 - Successful/unsuccessful uses of the mount command must generate an audit record - b64 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020460 - The audit system must be configured to audit any usage of the setxattr system call - user b64 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020470 - The audit system must be configured to audit any usage of the lsetxattr system call - user b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020480 - The audit system must be configured to audit any usage of the fsetxattr system call - root b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020480 - The audit system must be configured to audit any usage of the fsetxattr system call - user b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020490 - The audit system must be configured to audit any usage of the removexattr system call - root b64 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020500 - The audit system must be configured to audit any usage of the lremovexattr system call - root b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020510 - The audit system must be configured to audit any usage of the fremovexattr system call - root b64 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020510 - The audit system must be configured to audit any usage of the fremovexattr system call - user b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020540 - Successful/unsuccessful uses of the fchownat command must generate an audit record - b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020560 - Successful/unsuccessful uses of the chmod command must generate an audit record - b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020590 - Successful/unsuccessful uses of the open command must generate an audit record - EACCES b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020590 - Successful/unsuccessful uses of the open command must generate an audit record - EACCES b64 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020600 - Successful/unsuccessful uses of the truncate command must generate an audit record - EACCES b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020600 - Successful/unsuccessful uses of the truncate command must generate an audit record - EPERM b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020600 - Successful/unsuccessful uses of the truncate command must generate an audit record - EPERM b64 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020610 - Successful/unsuccessful uses of the ftruncate command must generate an audit record - EPERM b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020630 - Successful/unsuccessful uses of the openat command must generate an audit record - EACCES b64 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020640 - Successful/unsuccessful uses of the open_by_handle_at command must generate an audit record - EPERM b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020700 - Successful/unsuccessful uses of the apparmor_parser command must generate an audit record. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020810 - Successful/unsuccessful uses of the crontab command must generate an audit record. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020850 - Successful/unsuccessful uses of the delete_module command must generate an audit record - b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
