| 4.1.4.1 Ensure Audit logs are owned by root and mode 0600 or less permissive | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| AIX7-00-002013 - Audit logs on the AIX system must be owned by root. | DISA STIG AIX 7.x v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| AIX7-00-002014 - Audit logs on the AIX system must be group-owned by system. | DISA STIG AIX 7.x v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| AIX7-00-002015 - Audit logs on the AIX system must be set to 660 or less permissive. | DISA STIG AIX 7.x v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-13-000336 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-14-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001017 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-000030 - The macOS system must configure audit log files to not contain access control lists. | DISA Apple macOS 14 (Sonoma) STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-000031 - The macOS system must configure audit log folders to not contain access control lists. | DISA Apple macOS 14 (Sonoma) STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001012 - The macOS system must configure audit log files to be owned by root. | DISA Apple macOS 14 (Sonoma) STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001013 - The macOS system must configure audit log folders to be owned by root. | DISA Apple macOS 14 (Sonoma) STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001014 - The macOS system must configure audit log files group to wheel. | DISA Apple macOS 14 (Sonoma) STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001015 - The macOS system must configure audit log folders group to wheel. | DISA Apple macOS 14 (Sonoma) STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001016 - The macOS system must configure audit log files to mode 440 or less permissive. | DISA Apple macOS 14 (Sonoma) STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001017 - The macOS system must configure audit log folders to mode 700 or less permissive. | DISA Apple macOS 14 (Sonoma) STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-14-001140 - The macOS system must configure audit_control to not contain access control lists. | DISA Apple macOS 14 (Sonoma) STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-000030 - The macOS system must configure audit log files to not contain access control lists (ACLs). | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-000031 - The macOS system must configure the audit log folder to not contain access control lists (ACLs). | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-001012 - The macOS system must configure audit log files to be owned by root. | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-001013 - The macOS system must configure audit log folders to be owned by root. | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-001014 - The macOS system must configure the audit log files group to wheel. | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-001015 - The macOS system must configure the audit log folders group to wheel. | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-001016 - The macOS system must configure audit log files to mode 440 or less permissive. | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-001017 - The macOS system must configure audit log folders to mode 700 or less permissive. | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-15-001110 - The macOS system must configure audit_control group to wheel. | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| ARST-ND-000850 - The Arista network Arista device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000390 - The Cisco router must be configured to protect audit information from unauthorized deletion. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000390 - The Cisco router must be configured to protect audit information from unauthorized deletion. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000390 - The Cisco switch must be configured to protect audit information from unauthorized deletion. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000390 - The Cisco switch must be configured to protect audit information from unauthorized deletion. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| DB2X-00-002400 - The audit information produced by DB2 must be protected from unauthorized deletion | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows | Windows | AUDIT AND ACCOUNTABILITY |
| DB2X-00-002400 - The audit information produced by DB2 must be protected from unauthorized deletion | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| EX13-EG-000065 - Exchange audit data must be protected against unauthorized access for deletion. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | AUDIT AND ACCOUNTABILITY |
| EX13-MB-000075 - Exchange must protect audit data against unauthorized deletion. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| EX16-ED-000130 - Exchange audit data must be protected against unauthorized access for deletion. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | AUDIT AND ACCOUNTABILITY |
| F5BI-DM-000077 - The BIG-IP appliance must be configured to protect audit information from unauthorized deletion. | DISA F5 BIG-IP Device Management STIG v2r3 | F5 | AUDIT AND ACCOUNTABILITY |
| F5BI-LT-000059 - The BIG-IP Core implementation must be configured to protect audit information from unauthorized deletion. | DISA F5 BIG-IP Local Traffic Manager STIG v2r3 | F5 | AUDIT AND ACCOUNTABILITY |
| JBOS-AS-000175 - File permissions must be configured to protect log information from unauthorized deletion. | DISA JBoss EAP 6.3 STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-910055 - The Oracle Linux operating system must protect audit information from unauthorized read, modification, or deletion. | DISA Oracle Linux 7 STIG v3r1 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-07-910055 - The Red Hat Enterprise Linux operating system must protect audit information from unauthorized read, modification, or deletion. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-653080 - RHEL 9 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-654270 - RHEL 9 audit system must protect logon UIDs from unauthorized change. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000190 - Splunk Enterprise installation directories must be secured. | DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG OS | Unix | AUDIT AND ACCOUNTABILITY |
| TCAT-AS-000380 - Jar files in the $CATALINA_HOME/bin/ folder must have their permissions set to 640. | DISA STIG Apache Tomcat Application Server 9 v3r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| VCLD-67-000011 - VAMI log files must only be accessible by privileged users - access.log | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLU-80-000025 The vCenter Lookup service logs folder permissions must be set correctly. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCUI-70-000007 - vSphere UI log files must only be accessible by privileged users. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WN22-UR-000170 - Windows Server 2022 manage auditing and security log user right must only be assigned to the Administrators group. | DISA Windows Server 2022 STIG v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
