| AMLS-NM-000400 - The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time - logging host | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server. | DISA STIG Apache Server 2.4 Unix Server v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server. | DISA STIG Apache Server 2.4 Windows Server v3r1 | Windows | AUDIT AND ACCOUNTABILITY |
| CASA-ND-001260 - The Cisco ASA must be configured to offload audit records onto a different system or media than the system being audited - logging host | DISA STIG Cisco ASA NDM v2r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-ND-001410 - The Cisco ASA must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to organization-defined personnel and/or the firewall administrator - logging trap | DISA STIG Cisco ASA NDM v2r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001450 - The Cisco router must be configured to send log data to at least two syslog servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO). | DISA STIG Cisco IOS-XR Router NDM v3r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001450 - The Cisco router must be configured to send log data to at least two syslog servers for the purpose of forwarding alerts to the administrators and the ISSO. | DISA STIG Cisco IOS Router NDM v3r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| ESXI-06-400004 - The VMM must off-load audit records onto a different system or media than the system being audited by configuring remote logging. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-06-500004 - The VMM must, at a minimum, off-load interconnected systems in real time and off-load standalone systems weekly by configuring remote logging. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-80-000114 The ESXi host must offload logs via syslog. | DISA VMware vSphere 8.0 ESXi STIG v2r1 | VMware | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| ESXI-80-000233 The ESXi host must off-load audit records via syslog. | DISA VMware vSphere 8.0 ESXi STIG v2r1 | VMware | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000110 - The FortiGate device must off-load audit records on to a different system or media than the system being audited. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| JUNI-ND-001300 - The Juniper router must be configured to off-load log records onto a different system than the system being audited. | DISA STIG Juniper Router NDM v3r1 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUNI-ND-001440 - The Juniper router must be configured to send log data to at least two syslog servers for the purpose of forwarding alerts to the administrators and the Information System Security Officers (ISSO) - ISSO | DISA STIG Juniper Router NDM v3r1 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUSX-AG-000057 - The Juniper SRX Services Gateway Firewall must be configured to support centralized management and configuration of the audit log. | DISA Juniper SRX Services Gateway ALG v3r1 | Juniper | AUDIT AND ACCOUNTABILITY |
| OL6-00-000137 - The operating system must support the requirement to centrally manage the content of audit records generated by organization defined information system components. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000509 - The system must forward audit records to the syslog service. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030300 - The Oracle Linux operating system must off-load audit records onto a different system or media from the system being audited. | DISA Oracle Linux 7 STIG v2r14 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030321 - The Oracle Linux operating system must be configured so that the audit system takes appropriate action when there is an error sending audit records to a remote system. | DISA Oracle Linux 7 STIG v2r14 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030710 - OL 8 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited. | DISA Oracle Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| PANW-IP-000058 - The Palo Alto Networks security platform must off-load log records to a centralized log server in real-time. | DISA STIG Palo Alto IDPS v3r1 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| PANW-NM-000128 - The Palo Alto Networks security platform must off-load audit records onto a different system or media than the system being audited - 'Log Forwarding Profile' | DISA STIG Palo Alto NDM v3r1 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| PANW-NM-000128 - The Palo Alto Networks security platform must off-load audit records onto a different system or media than the system being audited - 'Syslog Server Profiles' | DISA STIG Palo Alto NDM v3r1 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000129 - The Photon operating system must be configured to offload audit logs to a syslog server. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-07-030320 - The Red Hat Enterprise Linux operating system must be configured so that the audit system takes appropriate action when the audit storage volume is full. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030720 - RHEL 8 must authenticate the remote logging server for off-loading audit logs. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-652035 - RHEL 9 must be configured to offload audit records onto a different system from the system being audited via syslog. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-652045 - RHEL 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-652050 - RHEL 9 must encrypt via the gtls driver the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-652055 - RHEL 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| RHEL-09-653030 - RHEL 9 must allocate audit record storage capacity to store at least one week's worth of audit records. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653060 - RHEL 9 must label all offloaded audit logs before sending them to the central log server. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030680 - The SUSE operating system audit event multiplexor must be configured to use Kerberos. | DISA SLES 15 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030690 - Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited. | DISA SLES 15 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030790 - The SUSE operating system must off-load audit records onto a different system or media from the system being audited. | DISA SLES 15 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030800 - Audispd must take appropriate action when the SUSE operating system audit storage is full. | DISA SLES 15 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SYMP-AG-000210 - Symantec ProxySG must use a centralized log server. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010008 - The Ubuntu operating system must have a crontab script running weekly to off-load audit events of standalone systems. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010300 - The Ubuntu operating system must have a crontab script running weekly to offload audit events of standalone systems. | DISA STIG Ubuntu 20.04 LTS v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - firstboot | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - stdout | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLD-67-000014 - Rsyslog must be configured to monitor VAMI logs. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCRP-70-000007 - Envoy (rhttpproxy) log files must be shipped via syslog to a central log server. | DISA STIG VMware vSphere 7.0 RhttpProxy v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCSA-70-000148 - The vCenter Server must be configured to send logs to a central log server. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | AUDIT AND ACCOUNTABILITY |
| VCSA-70-000280 - The vCenter server must be configured to send events to a central log server. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | AUDIT AND ACCOUNTABILITY |
| VCSA-80-000148 The vCenter Server must be configured to send logs to a central log server. | DISA VMware vSphere 8.0 vCenter STIG v2r1 | VMware | AUDIT AND ACCOUNTABILITY |
| VCSA-80-000280 The vCenter server must be configured to send events to a central log server. | DISA VMware vSphere 8.0 vCenter STIG v2r1 | VMware | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000081 - Oracle WebLogic must provide the ability to write specified audit record content to an audit log server. | Oracle WebLogic Server 12c Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WN19-AU-000010 - Windows Server 2019 audit records must be backed up to a different system or media than the system being audited. | DISA Windows Server 2019 STIG v3r2 | Windows | AUDIT AND ACCOUNTABILITY |
