| 1.4.2 Set 'buffer size' | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.4.6 Set logging timestamps | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.10.6 Ensure 'logging with timestamps' is enabled | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.10.7 Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb) | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.2.2 Set 'buffer size' for 'logging buffered' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.2.7 Set 'logging source interface' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 4.1 Ensure 'Receive connector: Configure protocol logging' is set to 'Verbose' | CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 4.1.3.1 Ensure events that modify date and time information are collected - auditctl /etc/localtime | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.1 Ensure events that modify date and time information are collected - auditctl adjtimex (32-bit) | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.1 Ensure events that modify date and time information are collected - auditctl adjtimex (64-bit) | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.1 Ensure events that modify date and time information are collected - auditctl adjtimex (64-bit) | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.1 Ensure events that modify date and time information are collected - auditctl clock_settime (32-bit) | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.1 Ensure events that modify date and time information are collected - auditctl clock_settime (32-bit) | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.1 Ensure events that modify date and time information are collected - auditctl clock_settime (64-bit) | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.1 Ensure events that modify date and time information are collected - auditctl clock_settime (64-bit) | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.2 Ensure system administrator command executions (sudo) are collected - 64 bit | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES (64-bit) | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM (64-bit) | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.12 Ensure discretionary access control permission modification events are collected - auditctl chmod/fchmod/fchmodat | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.12 Ensure discretionary access control permission modification events are collected - auditctl setxattr/lsetxattr/fsetxattr/removexattr | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - audit.rules b32 clock_settime | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl b32 adjtimex | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl b32 clock_settime | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl time-change | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - /etc/passwd | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/passwd | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/selinux/ | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - b32 setxattr | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - b32 EPERM | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests | CIS Microsoft Azure Foundations v3.0.0 L2 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
| 5.3.9 Ensure SSH MaxAuthTries is set to 4 or less | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' | CIS Microsoft SQL Server 2019 v1.4.0 L1 AWS RDS | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' | CIS SQL Server 2022 Database L1 AWS RDS v1.1.0 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| 6.1.4 Ensure that logging for Azure Key Vault is 'Enabled' | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
| 6.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
| 6.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
| 6.2.10 Ensure that Activity Log Alert exists for Delete Public IP Address rule | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
| 6.3 Ensure 'log_warnings' is Set to '2' | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 7.1 Application specific logging | CIS Apache Tomcat 10 L2 v1.1.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web application | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists inin default | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web application | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in default | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in default | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in default | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production - context.xml | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
