| 4.1.3.10 Ensure use of privileged commands is collected | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.19 Ensure audit all uses of the chsh command. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.38 Ensure audit of the su command | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.40 Ensure audit all uses of the newgrp command | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| AIX7-00-002001 - AIX must produce audit records containing information to establish what the date, time, and type of events that occurred. | DISA STIG AIX 7.x v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-047870 - Successful/unsuccessful uses of the umount2 system call in AlmaLinux OS 9 must generate an audit record. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| AMLS-NM-000190 - The Arista Multilayer Switch must produce audit log records containing sufficient information to establish what type of event occurred. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY |
| AS24-U2-000090 - The Apache web server must produce log records containing sufficient information to establish what type of events occurred. | DISA STIG Apache Server 2.4 Unix Site v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-W2-000090 - The Apache web server must produce log records containing sufficient information to establish what type of events occurred. | DISA Apache Server 2.4 Windows Site STIG v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| ESXI-65-000030 - The ESXi host must produce audit records containing information to establish what type of events occurred. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | AUDIT AND ACCOUNTABILITY |
| F5BI-AS-000039 - The BIG-IP ASM module must be configured to produce ASM Event Logs containing information to establish what type of unauthorized events occurred. | DISA F5 BIG-IP Application Security Manager STIG v2r2 | F5 | AUDIT AND ACCOUNTABILITY |
| JBOS-AS-000105 - JBoss must be configured to log the IP address of the remote system connecting to the JBoss system/cluster. | DISA JBoss Enterprise Application Platform 6.3 STIG v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| JBOS-AS-000110 - JBoss must be configured to produce log records containing information to establish what type of events occurred. | DISA JBoss Enterprise Application Platform 6.3 STIG v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| O112-C2-007400 - The DBMS must produce audit records containing sufficient information to establish what type of events occurred. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000050 - OHS must have a log level severity defined to produce sufficient log records to establish what type of events occurred. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000051 - OHS must have a log format defined for log records generated to capture sufficient information to establish what type of events occurred. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000052 - OHS must have a SSL log format defined for log records generated to capture sufficient information to establish what type of events occurred. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000154 - The operating system must produce audit records containing sufficient information to establish what type of events occurred - CHKCONFIG | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000154 - The operating system must produce audit records containing sufficient information to establish what type of events occurred - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000339 - The FTP daemon must be configured for logging or verbose mode - 'log_ftp_protocol' | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000339 - The FTP daemon must be configured for logging or verbose mode - 'xferlog_enable' | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000339 - The FTP daemon must be configured for logging or verbose mode - 'xferlog_std_format' | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030680 - The Oracle Linux operating system must audit all uses of the su command. | DISA Oracle Linux 7 STIG v3r5 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030690 - The Oracle Linux operating system must audit all uses of the sudo command. | DISA Oracle Linux 7 STIG v3r5 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030700 - The Oracle Linux operating system must audit all uses of the sudoers file and all files in the /etc/sudoers.d/ directory. | DISA Oracle Linux 7 STIG v3r5 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030710 - The Oracle Linux operating system must audit all uses of the newgrp command. | DISA Oracle Linux 7 STIG v3r5 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030720 - The Oracle Linux operating system must audit all uses of the chsh command. | DISA Oracle Linux 7 STIG v3r5 | Unix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-010400 - PostgreSQL must produce audit records containing sufficient information to establish what type of events occurred. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000010 - The Photon operating system must configure auditd to log to disk. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000010 - The Photon operating system must configure auditd to log to disk. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000154 - The operating system must produce audit records containing sufficient information to establish what type of events occurred - CHKCONFIG. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000154 - The operating system must produce audit records containing sufficient information to establish what type of events occurred - PROCESS_CHECK. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000339 - The FTP daemon must be configured for logging or verbose mode - 'log_ftp_protocol = yes'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000339 - The FTP daemon must be configured for logging or verbose mode - 'xferlog_enable = yes'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000339 - The FTP daemon must be configured for logging or verbose mode - 'xferlog_std_format = no'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010140 - Audit records must include what type of events occurred. | DISA Solaris 11 SPARC STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010140 - Audit records must include what type of events occurred. | DISA Solaris 11 X86 STIG v3r4 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000073 - Oracle WebLogic must produce process events and severity levels to establish what type of HTTPD-related events and severity levels occurred. | Oracle WebLogic Server 12c Linux v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000073 - Oracle WebLogic must produce process events and severity levels to establish what type of HTTPD-related events and severity levels occurred. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000073 - Oracle WebLogic must produce process events and severity levels to establish what type of HTTPD-related events and severity levels occurred. | Oracle WebLogic Server 12c Windows v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000074 - Oracle WebLogic must produce audit records containing sufficient information to establish what type of JVM-related events and severity levels occurred. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000074 - Oracle WebLogic must produce audit records containing sufficient information to establish what type of JVM-related events and severity levels occurred. | Oracle WebLogic Server 12c Linux v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000075 - Oracle WebLogic must produce process events and security levels to establish what type of Oracle WebLogic process events and severity levels occurred. | Oracle WebLogic Server 12c Linux v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000075 - Oracle WebLogic must produce process events and security levels to establish what type of Oracle WebLogic process events and severity levels occurred. | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000075 - Oracle WebLogic must produce process events and security levels to establish what type of Oracle WebLogic process events and severity levels occurred. | Oracle WebLogic Server 12c Windows v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000555 - Windows 10 must be configured to audit Other Policy Change Events Failures. | DISA Microsoft Windows 10 STIG v3r6 | Windows | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000560 - Windows 10 must be configured to audit other Logon/Logoff Events Successes. | DISA Microsoft Windows 10 STIG v3r6 | Windows | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000565 - Windows 10 must be configured to audit other Logon/Logoff Events Failures. | DISA Microsoft Windows 10 STIG v3r6 | Windows | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000570 - Windows 10 must be configured to audit Detailed File Share Failures. | DISA Microsoft Windows 10 STIG v3r6 | Windows | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000575 - Windows 10 must be configured to audit MPSSVC Rule-Level Policy Change Successes. | DISA Microsoft Windows 10 STIG v3r6 | Windows | AUDIT AND ACCOUNTABILITY |
