| 4.1.3.10 Ensure use of privileged commands is collected | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.19 Ensure audit all uses of the chsh command. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.38 Ensure audit of the su command | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| 4.1.3.40 Ensure audit all uses of the newgrp command | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| AIX7-00-002001 - AIX must produce audit records containing information to establish what the date, time, and type of events that occurred. | DISA STIG AIX 7.x v2r9 | Unix | AUDIT AND ACCOUNTABILITY |
| AMLS-NM-000190 - The Arista Multilayer Switch must produce audit log records containing sufficient information to establish what type of event occurred. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY |
| AS24-U2-000090 - The Apache web server must produce log records containing sufficient information to establish what type of events occurred. | DISA STIG Apache Server 2.4 Unix Site v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U2-000090 - The Apache web server must produce log records containing sufficient information to establish what type of events occurred. | DISA STIG Apache Server 2.4 Unix Site v2r4 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-W2-000090 - The Apache web server must produce log records containing sufficient information to establish what type of events occurred. | DISA STIG Apache Server 2.4 Windows Site v2r1 | Windows | AUDIT AND ACCOUNTABILITY |
| BIND-9X-001030 - The print-severity variable for the configuration of BIND 9.x server logs must be configured to produce audit records containing information to establish what type of events occurred. | DISA BIND 9.x STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| ESXI-65-000030 - The ESXi host must produce audit records containing information to establish what type of events occurred. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | AUDIT AND ACCOUNTABILITY |
| F5BI-AS-000039 - The BIG-IP ASM module must be configured to produce ASM Event Logs containing information to establish what type of unauthorized events occurred. | DISA F5 BIG-IP Application Security Manager STIG v2r1 | F5 | AUDIT AND ACCOUNTABILITY |
| JBOS-AS-000105 - JBoss must be configured to log the IP address of the remote system connecting to the JBoss system/cluster. | DISA RedHat JBoss EAP 6.3 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| JBOS-AS-000110 - JBoss must be configured to produce log records containing information to establish what type of events occurred. | DISA RedHat JBoss EAP 6.3 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| O112-C2-007400 - The DBMS must produce audit records containing sufficient information to establish what type of events occurred. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| O121-C2-007400 - The DBMS must produce audit records containing sufficient information to establish what type of events occurred. | DISA STIG Oracle 12c v3r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000052 - OHS must have a SSL log format defined for log records generated to capture sufficient information to establish what type of events occurred. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000154 - The operating system must produce audit records containing sufficient information to establish what type of events occurred - PROCESS_CHECK | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000339 - The FTP daemon must be configured for logging or verbose mode - 'xferlog_enable' | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030680 - The Oracle Linux operating system must audit all uses of the su command. | DISA Oracle Linux 7 STIG v2r14 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030690 - The Oracle Linux operating system must audit all uses of the sudo command. | DISA Oracle Linux 7 STIG v2r14 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030700 - The Oracle Linux operating system must audit all uses of the sudoers file and all files in the /etc/sudoers.d/ directory. | DISA Oracle Linux 7 STIG v2r14 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030710 - The Oracle Linux operating system must audit all uses of the newgrp command. | DISA Oracle Linux 7 STIG v2r14 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030720 - The Oracle Linux operating system must audit all uses of the chsh command. | DISA Oracle Linux 7 STIG v2r14 | Unix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-010400 - PostgreSQL must produce audit records containing sufficient information to establish what type of events occurred. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000010 - The Photon operating system must configure auditd to log to disk. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000010 - The Photon operating system must configure auditd to log to disk. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000154 - The operating system must produce audit records containing sufficient information to establish what type of events occurred - CHKCONFIG. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000339 - The FTP daemon must be configured for logging or verbose mode - 'log_ftp_protocol = yes'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000339 - The FTP daemon must be configured for logging or verbose mode - 'xferlog_enable = yes'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000339 - The FTP daemon must be configured for logging or verbose mode - 'xferlog_std_format = no'. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030070 - The SUSE operating system must generate audit records for all uses of the passwd command. | DISA SLES 15 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030120 - The SUSE operating system must generate audit records for all uses of the chage command. | DISA SLES 15 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030130 - The SUSE operating system must generate audit records for all uses of the crontab command. | DISA SLES 15 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030150 - The SUSE operating system must generate audit records for all uses of the creat, open, openat, open_by_handle_at, truncate, and ftruncate system calls. | DISA SLES 15 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030400 - The SUSE operating system must generate audit records for all uses of the modprobe command. | DISA SLES 15 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030490 - The SUSE operating system must generate audit records for all uses of the passmass command. | DISA SLES 15 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-15-030510 - The SUSE operating system must generate audit records for all uses of the pam_timestamp_check command. | DISA SLES 15 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SOL-11.1-010140 - Audit records must include what type of events occurred. | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010140 - Audit records must include what type of events occurred. | DISA STIG Solaris 11 SPARC v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000073 - Oracle WebLogic must produce process events and severity levels to establish what type of HTTPD-related events and severity levels occurred. | Oracle WebLogic Server 12c Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000074 - Oracle WebLogic must produce audit records containing sufficient information to establish what type of JVM-related events and severity levels occurred. | Oracle WebLogic Server 12c Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000075 - Oracle WebLogic must produce process events and security levels to establish what type of Oracle WebLogic process events and severity levels occurred. | Oracle WebLogic Server 12c Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000075 - Oracle WebLogic must produce process events and security levels to establish what type of Oracle WebLogic process events and severity levels occurred. | Oracle WebLogic Server 12c Windows v2r1 | Windows | AUDIT AND ACCOUNTABILITY |
| WBLC-02-000075 - Oracle WebLogic must produce process events and security levels to establish what type of Oracle WebLogic process events and severity levels occurred. | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000555 - Windows 10 must be configured to audit Other Policy Change Events Failures. | DISA Windows 10 STIG v3r2 | Windows | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000560 - Windows 10 must be configured to audit other Logon/Logoff Events Successes. | DISA Windows 10 STIG v3r2 | Windows | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000565 - Windows 10 must be configured to audit other Logon/Logoff Events Failures. | DISA Windows 10 STIG v3r2 | Windows | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000575 - Windows 10 must be configured to audit MPSSVC Rule-Level Policy Change Successes. | DISA Windows 10 STIG v3r2 | Windows | AUDIT AND ACCOUNTABILITY |
| WN10-AU-000580 - Windows 10 must be configured to audit MPSSVC Rule-Level Policy Change Failures. | DISA Windows 10 STIG v3r2 | Windows | AUDIT AND ACCOUNTABILITY |
