| 4.1.4.1 Ensure Audit logs are owned by root and mode 0600 or less permissive | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| AOSX-13-000336 - The macOS system must be configured with audit log folders set to mode 700 or less permissive. | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| ARST-ND-000850 - The Arista network Arista device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000190 - The log information from the Apache web server must be protected from unauthorized modification or deletion. | DISA STIG Apache Server 2.4 Unix Server v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-U1-000190 - The log information from the Apache web server must be protected from unauthorized modification or deletion. | DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000200 - The log information from the Apache web server must be protected from unauthorized deletion and modification. | DISA STIG Apache Server 2.4 Windows Server v3r1 | Windows | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000200 - The log information from the Apache web server must be protected from unauthorized deletion and modification. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000380 - The Cisco router must be configured to protect audit information from unauthorized modification. | DISA STIG Cisco IOS XE Router NDM v3r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000380 - The Cisco router must be configured to protect audit information from unauthorized modification. | DISA STIG Cisco IOS Router NDM v3r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000380 - The Cisco switch must be configured to protect audit information from unauthorized modification. | DISA STIG Cisco IOS Switch NDM v3r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000380 - The Cisco switch must be configured to protect audit information from unauthorized modification. | DISA STIG Cisco IOS XE Switch NDM v3r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| DB2X-00-002300 - The audit information produced by DB2 must be protected from unauthorized modification | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| DB2X-00-002300 - The audit information produced by DB2 must be protected from unauthorized modification | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows | Windows | AUDIT AND ACCOUNTABILITY |
| EP11-00-002700 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized modification. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| EX13-CA-000075 - Exchange must have Audit data protected against unauthorized modification. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | AUDIT AND ACCOUNTABILITY |
| EX13-EG-000060 - Exchange audit data must be protected against unauthorized access for modification. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | AUDIT AND ACCOUNTABILITY |
| EX13-MB-000070 - Exchange must protect audit data against unauthorized access. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| EX16-ED-000120 - Exchange audit data must be protected against unauthorized access for modification. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | AUDIT AND ACCOUNTABILITY |
| EX16-MB-000140 - Exchange must protect audit data against unauthorized access. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | AUDIT AND ACCOUNTABILITY |
| F5BI-DM-000075 - The BIG-IP appliance must be configured to protect audit information from unauthorized modification. | DISA F5 BIG-IP Device Management STIG v2r3 | F5 | AUDIT AND ACCOUNTABILITY |
| F5BI-LT-000057 - The BIG-IP Core implementation must be configured to protect audit information from unauthorized modification. | DISA F5 BIG-IP Local Traffic Manager STIG v2r3 | F5 | AUDIT AND ACCOUNTABILITY |
| GEN002690 - System audit logs must be group-owned by root, bin, or sys. | DISA STIG Solaris 10 X86 v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002690 - System audit logs must be group-owned by root, bin, or sys. | DISA STIG Solaris 10 SPARC v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002690 - System audit logs must be group-owned by root, bin, sys, or system. | DISA STIG for Oracle Linux 5 v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| IISW-SV-000115 - The log information from the IIS 8.5 web server must be protected from unauthorized modification or deletion. | DISA IIS 8.5 Server v2r7 | Windows | AUDIT AND ACCOUNTABILITY |
| JBOS-AS-000170 - File permissions must be configured to protect log information from unauthorized modification. | DISA RedHat JBoss EAP 6.3 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| JUNI-ND-000380 - The Juniper router must be configured to protect audit information from unauthorized modification. | DISA STIG Juniper Router NDM v3r1 | Juniper | AUDIT AND ACCOUNTABILITY |
| O112-C2-009400 - The DBMS must protect audit information from unauthorized modification. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| O121-C2-009400 - The system must protect audit information from unauthorized modification. | DISA STIG Oracle 12c v3r1 Database | OracleDB | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000075 - The log information from OHS must be protected from unauthorized modification - permissions | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OH12-1X-000075 - The log information from OHS must be protected from unauthorized modification - user/group | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OL6-00-000383 - Audit log files must have mode 0640 or less permissive. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-000400 - The audit information produced by PostgreSQL must be protected from unauthorized modification - log directory | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-000400 - The audit information produced by PostgreSQL must be protected from unauthorized modification - log files | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-000400 - The audit information produced by PostgreSQL must be protected from unauthorized modification - log_file_mode | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| PPS9-00-002700 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized modification. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-06-000383 - Audit log files must have mode 0640 or less permissive. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653090 - RHEL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| SOL-11.1-010440 - The operating system must protect audit information from unauthorized access. | DISA STIG Solaris 11 SPARC v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SOL-11.1-010440 - The operating system must protect audit information from unauthorized access. | DISA STIG Solaris 11 X86 v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL4-00-013700 - The audit information produced by SQL Server must be protected from unauthorized modification. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| UBTU-16-020100 - Audit log directories must have a mode of 0750 or less permissive to prevent unauthorized read access. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010305 - The Ubuntu operating system must be configured so that audit log files cannot be read or write-accessible by unauthorized users. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010306 - The Ubuntu operating system must permit only authorized accounts ownership of the audit log files. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010307 - The Ubuntu operating system must permit only authorized groups to own the audit log files. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLD-70-000007 - VAMI log files must only be accessible by privileged users. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCUI-67-000007 - vSphere UI log files must only be accessible by privileged users. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| WN16-AU-000030 - Permissions for the Application event log must prevent access by non-privileged accounts. | DISA Windows Server 2016 STIG v2r9 | Windows | AUDIT AND ACCOUNTABILITY |
| WN16-AU-000050 - Permissions for the System event log must prevent access by non-privileged accounts. | DISA Windows Server 2016 STIG v2r9 | Windows | AUDIT AND ACCOUNTABILITY |
| WN19-AU-000050 - Windows Server 2019 permissions for the System event log must prevent access by non-privileged accounts. | DISA Windows Server 2019 STIG v3r2 | Windows | AUDIT AND ACCOUNTABILITY |
