| 1.15 UBTU-24-100450 | CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT III | Unix | AUDIT AND ACCOUNTABILITY |
| 1.116 UBTU-22-651035 | CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT III | Unix | AUDIT AND ACCOUNTABILITY |
| 1.121 UBTU-22-653020 | CIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT III | Unix | AUDIT AND ACCOUNTABILITY |
| 1.174 UBTU-24-900950 | CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT III | Unix | AUDIT AND ACCOUNTABILITY |
| 1.278 OL08-00-030690 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | AUDIT AND ACCOUNTABILITY |
| 1.371 RHEL-09-653030 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.3 Ensure audit system is set to single when the disk is full. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.6 Ensure audit system action is defined for sending errors | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.8 Ensure audit logs are stored on a different system. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.9 Ensure audit logs on separate system are encrypted. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.11 Ensure off-load of audit logs. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.12 Ensure action is taken when audisp-remote buffer is full | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.13 Ensure off-loaded audit logs are labeled. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-052820 - AlmaLinux OS 9 must encrypt, via the gtls driver, the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | DISA CloudLinux AlmaLinux OS 9 STIG v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| AS24-W1-000720 - The Apache web server must not impede the ability to write specified log record content to an audit log server. | DISA STIG Apache Server 2.4 Windows Server v2r3 | Windows | AUDIT AND ACCOUNTABILITY |
| AZLX-23-001035 - Amazon Linux 2023 audispd-plugins package must be installed. | DISA Amazon Linux 2023 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| AZLX-23-001040 - Amazon Linux 2023 must have the rsyslog package installed. | DISA Amazon Linux 2023 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| AZLX-23-002075 - Amazon Linux 2023 must encrypt via the gtls driver the transfer of audit records off-loaded onto a different system or media from the system being audited via rsyslog. | DISA Amazon Linux 2023 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001450 - The Cisco router must be configured to send log data to at least two syslog servers for the purpose of forwarding alerts to the administrators and the ISSO. | DISA Cisco IOS Router NDM STIG v3r5 | Cisco | AUDIT AND ACCOUNTABILITY |
| ESXI-06-400004 - The VMM must off-load audit records onto a different system or media than the system being audited by configuring remote logging. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-06-500004 - The VMM must, at a minimum, off-load interconnected systems in real time and off-load standalone systems weekly by configuring remote logging. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXi: esxi-8.logs-remote | VMware vSphere Security Configuration and Hardening Guide | VMware | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| IBMW-LS-000230 - The WebSphere Liberty Server must be configured to offload logs to a centralized system. | DISA IBM WebSphere Liberty Server STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| JBOS-AS-000735 - JBoss servers must be configured to roll over and transfer logs on a minimum weekly basis. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000600 - The Juniper EX switch must be configured to offload audit records onto a different system or media than the system being audited. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000670 - The Juniper EX switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO). | DISA Juniper EX Series Network Device Management v2r3 | Juniper | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| OL6-00-000137 - The operating system must support the requirement to centrally manage the content of audit records generated by organization defined information system components. | DISA STIG Oracle Linux 6 v2r7 | Unix | AUDIT AND ACCOUNTABILITY |
| OL07-00-030320 - The Oracle Linux operating system must be configured so that the audit system takes appropriate action when the audit storage volume is full. | DISA Oracle Linux 7 STIG v3r3 | Unix | AUDIT AND ACCOUNTABILITY |
| OL08-00-030690 - The OL 8 audit records must be offloaded onto a different system or storage media from the system being audited. | DISA Oracle Linux 8 STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| OL09-00-000350 - OL 9 must have the rsyslog package installed. | DISA Oracle Linux 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OL09-00-000755 - OL 9 must label all offloaded audit logs before sending them to the central log server. | DISA Oracle Linux 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OL09-00-000850 - OL 9 must allocate audit record storage capacity to store at least one week's worth of audit records. | DISA Oracle Linux 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000129 - The Photon operating system must be configured to offload audit logs to a syslog server. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-07-030320 - The Red Hat Enterprise Linux operating system must be configured so that the audit system takes appropriate action when the audit storage volume is full. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-08-030690 - The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited. | DISA Red Hat Enterprise Linux 8 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653030 - RHEL 9 must allocate audit record storage capacity to store at least one week's worth of audit records. | DISA Red Hat Enterprise Linux 9 STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-653060 - RHEL 9 must label all offloaded audit logs before sending them to the central log server. | DISA Red Hat Enterprise Linux 9 STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020070 - The audit-audispd-plugins must be installed on the SUSE operating system. | DISA SLES 12 STIG v3r3 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-12-020090 - Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited. | DISA SLES 12 STIG v3r3 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-030680 - The SUSE operating system audit event multiplexor must be configured to use Kerberos. | DISA SUSE Linux Enterprise Server 15 STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| SQLI-22-015900 - The system SQL Server must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems. | DISA Microsoft SQL Server 2022 Instance STIG v1r1 MS_SQLDB | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000080 - Symantec ProxySG must be configured to support centralized management and configuration of the audit log - enable | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| UBTU-18-010008 - The Ubuntu operating system must have a crontab script running weekly to off-load audit events of standalone systems. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-651035 - Ubuntu 22.04 LTS must have a crontab script running weekly to offload audit events of standalone systems. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - firstboot | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - stdout | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLD-67-000014 - Rsyslog must be configured to monitor VAMI logs. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCSA-80-000148 - The vCenter Server must be configured to send logs to a central log server. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | AUDIT AND ACCOUNTABILITY |
| WN16-AU-000020 - Windows Server 2016 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| WN22-AU-000020 - Windows Server 2022 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly. | DISA Microsoft Windows Server 2022 STIG v2r5 | Windows | AUDIT AND ACCOUNTABILITY |
