| 2.12 Ensure centralized and remote logging is configured | CIS Docker v1.2.0 L2 Docker Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.3 Ensure rsyslog default file permissions configured | CIS Amazon Linux v2.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host | CIS Debian 8 Server L1 v2.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host | CIS Debian 8 Workstation L1 v2.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host | CIS Ubuntu Linux 20.04 LTS Workstation L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.5 Ensure rsyslog is configured to send logs to a remote log host | CIS Ubuntu Linux 20.04 LTS Server L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1.1 Ensure Accounting Destination is configured | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | AUDIT AND ACCOUNTABILITY |
| 9.1.5 (L1) Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.1.5 Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 9.1.6 (L1) Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.1.6 Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 9.1.7 (L1) Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.1.7 Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 9.1.8 (L1) Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.2.5 (L1) Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\privatefw.log' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.2.6 (L1) Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.2.6 Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 9.2.7 (L1) Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.2.7 Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 9.2.8 (L1) Ensure 'Windows Firewall: Private: Logging: Log successful connections' is set to 'Yes' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.3.7 (L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.3.7 Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 9.3.8 (L1) Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.3.8 Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 9.3.9 (L1) Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.3.10 (L1) Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.3.10 Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.9.1 (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 17.9.3 (L1) Ensure 'Audit Security State Change' is set to include 'Success' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 17.9.3 Ensure 'Audit Security State Change' is set to include 'Success' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.9.4 (L1) Ensure 'Audit Security System Extension' is set to include 'Success' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 17.9.5 (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 18.4.13 (L1) Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.81.2.1 Ensure 'Configure Default consent' is set to 'Enabled: Always ask before sending data' | CIS Windows Server 2012 MS L1 v2.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.81.2.1 Ensure 'Configure Default consent' is set to 'Enabled: Always ask before sending data' | CIS Windows Server 2012 DC L1 v2.1.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.81.2.1 Ensure 'Configure Default consent' is set to 'Enabled: Always ask before sending data' | CIS Microsoft Windows 8.1 L1 Bitlocker v2.3.0 | Windows | AUDIT AND ACCOUNTABILITY |
| ESXI-65-000045 - The ESXi host must enable a persistent log location for all locally stored logs. | DISA STIG VMware vSphere ESXi 6.5 v1r4 | VMware | AUDIT AND ACCOUNTABILITY |
| F5BI-DM-000085 - The BIG-IP appliance must be configured to back up audit records at least every seven (7) days onto a different system or system component than the system or component being audited. | DISA F5 BIG-IP Device Management 11.x STIG v1r7 | F5 | AUDIT AND ACCOUNTABILITY |
| GEN005460 - The system must only use remote syslog servers (log hosts) that is justified and documented using site-defined procedures. | DISA STIG for Oracle Linux 5 v1r14 | Unix | AUDIT AND ACCOUNTABILITY |
| NET0388 - The network device must dump logs when they reach 75% capacity to a syslog server. | DISA STIG Cisco Firewall v8r25 | Cisco | AUDIT AND ACCOUNTABILITY |
| NET1021 - The network element must log all messages except debugging - 'Logging LOGGING_HOST_IP' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | AUDIT AND ACCOUNTABILITY |
| NET1021 - The network element must log all messages except debugging - 'Logging LOGGING_HOST_IP' | DISA STIG Cisco L2 Switch V8R27 | Cisco | AUDIT AND ACCOUNTABILITY |
| NET1021 - The network element must log all messages except debugging - 'Logging LOGGING_HOST_IP' | DISA STIG Cisco Perimeter Router v8r32 | Cisco | AUDIT AND ACCOUNTABILITY |
| NET1021 - The network element must log all messages except debugging. - 'Logging LOGGING_HOST_IP' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | AUDIT AND ACCOUNTABILITY |
| NET1021 - The network element must log all messages except debugging. - 'Logging LOGGING_HOST_IP' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | AUDIT AND ACCOUNTABILITY |
| NET1660 - The network device must use SNMP Version 3 Security Model with FIPS 140-2 cryptography - 'snmp v3 interface' | DISA STIG Cisco Firewall v8r25 | Cisco | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1660 - The network device must use SNMP Version 3 Security Model with FIPS 140-2 cryptography - 'snmp v3 user' | DISA STIG Cisco Firewall v8r25 | Cisco | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| OSX00155 - Enable remote logging | DISA STIG Apple Mac OSX 10.5 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| OSX00155 M6 - Remote logging must be enabled | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000140 - Symantec ProxySG must back up event logs onto a different system or system component than the system or component being audited - Syslog IP | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
