| ALMA-09-046220 - AlmaLinux OS 9 must generate audit records for any use of the "poweroff" command. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-046660 - AlmaLinux OS 9 must audit all uses of the delete_module, init_module and finit_module system calls. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| ALMA-09-049080 - AlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/faillock. | DISA CloudLinux AlmaLinux OS 9 STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001044 - The macOS system must generate audit records for DoD-defined events such as successful/unsuccessful logon attempts, successful/unsuccessful direct access attempts, starting and ending time for user access, and concurrent logons to the same account from different sources. | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| CASA-ND-001210 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to delete administrator privileges occur. | DISA STIG Cisco ASA NDM v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-ND-001230 - The Cisco ASA must be configured to generate audit records for privileged activities or other system-level access. | DISA STIG Cisco ASA NDM v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-VN-000720 - The Cisco ASA VPN remote access server must be configured to generate log records when successful and/or unsuccessful VPN connection attempts occur. | DISA STIG Cisco ASA VPN v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000560 - The Juniper EX switch must be configured to generate audit records when successful/unsuccessful logon attempts occur. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | AUDIT AND ACCOUNTABILITY |
| MADB-10-000800 - MariaDB must be able to generate audit records when unsuccessful attempts to retrieve privileges/permissions occur. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MADB-10-009400 - MariaDB must be able to generate audit records when security objects are accessed. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MADB-10-010000 - MariaDB must generate audit records when privileges/permissions are modified. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MADB-10-010400 - MariaDB must generate audit records when categories of information (e.g., classification levels/security levels) are modified. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MADB-10-010700 - MariaDB must generate audit records when unsuccessful attempts to delete privileges/permissions occur. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MADB-10-011900 - MariaDB must generate audit records when unsuccessful accesses to objects occur. | DISA MariaDB Enterprise 10.x v2r3 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002000 - The MySQL Database Server 8.0 must be able to generate audit records when security objects are accessed. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002200 - The MySQL Database Server 8.0 must generate audit records when categories of information (e.g., classification levels/security levels) are accessed. | DISA Oracle MySQL 8.0 v2r2 OS Linux | Unix | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002600 - The MySQL Database Server 8.0 must generate audit records when privileges/permissions are modified. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-002700 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to modify privileges/permissions occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-003700 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to delete categories of information (e.g., classification levels/security levels) occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-003900 - The MySQL Database Server 8.0 must generate audit records when unsuccessful logons or connection attempts occur. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| MYS8-00-004200 - The MySQL Database Server 8.0 must generate audit records showing starting and ending time for user access to the database(s). | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000020 - The Photon operating system must generate audit records when successful/unsuccessful attempts to access privileges occur - uid 32 | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000044 - The Photon operating system must audit all account modifications - groupmod | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000044 - The Photon operating system must audit all account modifications - usermod | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-654185 - Successful/unsuccessful uses of the init command in RHEL 9 must generate an audit record. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-654195 - Successful/unsuccessful uses of the reboot command in RHEL 9 must generate an audit record. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011400 - SQL Server must generate audit records for the DoD-selected list of auditable events - 'Event ID 18' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011400 - SQL Server must generate audit records for the DoD-selected list of auditable events - 'Event ID 103' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011400 - SQL Server must generate audit records for the DoD-selected list of auditable events - 'Event ID 107' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011400 - SQL Server must generate audit records for the DoD-selected list of auditable events - 'Event ID 116' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011400 - SQL Server must generate audit records for the DoD-selected list of auditable events - 'Event ID 130' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL2-00-011400 - SQL Server must generate audit records for the DoD-selected list of auditable events - 'Event ID 133' | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010137 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the chfn command. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010161 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudo command. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010162 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the sudoedit command. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-20-010173 - The Ubuntu operating system must generate audit records for successful/unsuccessful uses of the unix_update command. | DISA Canonical Ubuntu 20.04 LTS STIG v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654010 - Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the apparmor_parser command. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654040 - Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the crontab command. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654080 - Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the passwd command. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654095 - Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the ssh-keysign command. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654155 - Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654160 - Ubuntu 22.04 LTS must generate audit records for successful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-22-654210 - Ubuntu 22.04 LTS must generate audit records for the use and modification of faillog file. | DISA Canonical Ubuntu 22.04 LTS STIG v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900090 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the mount command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900100 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the umount command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900240 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the chacl command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900310 - Ubuntu 24.04 LTS must generate audit records for successful/unsuccessful uses of the usermod command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900520 - Ubuntu 24.04 LTS must generate audit records when successful/unsuccessful attempts to modify the /etc/sudoers.d directory occur. | DISA Canonical Ubuntu 24.04 LTS STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900540 - Ubuntu 24.04 LTS must generate audit records for any successful/unsuccessful use of unlink, unlinkat, rename, renameat, and rmdir system calls. | DISA Canonical Ubuntu 24.04 LTS STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| UBTU-24-900750 - Ubuntu 24.04 LTS must generate audit records when successful/unsuccessful attempts to use the fdisk command. | DISA Canonical Ubuntu 24.04 LTS STIG v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
