| AOSX-13-000230 - The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). | DISA STIG Apple Mac OSX 10.13 v2r5 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| AOSX-14-001003 - The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| AOSX-15-001003 - The macOS system must initiate session audits at system startup | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| APPL-11-001003 - The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT), to generate audit records containing information to establish what type of events occurred, the identity of any individual or process associated with the event, including individual identities of group account users, establish where the events occurred, source of the event, and outcome of the events including all account enabling actions, full-text recording of privileged commands, and information about the use of encryption for access wireless access to and from the system. | DISA STIG Apple macOS 11 v1r8 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| APPL-11-001003 - The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT), to generate audit records containing information to establish what type of events occurred, the identity of any individual or process associated with the event, including individual identities of group account users, establish where the events occurred, source of the event, and outcome of the events including all account enabling actions, full-text recording of privileged commands, and information about the use of encryption for access wireless access to and from the system. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| APPL-12-001003 - The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT), in order to generate audit records containing information to establish what type of events occurred, the identity of any individual or process associated with the event, including individual identities of group account users, establish where the events occurred, source of the event, and outcome of the events including all account enabling actions, full-text recording of privileged commands, and information about the use of encryption for access wireless access to and from the system. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| APPL-13-001003 - The macOS system must produce audit records containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions. | DISA STIG Apple macOS 13 v1r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| ARST-ND-000150 - The Arista network device must be configured to audit all administrator activity. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| Big Sur - Enable Security Auditing | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Big Sur - Enable Security Auditing | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Big Sur - Enable Security Auditing | NIST macOS Big Sur v1.4.0 - 800-171 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Big Sur - Enable Security Auditing | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Big Sur - Enable Security Auditing | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Big Sur - Enable Security Auditing | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Catalina - Enable Security Auditing | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Catalina - Enable Security Auditing | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Catalina - Enable Security Auditing | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Catalina - Enable Security Auditing | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| CNTR-K8-000700 - Kubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event. | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| Monterey - Enable Security Auditing | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Monterey - Enable Security Auditing | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Monterey - Enable Security Auditing | NIST macOS Monterey v1.0.0 - 800-171 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Monterey - Enable Security Auditing | NIST macOS Monterey v1.0.0 - 800-53r4 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Monterey - Enable Security Auditing | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| OL08-00-030130 - OL 8 must generate audit records for all account creation events that affect '/etc/shadow'. | DISA Oracle Linux 8 STIG v2r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030140 - OL 8 must generate audit records for all account creation events that affect '/etc/security/opasswd'. | DISA Oracle Linux 8 STIG v2r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030150 - OL 8 must generate audit records for all account creation events that affect '/etc/passwd'. | DISA Oracle Linux 8 STIG v2r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030160 - OL 8 must generate audit records for all account creation events that affect '/etc/gshadow'. | DISA Oracle Linux 8 STIG v2r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030170 - OL 8 must generate audit records for all account creation events that affect '/etc/group'. | DISA Oracle Linux 8 STIG v2r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030171 - OL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect '/etc/sudoers'. | DISA Oracle Linux 8 STIG v2r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| OL08-00-030172 - OL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect '/etc/sudoers.d/'. | DISA Oracle Linux 8 STIG v2r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| PHTN-30-000013 - The Photon operating system must have the auditd service running. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| PHTN-40-000016 The Photon operating system must enable the auditd service. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| PHTN-67-000018 - The Photon operating system must have the auditd service running. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| RHEL-09-654215 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654220 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654225 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654230 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654235 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| RHEL-09-654245 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| SLES-12-020010 - SUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events. | DISA SLES 12 STIG v2r13 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| SLES-15-030050 - SUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events. | DISA SLES 15 STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020300 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020310 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020320 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020330 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| UBTU-16-020340 - The Ubuntu operating system must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| WBSP-AS-000100 - The WebSphere Application Server audit event type filters must be configured. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| WBSP-AS-000100 - The WebSphere Application Server audit event type filters must be configured. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| WBSP-AS-000100 - The WebSphere Application Server audit event type filters must be configured. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
