| 2.2 Ensure That Sinks Are Configured for All Log Entries | CIS Google Cloud Platform v3.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 2.3 Ensure the logging level is set to 'info' - daemon.json | CIS Docker v1.6.0 L1 Docker Linux | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure CloudTrail log file validation is enabled | CIS Amazon Web Services Foundations L2 3.0.0 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure auditd service is enabled and running - enabled | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure auditd service is enabled and running - running | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - action_mail_acct | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - action_mail_acct | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - admin_space_left_action | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - admin_space_left_action | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - space_left_action | CIS SUSE Linux Enterprise Server 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - space_left_action | CIS SUSE Linux Enterprise Workstation 11 L2 v2.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.3 Ensure system is disabled when audit logs are full | CIS SUSE Linux Enterprise 15 Server L2 v1.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.3 Ensure system is disabled when audit logs are full | CIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.3 Ensure system is disabled when audit logs are full | CIS SUSE Linux Enterprise 12 v3.1.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.3 Ensure system is disabled when audit logs are full | CIS SUSE Linux Enterprise 12 v3.1.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.4 Ensure audit_backlog_limit is sufficient | CIS Red Hat 6 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.4 Ensure audit_backlog_limit is sufficient | CIS SUSE Linux Enterprise 12 v3.1.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.4 Ensure audit_backlog_limit is sufficient | CIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.4 Ensure audit_backlog_limit is sufficient | CIS SUSE Linux Enterprise 12 v3.1.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.4 Ensure audit_backlog_limit is sufficient | CIS SUSE Linux Enterprise 15 Server L2 v1.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.4 Ensure audit_backlog_limit is sufficient | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.5 Ensure system is disabled when audit logs are full - 'action_mail_acct = root' | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.5 Ensure system is disabled when audit logs are full - 'admin_space_left_action = halt' | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.5 Ensure system is disabled when audit logs are full - 'space_left_action = email' | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.7 Ensure audit_backlog_limit is sufficient | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.7 Ensure audit_backlog_limit is sufficient | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Ensure management console sign-in without MFA is monitored | CIS Amazon Web Services Foundations L1 3.0.0 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.3 Ensure usage of 'root' account is monitored | CIS Amazon Web Services Foundations L1 3.0.0 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.4 Ensure IAM policy changes are monitored | CIS Amazon Web Services Foundations L1 3.0.0 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.5 (L1) Host must deactivate log filtering | CIS VMware ESXi 8.0 v1.1.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 4.5 Ensure CloudTrail configuration changes are monitored | CIS Amazon Web Services Foundations L1 3.0.0 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.6 Ensure AWS Management Console authentication failures are monitored | CIS Amazon Web Services Foundations L2 3.0.0 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.7 Ensure disabling or scheduled deletion of customer created CMKs is monitored | CIS Amazon Web Services Foundations L2 3.0.0 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.11 Ensure Network Access Control Lists (NACL) changes are monitored | CIS Amazon Web Services Foundations L2 3.0.0 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.14 Ensure VPC changes are monitored | CIS Amazon Web Services Foundations L1 3.0.0 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 6.2.3.1 Ensure changes to system administration scope (sudoers) is collected | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.3 Ensure events that modify the sudo log file are collected | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.5 Ensure events that modify the system's network environment are collected | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.6 Ensure use of privileged commands are collected | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.7 Ensure unsuccessful file access attempts are collected | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.9 Ensure discretionary access control permission modification events are collected | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.19 Ensure kernel module loading unloading and modification is collected | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.21 Ensure the running and on disk configuration is the same | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 17.2.5 (L1) Ensure 'Audit Security Group Management' is set to include 'Success' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.2.5 (L1) Ensure 'Audit Security Group Management' is set to include 'Success' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.4 (L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.4 (L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.5 (L1) Ensure 'Audit Special Logon' is set to include 'Success' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.5 (L1) Ensure 'Audit Special Logon' is set to include 'Success' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
