| 1.1.3.2.1 Set 'Audit: Shut down system immediately if unable to log security audits' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'action_mail_acct is configured' | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'action_mail_acct' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'action_mail_acct' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'admin_space_left_action' | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'admin_space_left_action' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'admin_space_left_action' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'space_left_action is configured' | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'space_left_action' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'space_left_action' | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.3 Ensure audit logs are not automatically deleted | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.3 Ensure audit logs are not automatically deleted | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.20 Ensure the auditing processing failures are handled. | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.9 Enable Kernel Level Auditing, Check if 'minfree:20' is set in /etc/security/audit_control. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.8 Enable kernel-level auditing, Check if 'minfree:20' is set in /etc/security/audit_control. | CIS Solaris 9 v1.3 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.1.2 Disable System on Audit Log Full - 'action_mail_acct is configured' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.1.2 Disable System on Audit Log Full - 'admin_space_left_action = halt' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.1.2 Disable System on Audit Log Full - action_mail_acct = root | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.1.2 Disable System on Audit Log Full - admin_space_left_action = halt | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.1.2 Disable System on Audit Log Full - space_left_action = email | CIS Debian Linux 7 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.1.2 Disable System on Audit Log Full- 'space_left_action = email' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 8.1.1.3 Keep All Auditing Information | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| Audit: Shut down system immediately if unable to log security audits | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit: Shut down system immediately if unable to log security audits | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Failure Notification | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Big Sur - Configure Audit Failure Notification | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Failure Notification | NIST macOS Catalina v1.5.0 - 800-171 | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Failure Notification | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | AUDIT AND ACCOUNTABILITY |
| Catalina - Configure Audit Failure Notification | NIST macOS Catalina v1.5.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure email logging is configured for critical to emergency | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | AUDIT AND ACCOUNTABILITY |
| Ensure system is disabled when audit logs are full - 'action_mail_acct = root' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure system is disabled when audit logs are full - 'admin_space_left_action = halt' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure system is disabled when audit logs are full - 'space_left_action = email' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Extreme : Enable SNMP Traps | TNS Extreme ExtremeXOS Best Practice Audit | Extreme_ExtremeXOS | AUDIT AND ACCOUNTABILITY |
| Fortigate - full-final-warning-threshold <= 95% | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - full-first-warning-threshold <= 75% | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - full-second-warning-threshold <= 90% | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| IBM i : Auditing End Action (QAUDENDACN) - '*NOTIFY or *PWRDWNSYS' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | AUDIT AND ACCOUNTABILITY |
| IBM i : Auditing End Action (QAUDENDACN) - '*NOTIFY or *PWRDWNSYS' | IBM System i Security Reference for V7R2 | AS/400 | AUDIT AND ACCOUNTABILITY |
| IBM i : Auditing End Action (QAUDENDACN) - '*NOTIFY or *PWRDWNSYS' | IBM System i Security Reference for V7R3 | AS/400 | AUDIT AND ACCOUNTABILITY |
| IBM i : Auditing End Action (QAUDENDACN) - '*NOTIFY' | IBM iSeries Security Reference v5r4 | AS/400 | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Failure Notification | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Failure Notification | NIST macOS Monterey v1.0.0 - 800-171 | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Failure Notification | NIST macOS Monterey v1.0.0 - All Profiles | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Failure Notification | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Failure Notification | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | AUDIT AND ACCOUNTABILITY |
| Monterey - Configure Audit Failure Notification | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | AUDIT AND ACCOUNTABILITY |
| SonicWALL - Log Alert Emails - Enabled | TNS SonicWALL v5.9 | SonicWALL | AUDIT AND ACCOUNTABILITY |
