STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-17 (1) — Remote Access

CCI-000067

Definition

Employ automated mechanisms to monitor remote access methods.

Parent Control

AC-17 (1)Remote AccessAccess Control

Linked STIG Checks (158)

V-243498CAT IIIf a VPN is used in the AD implementation, the traffic must be inspected by the network Intrusion detection system (IDS).Active Directory Domain Security Technical Implementation Guide V-274021CAT IIAmazon Linux 2023 must monitor remote access methods.Amazon Linux 2023 Security Technical Implementation Guide V-268088CAT IINixOS must monitor remote access methods.Anduril NixOS Security Technical Implementation Guide V-222930CAT IIAccessLogValve must be configured for each application context.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-268031CAT IIIApple iOS/iPadOS 18 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device.Apple iOS/iPadOS 18 Security Technical Implementation Guide V-278791CAT IIIApple iOS/iPadOS 26 must implement the management setting: require the user to enter a password when connecting to an AirPlay-enabled device.Apple iOS/iPadOS 26 Security Technical Implementation Guide V-252463CAT IIThe macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257169CAT IIThe macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-259453CAT IIThe macOS system must be configured to audit all log on and log out events.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-268453CAT IIThe macOS system must be configured to audit all login and logout events.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277061CAT IIThe macOS system must be configured to audit all login and logout events.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-204923CAT IIThe ALG providing intermediary services for remote access communications traffic must ensure inbound and outbound traffic is monitored for compliance with remote access security policies.Application Layer Gateway Security Requirements Guide V-204711CAT IIThe application server must ensure remote sessions for accessing security functions and security-relevant information are logged.Application Server Security Requirements Guide V-237323CAT IThe ArcGIS Server must provide audit record generation capability for DoD-defined auditable events within all application components.ArcGIS for Server 10.3 Security Technical Implementation Guide V-79047CAT IIIf the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to enable audit logs.BlackBerry Enterprise Mobility Server 2.x Security Technical Implementation Guide V-254728CAT IIIf the BlackBerry Docs service is installed on the BlackBerry Enterprise Mobility Server (BEMS), it must be configured to enable audit logs.BlackBerry Enterprise Mobility Server 3.x Security Technical Implementation Guide V-219306CAT IIThe Ubuntu operating system must monitor remote access methods.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238324CAT IIThe Ubuntu operating system must monitor remote access methods.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260589CAT IIUbuntu 22.04 LTS must monitor remote access methods.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270681CAT IIUbuntu 24.04 LTS must monitor remote access methods.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-239854CAT IIThe Cisco ASA must be configured to restrict VPN traffic according to organization-defined filtering rules.Cisco ASA Firewall Security Technical Implementation Guide V-269111CAT IIAlmaLinux OS 9 must log SSH connection attempts and failures to the server.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269112CAT IIAll AlmaLinux OS 9 remote access methods must be monitored.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-235778CAT IIThe audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-235779CAT IIThe host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-214504CAT IIThe BIG-IP ASM module supporting intermediary services for remote access communications traffic must ensure inbound traffic is monitored for compliance with remote access security policies.F5 BIG-IP Application Security Manager Security Technical Implementation Guide V-215745CAT IIThe BIG-IP Core implementation must be configured to monitor inbound traffic for remote access policy compliance when accepting connections to virtual servers.F5 BIG-IP Local Traffic Manager Security Technical Implementation Guide V-266138CAT IIThe F5 BIG-IP appliance providing intermediary services for remote access communications traffic must ensure inbound and outbound traffic is monitored for compliance with remote access security policies.F5 BIG-IP TMOS ALG Security Technical Implementation Guide V-266254CAT IIThe F5 BIG-IP appliance that filters traffic from the VPN access points must be configured with organization-defined filtering rules that apply to the monitoring of remote access traffic.F5 BIG-IP TMOS Firewall Security Technical Implementation Guide V-206676CAT IIThe firewall that filters traffic from the VPN access points must be configured with organization-defined filtering rules that apply to the monitoring of remote access traffic.Firewall Security Requirements Guide V-234134CAT IIThe FortiGate firewall must use organization-defined filtering rules that apply to the monitoring of remote access traffic for the traffic from the VPN access points.Fortinet FortiGate Firewall Security Technical Implementation Guide V-203602CAT IIThe operating system must monitor remote access methods.General Purpose Operating System Security Requirements Guide V-255255CAT IISSMC web server must generate information to be used by external applications or entities to monitor and control remote access.HPE 3PAR SSMC Web Server Security Technical Implementation Guide V-255256CAT IISSMC web server must generate information to be used by external applications or entities to monitor and control remote access.HPE 3PAR SSMC Web Server Security Technical Implementation Guide V-255257CAT IISSMC web server must generate information to be used by external applications or entities to monitor and control remote access.HPE 3PAR SSMC Web Server Security Technical Implementation Guide V-215285CAT IIAIX must monitor and record successful remote logins.IBM AIX 7.x Security Technical Implementation Guide V-215286CAT IIAIX must monitor and record unsuccessful remote logins.IBM AIX 7.x Security Technical Implementation Guide V-255784CAT IIThe MQ Appliance messaging server must provide access logging that ensures users who are granted a privileged role (or roles) have their privileged activity logged.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-250325CAT IIThe WebSphere Liberty Server must log remote session and security activity.IBM WebSphere Liberty Server Security Technical Implementation Guide V-255820CAT IIThe WebSphere Application Server security auditing must be enabled.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-255821CAT IIThe WebSphere Application Server groups in the user registry mapped to WebSphere auditor roles must be configured in accordance with the security plan.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-255822CAT IIThe WebSphere Application Server users in the WebSphere auditor role must be configured in accordance with the System Security Plan.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-255823CAT IIThe WebSphere Application Server audit event type filters must be configured.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-255824CAT IIThe WebSphere Application Server audit service provider must be enabled.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-255825CAT IIThe WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-223517CAT IIIBM z/OS SMF recording options for the FTP Server must be configured to write SMF records for all eligible events.IBM z/OS ACF2 Security Technical Implementation Guide V-223537CAT IIThe IBM z/OS BPX.SMF resource must be properly configured.IBM z/OS ACF2 Security Technical Implementation Guide V-223586CAT IIIBM z/OS SMF recording options for the SSH daemon must be configured to write SMF records for all eligible events.IBM z/OS ACF2 Security Technical Implementation Guide V-223599CAT IIIBM z/OS PROFILE.TCPIP configuration statements for the TCP/IP stack must be coded properly.IBM z/OS ACF2 Security Technical Implementation Guide V-223609CAT IIIBM z/OS SMF recording options for the TN3270 Telnet Server must be properly specified.IBM z/OS ACF2 Security Technical Implementation Guide V-252547CAT IIIBM z/OS TCP/IP AT-TLS policy must be properly configured in Policy Agent.IBM z/OS ACF2 Security Technical Implementation Guide V-223733CAT IIIBM z/OS SMF recording options for the FTP Server must be configured to write SMF records for all eligible events.IBM z/OS RACF Security Technical Implementation Guide V-223758CAT IIThe IBM z/OS BPX.SMF resource must be properly configured.IBM z/OS RACF Security Technical Implementation Guide V-223759CAT IIIBM z/OS SMF recording options for the TN3270 Telnet Server must be properly specified.IBM z/OS RACF Security Technical Implementation Guide V-223806CAT IIIBM z/OS SMF recording options for the SSH daemon must be configured to write SMF records for all eligible events.IBM z/OS RACF Security Technical Implementation Guide V-223820CAT IIIBM z/OS PROFILE.TCPIP configuration statements for the TCP/IP stack must be coded properly.IBM z/OS RACF Security Technical Implementation Guide V-252553CAT IIIBM z/OS TCP/IP AT-TLS policy must be properly configured in Policy Agent.IBM z/OS RACF Security Technical Implementation Guide V-223974CAT IIIBM z/OS SMF recording options for the FTP server must be configured to write SMF records for all eligible events.IBM z/OS TSS Security Technical Implementation Guide V-224000CAT IIThe IBM z/OS BPX.SMF resource must be properly configured.IBM z/OS TSS Security Technical Implementation Guide V-224054CAT IIIBM z/OS SMF recording options for the SSH daemon must be configured to write SMF records for all eligible events.IBM z/OS TSS Security Technical Implementation Guide V-224056CAT IIIBM z/OS PROFILE.TCPIP configuration statements for the TCP/IP stack must be properly coded.IBM z/OS TSS Security Technical Implementation Guide V-224066CAT IIIBM z/OS SMF recording options for the TN3270 Telnet server must be properly specified.IBM z/OS TSS Security Technical Implementation Guide V-252554CAT IIIBM z/OS TCP/IP AT-TLS policy must be properly configured in Policy Agent.IBM z/OS TSS Security Technical Implementation Guide V-237899CAT IICA VM:Secure product must be installed and operating.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-237905CAT IIFor FTP processing Z/VM TCP/IP FTP server Exit must be enabled.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-66645CAT IIThe Juniper SRX Services Gateway VPN device also fulfills the role of IDPS in the architecture, the device must inspect the VPN traffic in compliance with DoD IDPS requirements.Juniper SRX SG VPN Security Technical Implementation Guide V-214671CAT IIThe Juniper SRX Services Gateway VPN device also fulfills the role of IDPS in the architecture, the device must inspect the VPN traffic in compliance with DoD IDPS requirements.Juniper SRX Services Gateway VPN Security Technical Implementation Guide V-220757CAT IIThe system must be configured to audit Logon/Logoff - Logoff successes.Microsoft Windows 10 Security Technical Implementation Guide V-220758CAT IIThe system must be configured to audit Logon/Logoff - Logon failures.Microsoft Windows 10 Security Technical Implementation Guide V-220759CAT IIThe system must be configured to audit Logon/Logoff - Logon successes.Microsoft Windows 10 Security Technical Implementation Guide V-253315CAT IIThe system must be configured to audit Logon/Logoff - Logoff successes.Microsoft Windows 11 Security Technical Implementation Guide V-242009CAT IIInbound exceptions to the firewall on domain workstations must only allow authorized remote management hosts.Microsoft Windows Defender Firewall with Advanced Security Security Technical Implementation Guide V-224892CAT IIWindows Server 2016 must be configured to audit Logon/Logoff - Logoff successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224893CAT IIWindows Server 2016 must be configured to audit Logon/Logoff - Logon successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224894CAT IIWindows Server 2016 must be configured to audit Logon/Logoff - Logon failures.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205634CAT IIWindows Server 2019 must be configured to audit logon successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205635CAT IIWindows Server 2019 must be configured to audit logon failures.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254312CAT IIWindows Server 2022 must be configured to audit logon successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254313CAT IIWindows Server 2022 must be configured to audit logon failures.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278059CAT IIWindows Server 2025 must be configured to audit logon successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278060CAT IIWindows Server 2025 must be configured to audit logon failures.Microsoft Windows Server 2025 Security Technical Implementation Guide V-254123CAT IINutanix AOS must monitor remote access methods.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279531CAT IINutanix OS must monitor SSH access.Nutanix Acropolis GPOS Security Technical Implementation Guide V-221289CAT IIOHS must have the LoadModule log_config_module directive enabled to generate information to be used by external applications or entities to monitor and control remote access.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221290CAT IIOHS must have the OraLogMode set to Oracle Diagnostic Logging text mode to generate information to be used by external applications or entities to monitor and control remote access.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221291CAT IIOHS must have a log directory location defined to generate information for use by external applications or entities to monitor and control remote access.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221292CAT IIOHS must have the OraLogSeverity directive defined to generate adequate information to be used by external applications or entities to monitor and control remote access.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221293CAT IIOHS must have the log rotation parameter set to allow generated information to be used by external applications or entities to monitor and control remote access.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221294CAT IIOHS must have a log format defined to generate adequate information to be used by external applications or entities to monitor and control remote access.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221295CAT IIOHS must have a SSL log format defined to allow generated information to be used by external applications or entities to monitor and control remote access in accordance with the categorization of data hosted by the web server.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221296CAT IIOHS must have a log file defined for each site/virtual host to capture information to be used by external applications or entities to monitor and control remote access.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-248530CAT IIAll OL 8 remote access methods must be monitored.Oracle Linux 8 Security Technical Implementation Guide V-271703CAT IIOL 9 must log SSH connection attempts and failures to the server.Oracle Linux 9 Security Technical Implementation Guide V-271851CAT IIOL 9 remote access methods must be monitored.Oracle Linux 9 Security Technical Implementation Guide V-235930CAT IIOracle WebLogic must employ automated mechanisms to facilitate the monitoring and control of remote access methods.Oracle WebLogic Server 12c Security Technical Implementation Guide V-235931CAT IIOracle WebLogic must ensure remote sessions for accessing security functions and security-relevant information are audited.Oracle WebLogic Server 12c Security Technical Implementation Guide V-228832CAT IIThe Palo Alto Networks security platform, if used to provide intermediary services for remote access communications traffic (TLS or SSL decryption), must ensure inbound and outbound traffic is monitored for compliance with remote access security policies.Palo Alto Networks ALG Security Technical Implementation Guide V-280990CAT IIRHEL 10 must monitor all remote access methods.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281115CAT IIRHEL 10 must log Secure Shell (SSH) connection attempts and failures to the server.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-230228CAT IIAll RHEL 8 remote access methods must be monitored.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-257982CAT IIRHEL 9 must log SSH connection attempts and failures to the server.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258144CAT IIAll RHEL 9 remote access methods must be monitored.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-275676CAT IIUbuntu OS must monitor remote access methods.Riverbed NetIM OS Security Technical Implementation Guide V-238498CAT IIThe Riverbed Optimization System (RiOS) must be configured to ensure inbound and outbound traffic is forwarded to be inspected by the firewall and IDPS in compliance with remote access security policies.Riverbed SteelHead CX v8 ALG Security Technical Implementation Guide V-261338CAT IISLEM 5 must log SSH connection attempts and failures to the server.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217265CAT IIThe SUSE operating system must log SSH connection attempts and failures to the server.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-272525CAT IIISamsung Android 15 must prohibit DOD VPN profiles in the Personal Profile.Samsung Android 15 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-216265CAT IIIThe audit system must be configured to audit login, logout, and session initiation.Solaris 11 SPARC Security Technical Implementation Guide V-216030CAT IIIThe audit system must be configured to audit login, logout, and session initiation.Solaris 11 X86 Security Technical Implementation Guide V-279177CAT IIThe Edge SWG must ensure inbound and outbound traffic is monitored for compliance with remote access security policies.Symantec Edge SWG ALG Security Technical Implementation Guide V-94217CAT IIIf Symantec ProxySG filters externally initiated traffic, reverse proxy services must be configured.Symantec ProxySG ALG Security Technical Implementation Guide V-94219CAT IISymantec ProxySG providing intermediary services for remote access communications traffic must ensure outbound traffic is monitored for compliance with remote access security policies.Symantec ProxySG ALG Security Technical Implementation Guide V-253056CAT IITOSS must monitor remote access methods.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282383CAT IITOSS 5 must log SSH connection attempts and failures to the server.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282384CAT IIAll TOSS 5 remote access methods must be monitored.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-240043CAT IIHAProxy must be configured to use syslog.VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide V-246886CAT IIThe Horizon Connection Server must be configured to debug level logging.VMware Horizon 7.13 Connection Server Security Technical Implementation Guide V-265362CAT IIThe NSX Tier-0 Gateway Firewall must generate traffic log entries.VMware NSX 4.x Tier-0 Gateway Firewall Security Technical Implementation Guide V-265488CAT IIThe NSX Tier-1 Gateway firewall must generate traffic log entries.VMware NSX 4.x Tier-1 Gateway Firewall Security Technical Implementation Guide V-240218CAT IILighttpd must be configured to use mod_accesslog.VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide V-240352CAT IIThe SLES for vRealize must monitor remote access methods - SSH Daemon.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-240741CAT IItc Server HORIZON must record user access in a format that enables monitoring of remote access.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240742CAT IItc Server VCO must record user access in a format that enables monitoring of remote access.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240743CAT IItc Server VCAC must record user access in a format that enables monitoring of remote access.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-240969CAT IIvIDM must be configured to log activity to the horizon.log file.VMware vRealize Automation 7.x vIDM Security Technical Implementation Guide V-239450CAT IIThe SLES for vRealize must monitor remote access methods - SSH Daemon.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-241591CAT IItc Server UI must record user access in a format that enables monitoring of remote access.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-241592CAT IItc Server CaSa must record user access in a format that enables monitoring of remote access.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-241593CAT IItc Server API must record user access in a format that enables monitoring of remote access.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-256378CAT IIRemote logging for ESXi hosts must be configured.VMware vSphere 7.0 ESXi Security Technical Implementation Guide V-256648CAT IIVAMI must be configured to monitor remote access.VMware vSphere 7.0 VAMI Security Technical Implementation Guide V-256677CAT IIESX Agent Manager must record user access in a format that enables monitoring of remote access.VMware vSphere 7.0 vCenter Appliance EAM Security Technical Implementation Guide V-256710CAT IILookup Service must record user access in a format that enables monitoring of remote access.VMware vSphere 7.0 vCenter Appliance Lookup Service Security Technical Implementation Guide V-256615CAT IIPerformance Charts must record user access in a format that enables monitoring of remote access.VMware vSphere 7.0 vCenter Appliance Perfcharts Security Technical Implementation Guide V-256483CAT IIThe Photon operating system must have the sshd SyslogFacility set to "authpriv".VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256484CAT IIThe Photon operating system must have sshd authentication logging enabled.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256485CAT IIThe Photon operating system must have the sshd LogLevel set to "INFO".VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256749CAT IIThe Security Token Service must record user access in a format that enables monitoring of remote access.VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide V-256782CAT IIvSphere UI must record user access in a format that enables monitoring of remote access.VMware vSphere 7.0 vCenter Appliance UI Security Technical Implementation Guide V-259006CAT IIThe vCenter ESX Agent Manager service must produce log records containing sufficient information regarding event details.VMware vSphere 8.0 vCenter Appliance ESX Agent Manager (EAM) Security Technical Implementation Guide V-259040CAT IIThe vCenter Lookup service must produce log records containing sufficient information regarding event details.VMware vSphere 8.0 vCenter Appliance Lookup Service Security Technical Implementation Guide V-259139CAT IIThe vCenter VAMI service must generate information to monitor remote access.VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) Security Technical Implementation Guide V-259074CAT IIThe vCenter Perfcharts service must produce log records containing sufficient information regarding event details.VMware vSphere 8.0 vCenter Appliance Perfcharts Security Technical Implementation Guide V-258805CAT IIThe Photon operating system must monitor remote access logins.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-258865CAT IIThe Photon operating system must configure the Secure Shell (SSH) SyslogFacility.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-258866CAT IIThe Photon operating system must enable Secure Shell (SSH) authentication logging.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-258974CAT IIThe vCenter STS service must produce log records containing sufficient information regarding event details.VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide V-259107CAT IIThe vCenter UI service must produce log records containing sufficient information regarding event details.VMware vSphere 8.0 vCenter Appliance User Interface (UI) Security Technical Implementation Guide V-207350CAT IIThe VMM must monitor remote access methods automatically.Virtual Machine Manager Security Requirements Guide V-206354CAT IIThe web server must generate information to be used by external applications or entities to monitor and control remote access.Web Server Security Requirements Guide V-73449CAT IIWindows Server 2016 must be configured to audit Logon/Logoff - Logoff successes.Windows Server 2016 Security Technical Implementation Guide V-73449CAT IIWindows Server 2016 must be configured to audit Logon/Logoff - Logoff successes.Windows Server 2016 Security Technical Implementation Guide V-73451CAT IIWindows Server 2016 must be configured to audit Logon/Logoff - Logon successes.Windows Server 2016 Security Technical Implementation Guide V-73451CAT IIWindows Server 2016 must be configured to audit Logon/Logoff - Logon successes.Windows Server 2016 Security Technical Implementation Guide V-73453CAT IIWindows Server 2016 must be configured to audit Logon/Logoff - Logon failures.Windows Server 2016 Security Technical Implementation Guide V-73453CAT IIWindows Server 2016 must be configured to audit Logon/Logoff - Logon failures.Windows Server 2016 Security Technical Implementation Guide V-92967CAT IIWindows Server 2019 must be configured to audit logon successes.Windows Server 2019 Security Technical Implementation Guide V-92969CAT IIWindows Server 2019 must be configured to audit logon failures.Windows Server 2019 Security Technical Implementation Guide