STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AU-3 — Content of Audit Records

CCI-000130

Definition

Ensure that audit records contain information that establishes what type of event occurred.

Parent Control

AU-3Content of Audit RecordsAudit and Accountability

Linked STIG Checks (200)

V-204646CAT IIAAA Services configuration audit records must identify what type of events occurred.AAA Services Security Requirements Guide V-279034CAT IIIColdFusion must produce log records containing information to establish what type of events occurred.Adobe ColdFusion Security Technical Implementation Guide V-274017CAT IIAmazon Linux 2023 must have the audit package installed.Amazon Linux 2023 Security Technical Implementation Guide V-274018CAT IIAmazon Linux 2023 must produce audit records containing information to establish what type of events occurred.Amazon Linux 2023 Security Technical Implementation Guide V-274081CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Amazon Linux 2023 Security Technical Implementation Guide V-274082CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Amazon Linux 2023 Security Technical Implementation Guide V-274083CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Amazon Linux 2023 Security Technical Implementation Guide V-274084CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Amazon Linux 2023 Security Technical Implementation Guide V-274085CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Amazon Linux 2023 Security Technical Implementation Guide V-274087CAT IIAmazon Linux 2023 must audit all uses of the chmod, fchmod, and fchmodat system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274088CAT IIAmazon Linux 2023 must audit all uses of the chown, fchown, fchownat, and lchown system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274089CAT IIAmazon Linux 2023 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274090CAT IIAmazon Linux 2023 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274091CAT IIAmazon Linux 2023 must audit all uses of the init_module and finit_module system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274092CAT IIAmazon Linux 2023 must audit all uses of the create_module system call.Amazon Linux 2023 Security Technical Implementation Guide V-274093CAT IIAmazon Linux 2023 must audit all uses of the kmod command.Amazon Linux 2023 Security Technical Implementation Guide V-274094CAT IIAmazon Linux 2023 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274095CAT IIAmazon Linux 2023 must audit all uses of the chcon command.Amazon Linux 2023 Security Technical Implementation Guide V-274097CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.Amazon Linux 2023 Security Technical Implementation Guide V-274104CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274105CAT IIAmazon Linux 2023 must audit all successful/unsuccessful uses of the chage command.Amazon Linux 2023 Security Technical Implementation Guide V-274112CAT IIAmazon Linux 2023 must audit all uses of the sudo command.Amazon Linux 2023 Security Technical Implementation Guide V-274113CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274114CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Amazon Linux 2023 Security Technical Implementation Guide V-274167CAT IIAmazon Linux 2023 must enable auditing of processes that start prior to the audit daemon.Amazon Linux 2023 Security Technical Implementation Guide V-268090CAT IIThe NixOS audit package must be installed.Anduril NixOS Security Technical Implementation Guide V-214232CAT IIThe Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events.Apache Server 2.4 UNIX Server Security Technical Implementation Guide V-214279CAT IIThe Apache web server must produce log records containing sufficient information to establish what type of events occurred.Apache Server 2.4 UNIX Site Security Technical Implementation Guide V-214311CAT IIThe Apache web server must produce log records containing sufficient information to establish what type of events occurred.Apache Server 2.4 Windows Server Security Technical Implementation Guide V-222930CAT IIAccessLogValve must be configured for each application context.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-222938CAT IIAccessLogValve must be configured per each virtual host.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-252464CAT IIThe macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT), in order to generate audit records containing information to establish what type of events occurred, the identity of any individual or process associated with the event, including individual identities of group account users, establish where the events occurred, source of the event, and outcome of the events including all account enabling actions, full-text recording of privileged commands, and information about the use of encryption for access wireless access to and from the system.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257170CAT IIThe macOS system must produce audit records containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-259454CAT IIThe macOS system must enable security auditing.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-268454CAT IIThe macOS system must enable security auditing.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277062CAT IIThe macOS system must enable security auditing.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-204928CAT IIThe ALG must produce audit records containing information to establish what type of events occurred.Application Layer Gateway Security Requirements Guide V-274522CAT IIThe API Gateway must generate audit records of what type of events occurred.Application Programming Interface (API) Security Requirements Guide V-274523CAT IIThe API must monitor the usage of API keys to detect any anomalies.Application Programming Interface (API) Security Requirements Guide V-274524CAT IIThe API must generate audit records of what type of events occurred.Application Programming Interface (API) Security Requirements Guide V-274525CAT IIThe API must audit rate-limiting events.Application Programming Interface (API) Security Requirements Guide V-274526CAT IIThe API Gateway must audit rate limiting events.Application Programming Interface (API) Security Requirements Guide V-274527CAT IIThe API Gateway must audit authentication and authorization information.Application Programming Interface (API) Security Requirements Guide V-274528CAT IIThe API must audit authentication and authorization information.Application Programming Interface (API) Security Requirements Guide V-274529CAT IIThe API Gateway must audit exceptions and errors that occur during the processing.Application Programming Interface (API) Security Requirements Guide V-274530CAT IIThe API must audit exceptions and errors that occur during the processing.Application Programming Interface (API) Security Requirements Guide V-274531CAT IIThe API Gateway must audit execution time and performance metrics.Application Programming Interface (API) Security Requirements Guide V-274532CAT IIThe API must audit execution time and performance metrics.Application Programming Interface (API) Security Requirements Guide V-274533CAT IIThe API Gateway must audit request and response details (such as method, URL, headers, body, status, etc.).Application Programming Interface (API) Security Requirements Guide V-274534CAT IIThe API must audit request and response details (such as method, URL, headers, body, status, etc.).Application Programming Interface (API) Security Requirements Guide V-222469CAT IIThe application must log application shutdown events.Application Security and Development Security Technical Implementation Guide V-222470CAT IIThe application must log destination IP addresses.Application Security and Development Security Technical Implementation Guide V-222471CAT IIThe application must log user actions involving access to data.Application Security and Development Security Technical Implementation Guide V-222472CAT IIThe application must log user actions involving changes to data.Application Security and Development Security Technical Implementation Guide V-204721CAT IIThe application server must produce log records containing information to establish what type of events occurred.Application Server Security Requirements Guide V-237323CAT IThe ArcGIS Server must provide audit record generation capability for DoD-defined auditable events within all application components.ArcGIS for Server 10.3 Security Technical Implementation Guide V-217363CAT IIIThe Arista Multilayer Switch must produce audit log records containing sufficient information to establish what type of event occurred.Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide V-255962CAT IIThe Arista network device must be configured to capture all DOD auditable events.Arista MLS EOS 4.2x NDM Security Technical Implementation Guide V-255962CAT IIThe Arista network device must be configured to capture all DOD auditable events.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-272368CAT IIThe print-severity variable for the configuration of BIND 9.x server logs must be configured to produce audit records containing information to establish what type of events occurred.BIND 9.x Security Technical Implementation Guide V-238298CAT IIThe Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260590CAT IIUbuntu 22.04 LTS must have the "auditd" package installed.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260591CAT IIUbuntu 22.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270656CAT IIUbuntu 24.04 LTS must have the "auditd" package installed.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270657CAT IIUbuntu 24.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-221908CAT IIIThe Central Log Server must produce audit records containing information to establish what type of events occurred.Central Log Server Security Requirements Guide V-241819CAT IIIThe System Administrator (SA) and Information System Security Manager (ISSM) must configure the retention of the log records based on criticality level, event type, and/or retention period, at a minimum.Central Log Server Security Requirements Guide V-271939CAT IIThe Cisco ACI must automatically audit account creation.Cisco ACI NDM Security Technical Implementation Guide V-239855CAT IIThe Cisco ASA must be configured to generate traffic log entries containing information to establish what type of events occurred.Cisco ASA Firewall Security Technical Implementation Guide V-239873CAT IIThe Cisco ASA must be configured to produce audit records containing sufficient information to establish what type of event occurred.Cisco ASA IPS Security Technical Implementation Guide V-239905CAT IIThe Cisco ASA must be configured to produce audit log records containing sufficient information to establish what type of event occurred.Cisco ASA NDM Security Technical Implementation Guide V-239945CAT IIIThe Cisco ASA must be configured to generate log records containing information to establish what type of VPN events occurred.Cisco ASA VPN Security Technical Implementation Guide V-269129CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269130CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269131CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269132CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269133CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269134CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269135CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269469CAT IIThe audit package must be installed on AlmaLinux OS 9.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269470CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269471CAT IIAlmaLinux OS 9 must generate audit records for any use of the "mount" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269472CAT IIAlmaLinux OS 9 must generate audit records for any use of the "umount" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269473CAT IISuccessful/unsuccessful uses of the umount2 system call in AlmaLinux OS 9 must generate an audit record.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269474CAT IIAlmaLinux OS 9 must enable auditing of processes that start prior to the audit daemon.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269475CAT IIAlmaLinux OS 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269476CAT IIAlmaLinux OS 9 must generate audit records for any use of the "chacl" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269477CAT IIAlmaLinux OS 9 must generate audit records for any use of the "chage" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269478CAT IIAlmaLinux OS 9 must generate audit records for any use of the "chcon" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269479CAT IIAlmaLinux OS 9 must audit all uses of the chmod, fchmod, and fchmodat system calls.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269480CAT IIAlmaLinux OS 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269481CAT IIAlmaLinux OS 9 must generate audit records for any use of the "chsh" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269482CAT IIAlmaLinux OS 9 must generate audit records for any use of the "crontab" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269483CAT IIAlmaLinux OS 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269485CAT IIAlmaLinux OS 9 must generate audit records for any use of the "gpasswd" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269486CAT IIAlmaLinux OS 9 must audit all uses of the kmod command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269487CAT IIAlmaLinux OS 9 must generate audit records for any use of the "newgrp" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269488CAT IIAlmaLinux OS 9 must generate audit records for any use of the "passwd" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269489CAT IIAlmaLinux OS 9 must generate audit records for any use of the "postdrop" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269490CAT IIAlmaLinux OS 9 must generate audit records for any use of the "postqueue" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269491CAT IIAlmaLinux OS 9 must generate audit records for any use of the "su" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269492CAT IIAlmaLinux OS 9 must generate audit records for any use of the "sudo" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269493CAT IIAlmaLinux OS 9 must generate audit records for any use of the "semanage" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269494CAT IIAlmaLinux OS 9 must generate audit records for any use of the "setfacl" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269495CAT IIAlmaLinux OS 9 must generate audit records for any use of the "setfiles" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269496CAT IIAlmaLinux OS 9 must generate audit records for any use of the "setsebool" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269497CAT IIAlmaLinux OS 9 must generate audit records for any use of the "ssh-agent" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269498CAT IIAlmaLinux OS 9 must generate audit records for any use of the "ssh-keysign" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269499CAT IIAlmaLinux OS 9 must generate audit records for any use of the "sudoedit" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269500CAT IIAlmaLinux OS 9 must generate audit records for any use of the "pam_timestamp_check" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269501CAT IIAlmaLinux OS 9 must generate audit records for any use of the "unix_chkpwd" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269502CAT IIAlmaLinux OS 9 must generate audit records for any use of the "unix_update" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269503CAT IIAlmaLinux OS 9 must generate audit records for any use of the "userhelper" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269504CAT IIAlmaLinux OS 9 must generate audit records for any use of the "usermod" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269505CAT IIAlmaLinux OS 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233042CAT IIAll audit records must identify what type of event has occurred within the container platform.Container Platform Security Requirements Guide V-233604CAT IIPostgreSQL must produce audit records containing sufficient information to establish what type of events occurred.Crunchy Data PostgreSQL Security Technical Implementation Guide V-261866CAT IIPostgreSQL must produce audit records containing sufficient information to establish what type of events occurred.Crunchy Data Postgres 16 Security Technical Implementation Guide V-255539CAT IIIThe DBN-6300 must produce audit log records containing sufficient information to establish what type of event occurred.DBN-6300 NDM Security Technical Implementation Guide V-206528CAT IIThe DBMS must produce audit records containing sufficient information to establish what type of events occurred.Database Security Requirements Guide V-269774CAT IIThe Dell OS10 Switch must initiate session auditing upon startup.Dell OS10 Switch NDM Security Technical Implementation Guide V-235778CAT IIThe audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-235779CAT IIThe host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-205161CAT IIThe DNS server implementation must produce audit records containing information to establish what type of events occurred.Domain Name System (DNS) Security Requirements Guide V-213570CAT IIThe EDB Postgres Advanced Server must produce audit records containing sufficient information to establish what type of events occurred.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-259955CAT IIThe Enterprise Voice, Video, and Messaging Endpoint must be configured to produce session (call detail) records containing what type of connection occurred.Enterprise Voice, Video, and Messaging Endpoint Security Requirements Guide V-259996CAT IIThe Enterprise Voice, Video, and Messaging Session Manager must produce session (call) records containing the type of session connection.Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide V-259219CAT IIThe EDB Postgres Advanced Server must produce audit records containing sufficient information to establish what type of events occurred.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-214500CAT IIThe BIG-IP AFM module must be configured to produce audit records containing information to establish what type of events occurred.F5 BIG-IP Advanced Firewall Manager Security Technical Implementation Guide V-214505CAT IIThe BIG-IP ASM module must be configured to produce ASM Event Logs containing information to establish what type of unauthorized events occurred.F5 BIG-IP Application Security Manager Security Technical Implementation Guide V-266146CAT IIThe F5 BIG-IP appliance must generate event log records that can be forwarded to the centralized events log.F5 BIG-IP TMOS ALG Security Technical Implementation Guide V-266256CAT IIThe F5 BIG-IP appliance must generate traffic log entries containing information to establish the details of the event, including success or failure of the application of the firewall rule.F5 BIG-IP TMOS Firewall Security Technical Implementation Guide V-266068CAT IIThe F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-278385CAT IINGINX must provide audit records for DOD-defined auditable events.F5 NGINX Security Technical Implementation Guide V-206678CAT IIThe firewall must generate traffic log entries containing information to establish what type of events occurred.Firewall Security Requirements Guide V-234135CAT IIThe FortiGate firewall must generate traffic log entries containing information to establish what type of events occurred.Fortinet FortiGate Firewall Security Technical Implementation Guide V-203604CAT IIThe operating system must produce audit records containing information to establish what type of events occurred.General Purpose Operating System Security Requirements Guide V-217440CAT IIIThe HP FlexFabric Switch must produce audit log records containing sufficient information to establish what type of event occurred.HP FlexFabric Switch NDM Security Technical Implementation Guide V-255267CAT IISSMC web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events.HPE 3PAR SSMC Web Server Security Technical Implementation Guide V-268247CAT IIThe HYCU virtual appliance must produce audit log records containing sufficient information to establish what type of event occurred.HYCU Protege Security Technical Implementation Guide V-215236CAT IIAIX must produce audit records containing information to establish what the date, time, and type of events that occurred.IBM AIX 7.x Security Technical Implementation Guide V-25387CAT IIAudit records content must contain valid information to allow for proper incident reporting.IBM Hardware Management Console (HMC) STIG V-256887CAT IIAudit records content must contain valid information to allow for proper incident reporting.IBM Hardware Management Console (HMC) Security Technical Implementation Guide V-255782CAT IIThe MQ Appliance messaging server must produce log records containing information to establish what type of events occurred.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-255732CAT IIThe MQ Appliance network device must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-250325CAT IIThe WebSphere Liberty Server must log remote session and security activity.IBM WebSphere Liberty Server Security Technical Implementation Guide V-255823CAT IIThe WebSphere Application Server audit event type filters must be configured.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-223767CAT IIIBM z/OS required SMF data record types must be collected.IBM z/OS RACF Security Technical Implementation Guide V-223998CAT IIIBM z/OS required SMF data record types must be collected.IBM z/OS TSS Security Technical Implementation Guide V-237899CAT IICA VM:Secure product must be installed and operating.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-34540CAT IIThe IDPS must produce audit records containing sufficient information to establish what type of event occurred, including, at a minimum, event descriptions, policy filter, rule or signature invoked, port, protocol, and criticality level/alert code or description.Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-206867CAT IIThe IDPS must produce audit records containing sufficient information to establish what type of event occurred, including, at a minimum, event descriptions, policy filter, rule or signature invoked, port, protocol, and criticality level/alert code or description.Intrusion Detection and Prevention Systems Security Requirements Guide V-258601CAT IIThe ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.Ivanti Connect Secure NDM Security Technical Implementation Guide V-258587CAT IIIThe ICS must be configured to generate log records containing sufficient information about where, when, identity, source, or outcome of the events.Ivanti Connect Secure VPN Security Technical Implementation Guide V-251015CAT IIIThe Sentry must produce audit records containing information to establish what type of events occurred.Ivanti MobileIron Sentry 9.x ALG Security Technical Implementation Guide V-251015CAT IIIThe Sentry must produce audit records containing information to establish what type of events occurred.Ivanti Sentry 9.x ALG Security Technical Implementation Guide V-213506CAT IIJBoss must be configured to log the IP address of the remote system connecting to the JBoss system/cluster.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-213507CAT IIJBoss must be configured to produce log records containing information to establish what type of events occurred.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-253889CAT IIThe Juniper device must be configured to produce audit log records containing sufficient information to establish what type of event occurred.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-242403CAT IIKubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event.Kubernetes Security Technical Implementation Guide V-205464CAT IIThe Mainframe Product must produce audit records containing information to establish what type of events occurred.Mainframe Product Security Requirements Guide V-253675CAT IIMariaDB must produce audit records containing sufficient information to establish what type of events occurred.MariaDB Enterprise 10.x Security Technical Implementation Guide V-225235CAT IIEvent tracing for Windows (ETW) for Common Language Runtime events must be enabled.Microsoft DotNet Framework 4.0 Security Technical Implementation Guide V-220786CAT IIWindows 10 must be configured to audit Other Policy Change Events Failures.Microsoft Windows 10 Security Technical Implementation Guide V-220787CAT IIWindows 10 must be configured to audit other Logon/Logoff Events Successes.Microsoft Windows 10 Security Technical Implementation Guide V-220788CAT IIWindows 10 must be configured to audit other Logon/Logoff Events Failures.Microsoft Windows 10 Security Technical Implementation Guide V-220789CAT IIWindows 10 must be configured to audit Detailed File Share Failures.Microsoft Windows 10 Security Technical Implementation Guide V-220790CAT IIWindows 10 must be configured to audit MPSSVC Rule-Level Policy Change Successes.Microsoft Windows 10 Security Technical Implementation Guide V-220791CAT IIWindows 10 must be configured to audit MPSSVC Rule-Level Policy Change Failures.Microsoft Windows 10 Security Technical Implementation Guide V-253344CAT IIWindows 11 must be configured to audit Other Policy Change Events Failures.Microsoft Windows 11 Security Technical Implementation Guide V-253345CAT IIWindows 11 must be configured to audit other Logon/Logoff Events Successes.Microsoft Windows 11 Security Technical Implementation Guide V-253346CAT IIWindows 11 must be configured to audit other Logon/Logoff Events Failures.Microsoft Windows 11 Security Technical Implementation Guide V-253347CAT IIWindows 11 must be configured to audit Detailed File Share Failures.Microsoft Windows 11 Security Technical Implementation Guide V-253348CAT IIWindows 11 must be configured to audit MPSSVC Rule-Level Policy Change Successes.Microsoft Windows 11 Security Technical Implementation Guide V-253349CAT IIWindows 11 must be configured to audit MPSSVC Rule-Level Policy Change Failures.Microsoft Windows 11 Security Technical Implementation Guide V-221160CAT IIMongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide V-252134CAT IIMongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-265907CAT IIMongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide V-279334CAT IIMongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-202030CAT IIThe network device must produce audit log records containing sufficient information to establish what type of event occurred.Network Device Management Security Requirements Guide V-254164CAT IINutanix AOS must produce audit records containing information to establish what type of events occurred.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-219754CAT IIThe DBMS must produce audit records containing sufficient information to establish what type of events occurred.Oracle Database 11.2g Security Technical Implementation Guide V-220270CAT IIThe DBMS must produce audit records containing sufficient information to establish what type of events occurred.Oracle Database 12c Security Technical Implementation Guide V-221312CAT IIOHS must have a log level severity defined to produce sufficient log records to establish what type of events occurred.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221313CAT IIOHS must have a log format defined for log records generated to capture sufficient information to establish what type of events occurred.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221314CAT IIOHS must have a SSL log format defined for log records generated to capture sufficient information to establish what type of events occurred.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221315CAT IIOHS must have a log file defined for each site/virtual host to capture sufficient information to establish what type of events occurred.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221808CAT IIThe Oracle Linux operating system must audit all uses of the su command.Oracle Linux 7 Security Technical Implementation Guide V-221809CAT IIThe Oracle Linux operating system must audit all uses of the sudo command.Oracle Linux 7 Security Technical Implementation Guide V-221810CAT IIThe Oracle Linux operating system must audit all uses of the sudoers file and all files in the /etc/sudoers.d/ directory.Oracle Linux 7 Security Technical Implementation Guide V-221811CAT IIThe Oracle Linux operating system must audit all uses of the newgrp command.Oracle Linux 7 Security Technical Implementation Guide V-221812CAT IIThe Oracle Linux operating system must audit all uses of the chsh command.Oracle Linux 7 Security Technical Implementation Guide V-248519CAT IIThe OL 8 audit package must be installed.Oracle Linux 8 Security Technical Implementation Guide V-248520CAT IIOL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.Oracle Linux 8 Security Technical Implementation Guide V-248740CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/shadow".Oracle Linux 8 Security Technical Implementation Guide V-248741CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/security/opasswd".Oracle Linux 8 Security Technical Implementation Guide V-248742CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/passwd".Oracle Linux 8 Security Technical Implementation Guide V-248743CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/gshadow".Oracle Linux 8 Security Technical Implementation Guide V-248744CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/group".Oracle Linux 8 Security Technical Implementation Guide V-248745CAT IIOL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect "/etc/sudoers".Oracle Linux 8 Security Technical Implementation Guide