STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AU-3 (1) — Content of Audit Records

CCI-000135

Definition

Generate audit records containing the organization-defined additional information that is to be included in the audit records.

Parent Control

AU-3 (1)Content of Audit RecordsAudit and Accountability

Linked STIG Checks (200)

V-255592CAT IIIThe A10 Networks ADC must have command auditing enabled.A10 Networks ADC NDM Security Technical Implementation Guide V-279034CAT IIIColdFusion must produce log records containing information to establish what type of events occurred.Adobe ColdFusion Security Technical Implementation Guide V-274017CAT IIAmazon Linux 2023 must have the audit package installed.Amazon Linux 2023 Security Technical Implementation Guide V-274018CAT IIAmazon Linux 2023 must produce audit records containing information to establish what type of events occurred.Amazon Linux 2023 Security Technical Implementation Guide V-274081CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Amazon Linux 2023 Security Technical Implementation Guide V-274082CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Amazon Linux 2023 Security Technical Implementation Guide V-274083CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Amazon Linux 2023 Security Technical Implementation Guide V-274084CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Amazon Linux 2023 Security Technical Implementation Guide V-274085CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Amazon Linux 2023 Security Technical Implementation Guide V-274087CAT IIAmazon Linux 2023 must audit all uses of the chmod, fchmod, and fchmodat system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274088CAT IIAmazon Linux 2023 must audit all uses of the chown, fchown, fchownat, and lchown system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274089CAT IIAmazon Linux 2023 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274090CAT IIAmazon Linux 2023 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274091CAT IIAmazon Linux 2023 must audit all uses of the init_module and finit_module system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274092CAT IIAmazon Linux 2023 must audit all uses of the create_module system call.Amazon Linux 2023 Security Technical Implementation Guide V-274093CAT IIAmazon Linux 2023 must audit all uses of the kmod command.Amazon Linux 2023 Security Technical Implementation Guide V-274094CAT IIAmazon Linux 2023 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274095CAT IIAmazon Linux 2023 must audit all uses of the chcon command.Amazon Linux 2023 Security Technical Implementation Guide V-274097CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.Amazon Linux 2023 Security Technical Implementation Guide V-274104CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274105CAT IIAmazon Linux 2023 must audit all successful/unsuccessful uses of the chage command.Amazon Linux 2023 Security Technical Implementation Guide V-274112CAT IIAmazon Linux 2023 must audit all uses of the sudo command.Amazon Linux 2023 Security Technical Implementation Guide V-274113CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274114CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Amazon Linux 2023 Security Technical Implementation Guide V-274159CAT IIAmazon Linux 2023 must insure all interactive users have a primary group that exists.Amazon Linux 2023 Security Technical Implementation Guide V-274160CAT IIAmazon Linux 2023 must ensure all interactive users have unique User IDs (UIDs).Amazon Linux 2023 Security Technical Implementation Guide V-274167CAT IIAmazon Linux 2023 must enable auditing of processes that start prior to the audit daemon.Amazon Linux 2023 Security Technical Implementation Guide V-268090CAT IIThe NixOS audit package must be installed.Anduril NixOS Security Technical Implementation Guide V-268091CAT IINixOS must generate audit records for all usage of privileged commands.Anduril NixOS Security Technical Implementation Guide V-268092CAT IINixOS must enable auditing of processes that start prior to the audit daemon.Anduril NixOS Security Technical Implementation Guide V-268093CAT IINixOS must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon.Anduril NixOS Security Technical Implementation Guide V-268094CAT IISuccessful/unsuccessful uses of the mount syscall in NixOS must generate an audit record.Anduril NixOS Security Technical Implementation Guide V-268095CAT IISuccessful/unsuccessful uses of the rename, unlink, rmdir, renameat, and unlinkat system calls in NixOS must generate an audit record.Anduril NixOS Security Technical Implementation Guide V-268096CAT IISuccessful/unsuccessful uses of the init_module, finit_module, and delete_module system calls in NixOS must generate an audit record.Anduril NixOS Security Technical Implementation Guide V-268097CAT IINixOS must generate an audit record for successful/unsuccessful modifications to the cron configuration.Anduril NixOS Security Technical Implementation Guide V-268098CAT IINixOS must generate an audit record for successful/unsuccessful uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.Anduril NixOS Security Technical Implementation Guide V-268099CAT IISuccessful/unsuccessful uses of the chown, fchown, fchownat, and lchown system calls in NixOS must generate an audit record.Anduril NixOS Security Technical Implementation Guide V-268100CAT IISuccessful/unsuccessful uses of the chmod, fchmod, and fchmodat system calls in NixOS must generate an audit record.Anduril NixOS Security Technical Implementation Guide V-268163CAT IINixOS must generate audit records when successful/unsuccessful attempts to modify security objects occur.Anduril NixOS Security Technical Implementation Guide V-268166CAT IINixOS must generate audit records when concurrent logons to the same account occur from different sources.Anduril NixOS Security Technical Implementation Guide V-268167CAT IINixOS must generate audit records for all account creations, modifications, disabling, and termination events.Anduril NixOS Security Technical Implementation Guide V-222938CAT IIAccessLogValve must be configured per each virtual host.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-252464CAT IIThe macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT), in order to generate audit records containing information to establish what type of events occurred, the identity of any individual or process associated with the event, including individual identities of group account users, establish where the events occurred, source of the event, and outcome of the events including all account enabling actions, full-text recording of privileged commands, and information about the use of encryption for access wireless access to and from the system.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257170CAT IIThe macOS system must produce audit records containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268454CAT IIThe macOS system must enable security auditing.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277062CAT IIThe macOS system must enable security auditing.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222478CAT IIThe application must generate audit records containing the full-text recording of privileged commands or the individual identities of group account users.Application Security and Development Security Technical Implementation Guide V-222479CAT IIThe application must implement transaction recovery logs when transaction based.Application Security and Development Security Technical Implementation Guide V-204727CAT IIThe application server must generate log records containing the full-text recording of privileged commands or the individual identities of group account users.Application Server Security Requirements Guide V-217364CAT IIIThe Arista Multilayer Switch must generate audit records containing the full-text recording of privileged commands.Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide V-255951CAT IIThe Arista network device must be configured to audit all administrator activity.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-219225CAT IIThe Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238298CAT IIThe Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260590CAT IIUbuntu 22.04 LTS must have the "auditd" package installed.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260591CAT IIUbuntu 22.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270656CAT IIUbuntu 24.04 LTS must have the "auditd" package installed.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270657CAT IIUbuntu 24.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-271939CAT IIThe Cisco ACI must automatically audit account creation.Cisco ACI NDM Security Technical Implementation Guide V-239910CAT IIThe Cisco ASA must be configured to generate audit records containing the full-text recording of privileged commands.Cisco ASA NDM Security Technical Implementation Guide V-215674CAT IIThe Cisco router must be configured to generate audit records containing the full-text recording of privileged commands.Cisco IOS Router NDM Security Technical Implementation Guide V-220582CAT IIThe Cisco switch must be configured to generate audit records containing the full-text recording of privileged commands.Cisco IOS Switch NDM Security Technical Implementation Guide V-215819CAT IIThe Cisco router must be configured to generate audit records containing the full-text recording of privileged commands.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220530CAT IIThe Cisco switch must be configured to generate audit records containing the full-text recording of privileged commands.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-242663CAT IIThe Cisco ISE must generate audit records containing the full-text recording of privileged commands.Cisco ISE NDM Security Technical Implementation Guide V-220485CAT IIThe Cisco switch must be configured to generate audit records containing the full-text recording of privileged commands.Cisco NX OS Switch NDM Security Technical Implementation Guide V-269129CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269130CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269131CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269132CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269133CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269134CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269135CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269469CAT IIThe audit package must be installed on AlmaLinux OS 9.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269470CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269474CAT IIAlmaLinux OS 9 must enable auditing of processes that start prior to the audit daemon.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269475CAT IIAlmaLinux OS 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269476CAT IIAlmaLinux OS 9 must generate audit records for any use of the "chacl" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269477CAT IIAlmaLinux OS 9 must generate audit records for any use of the "chage" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269478CAT IIAlmaLinux OS 9 must generate audit records for any use of the "chcon" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269479CAT IIAlmaLinux OS 9 must audit all uses of the chmod, fchmod, and fchmodat system calls.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269480CAT IIAlmaLinux OS 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269481CAT IIAlmaLinux OS 9 must generate audit records for any use of the "chsh" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269482CAT IIAlmaLinux OS 9 must generate audit records for any use of the "crontab" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269483CAT IIAlmaLinux OS 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269485CAT IIAlmaLinux OS 9 must generate audit records for any use of the "gpasswd" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269486CAT IIAlmaLinux OS 9 must audit all uses of the kmod command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269487CAT IIAlmaLinux OS 9 must generate audit records for any use of the "newgrp" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269488CAT IIAlmaLinux OS 9 must generate audit records for any use of the "passwd" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269489CAT IIAlmaLinux OS 9 must generate audit records for any use of the "postdrop" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269490CAT IIAlmaLinux OS 9 must generate audit records for any use of the "postqueue" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269491CAT IIAlmaLinux OS 9 must generate audit records for any use of the "su" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269492CAT IIAlmaLinux OS 9 must generate audit records for any use of the "sudo" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269493CAT IIAlmaLinux OS 9 must generate audit records for any use of the "semanage" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269494CAT IIAlmaLinux OS 9 must generate audit records for any use of the "setfacl" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269495CAT IIAlmaLinux OS 9 must generate audit records for any use of the "setfiles" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269496CAT IIAlmaLinux OS 9 must generate audit records for any use of the "setsebool" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269497CAT IIAlmaLinux OS 9 must generate audit records for any use of the "ssh-agent" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269498CAT IIAlmaLinux OS 9 must generate audit records for any use of the "ssh-keysign" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269499CAT IIAlmaLinux OS 9 must generate audit records for any use of the "sudoedit" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269500CAT IIAlmaLinux OS 9 must generate audit records for any use of the "pam_timestamp_check" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269501CAT IIAlmaLinux OS 9 must generate audit records for any use of the "unix_chkpwd" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269502CAT IIAlmaLinux OS 9 must generate audit records for any use of the "unix_update" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269503CAT IIAlmaLinux OS 9 must generate audit records for any use of the "userhelper" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269504CAT IIAlmaLinux OS 9 must generate audit records for any use of the "usermod" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269505CAT IIAlmaLinux OS 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269532CAT IIThe auditd service must be enabled on AlmaLinux OS 9.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233049CAT IIThe container platform must generate audit records containing the full-text recording of privileged commands or the individual identities of group account users.Container Platform Security Requirements Guide V-233542CAT IIPostgreSQL must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.Crunchy Data PostgreSQL Security Technical Implementation Guide V-261872CAT IIPostgreSQL must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.Crunchy Data Postgres 16 Security Technical Implementation Guide V-255545CAT IIIThe DBN-6300 must generate audit records containing the full-text recording of privileged commands.DBN-6300 NDM Security Technical Implementation Guide V-206534CAT IIThe DBMS must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.Database Security Requirements Guide V-269774CAT IIThe Dell OS10 Switch must initiate session auditing upon startup.Dell OS10 Switch NDM Security Technical Implementation Guide V-235778CAT IIThe audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-235779CAT IIThe host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-224145CAT IIThe EDB Postgres Advanced Server must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213576CAT IIThe EDB Postgres Advanced Server must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-259225CAT IIThe EDB Postgres Advanced Server must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-266068CAT IIThe F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-234179CAT IIThe FortiGate device must generate audit records containing the full-text recording of privileged commands.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-203609CAT IIThe operating system must generate audit records containing the full-text recording of privileged commands.General Purpose Operating System Security Requirements Guide V-203610CAT IIThe operating system must produce audit records containing the individual identities of group account users.General Purpose Operating System Security Requirements Guide V-217446CAT IIIThe HP FlexFabric Switch must generate audit records containing the full-text recording of privileged commands.HP FlexFabric Switch NDM Security Technical Implementation Guide V-255278CAT IIThe HPE 3PAR OS must be configured for centralized account management functions via LDAP.HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide V-255288CAT IIThe HPE 3PAR OS must provide automated mechanisms for supporting account management functions via AD.HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide V-266950CAT IIAOS must audit the execution of privileged functions.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-268246CAT IIThe HYCU virtual appliance must generate audit records containing the full-text recording of privileged commands.HYCU Protege Security Technical Implementation Guide V-215240CAT IIAIX must produce audit records containing the full-text recording of privileged commands.IBM AIX 7.x Security Technical Implementation Guide V-213680CAT IIDB2 must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-255782CAT IIThe MQ Appliance messaging server must produce log records containing information to establish what type of events occurred.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-250325CAT IIThe WebSphere Liberty Server must log remote session and security activity.IBM WebSphere Liberty Server Security Technical Implementation Guide V-255823CAT IIThe WebSphere Application Server audit event type filters must be configured.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-223544CAT IIIBM z/OS Required SMF data record types must be collected.IBM z/OS ACF2 Security Technical Implementation Guide V-223546CAT IIIBM z/OS must specify SMF data options to assure appropriate activation.IBM z/OS ACF2 Security Technical Implementation Guide V-223653CAT IIIBM RACF SETROPTS LOGOPTIONS must be properly configured.IBM z/OS RACF Security Technical Implementation Guide V-223767CAT IIIBM z/OS required SMF data record types must be collected.IBM z/OS RACF Security Technical Implementation Guide V-223769CAT IIIBM z/OS must specify SMF data options to assure appropriate activation.IBM z/OS RACF Security Technical Implementation Guide V-223998CAT IIIBM z/OS required SMF data record types must be collected.IBM z/OS TSS Security Technical Implementation Guide V-224001CAT IIIBM z/OS must specify SMF data options to ensure appropriate activation.IBM z/OS TSS Security Technical Implementation Guide V-237899CAT IICA VM:Secure product must be installed and operating.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-217316CAT IIThe Juniper router must be configured to generate audit records containing the full-text recording of privileged commands.Juniper Router NDM Security Technical Implementation Guide V-66571CAT IIIThe Juniper SRX Services Gateway must generate log records containing the full-text recording of privileged commands.Juniper SRX SG NDM Security Technical Implementation Guide V-223197CAT IIIThe Juniper SRX Services Gateway must generate log records containing the full-text recording of privileged commands.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-242403CAT IIKubernetes API Server must generate audit records that identify what type of event has occurred, identify the source of the event, contain the event results, identify any users, and identify any containers associated with the event.Kubernetes Security Technical Implementation Guide V-213818CAT IISQL Server must include organization-defined additional, more detailed information in Trace or Audit records for events identified by type, location, or subject.MS SQL Server 2014 Instance Security Technical Implementation Guide V-213941CAT IISQL Server must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.MS SQL Server 2016 Instance Security Technical Implementation Guide V-205470CAT IIThe Mainframe Product must generate audit records containing the full-text recording of privileged commands or the individual identities of group account users.Mainframe Product Security Requirements Guide V-253676CAT IIMariaDB must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.MariaDB Enterprise 10.x Security Technical Implementation Guide V-255329CAT IIAzure SQL Database must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.Microsoft Azure SQL Database Security Technical Implementation Guide V-276256CAT IIAzure SQL Managed Instance must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-276297CAT IIIAzure SQL Managed Instance must have an audit defined to track Microsoft Support Operations.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-271280CAT IISQL Server must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-220809CAT IICommand line data must be included in process creation events.Microsoft Windows 10 Security Technical Implementation Guide V-220860CAT IIPowerShell script block logging must be enabled on Windows 10.Microsoft Windows 10 Security Technical Implementation Guide V-253367CAT IICommand line data must be included in process creation events.Microsoft Windows 11 Security Technical Implementation Guide V-253414CAT IIPowerShell script block logging must be enabled on Windows 11.Microsoft Windows 11 Security Technical Implementation Guide V-224922CAT IICommand line data must be included in process creation events.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224957CAT IIPowerShell script block logging must be enabled.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205638CAT IIWindows Server 2019 command line data must be included in process creation events.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205639CAT IIWindows Server 2019 PowerShell script block logging must be enabled.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254341CAT IIWindows Server 2022 command line data must be included in process creation events.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254377CAT IIWindows Server 2022 PowerShell script block logging must be enabled.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278088CAT IIWindows Server 2025 command line data must be included in process creation events.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278124CAT IIWindows Server 2025 PowerShell script block logging must be enabled.Microsoft Windows Server 2025 Security Technical Implementation Guide V-260914CAT IIAudit logging must be enabled on MKE.Mirantis Kubernetes Engine Security Technical Implementation Guide V-221160CAT IIMongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide V-252134CAT IIMongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-265907CAT IIMongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide V-279334CAT IIMongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-202036CAT IIThe network device must generate audit records containing the full-text recording of privileged commands.Network Device Management Security Requirements Guide V-254170CAT IINutanix AOS must produce audit records containing the full-text recording of successful and unsuccessful attempts to execute the passwd/gpasswd/unix-chkpwd privileged commands.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-254171CAT IINutanix AOS must produce audit records containing the full-text recording of successful and unsuccessful attempts to execute the chage privileged command.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-254172CAT IINutanix AOS must produce audit records containing the full-text recording of successful and unsuccessful attempts to execute the userhelper privileged command.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-254173CAT IINutanix AOS must produce audit records containing the full-text recording of successful and unsuccessful attempts to execute the mount and umount privileged commands.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-254174CAT IINutanix AOS must produce audit records containing the full-text recording of successful and unsuccessful attempts to execute the post-related privileged commands.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-254175CAT IINutanix AOS must produce audit records containing the full-text recording of successful and unsuccessful attempts to execute the opensshrelated privileged commands.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-254176CAT IINutanix AOS must produce audit records containing the full-text recording of successful and unsuccessful attempts to execute the crontab-related privileged commands.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-254177CAT IINutanix AOS must produce audit records containing the individual identities of group account users.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279549CAT IINutanix OS must provide audit record generation capability for DOD-defined auditable events for account changes.Nutanix Acropolis GPOS Security Technical Implementation Guide V-219760CAT IIThe DBMS must include organization-defined additional, more detailed information in the audit records for audit events identified by type, location, or subject.Oracle Database 11.2g Security Technical Implementation Guide V-220276CAT IIThe DBMS must include organization-defined additional, more detailed information in the audit records for audit events identified by type, location, or subject.Oracle Database 12c Security Technical Implementation Guide V-270505CAT IIOracle Database must include organization-defined additional, more detailed information in the audit records for audit events identified by type, location, or subject.Oracle Database 19c Security Technical Implementation Guide V-221764CAT IIThe Oracle Linux operating system must be configured so that auditing is configured to produce records containing information to establish what type of events occurred, where the events occurred, the source of the events, and the outcome of the events. These audit records must also identify individual identities of group account users.Oracle Linux 7 Security Technical Implementation Guide V-221803CAT IIThe Oracle Linux operating system must audit all uses of the passwd command.Oracle Linux 7 Security Technical Implementation Guide V-221804CAT IIThe Oracle Linux operating system must audit all uses of the unix_chkpwd command.Oracle Linux 7 Security Technical Implementation Guide V-221805CAT IIThe Oracle Linux operating system must audit all uses of the gpasswd command.Oracle Linux 7 Security Technical Implementation Guide V-221806CAT IIThe Oracle Linux operating system must audit all uses of the chage command.Oracle Linux 7 Security Technical Implementation Guide V-221807CAT IIThe Oracle Linux operating system must audit all uses of the userhelper command.Oracle Linux 7 Security Technical Implementation Guide V-221813CAT IIThe Oracle Linux operating system must audit all uses of the mount command and syscall.Oracle Linux 7 Security Technical Implementation Guide V-221814CAT IIThe Oracle Linux operating system must audit all uses of the umount command.Oracle Linux 7 Security Technical Implementation Guide V-221815CAT IIThe Oracle Linux operating system must audit all uses of the postdrop command.Oracle Linux 7 Security Technical Implementation Guide V-221816CAT IIThe Oracle Linux operating system must audit all uses of the postqueue command.Oracle Linux 7 Security Technical Implementation Guide V-221817CAT IIThe Oracle Linux operating system must audit all uses of the ssh-keysign command.Oracle Linux 7 Security Technical Implementation Guide V-221818CAT IIThe Oracle Linux operating system must audit all uses of the crontab command.Oracle Linux 7 Security Technical Implementation Guide V-248519CAT IIThe OL 8 audit package must be installed.Oracle Linux 8 Security Technical Implementation Guide V-248520CAT IIOL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.Oracle Linux 8 Security Technical Implementation Guide V-248701CAT IIOL 8 duplicate User IDs (UIDs) must not exist for interactive users.Oracle Linux 8 Security Technical Implementation Guide V-248740CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/shadow".Oracle Linux 8 Security Technical Implementation Guide V-248741CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/security/opasswd".Oracle Linux 8 Security Technical Implementation Guide V-248742CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/passwd".Oracle Linux 8 Security Technical Implementation Guide V-248743CAT IIOL 8 must generate audit records for all account creation events that affect "/etc/gshadow".Oracle Linux 8 Security Technical Implementation Guide