STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AU-7 (1) — Audit Record Reduction and Report Generation

CCI-000158

Definition

Provide the capability to process, sort, and search audit records for events of interest based on organization-defined audit fields within audit records.

Parent Control

AU-7 (1)Audit Record Reduction and Report GenerationAudit and Accountability

Linked STIG Checks (47)

V-274017CAT IIAmazon Linux 2023 must have the audit package installed.Amazon Linux 2023 Security Technical Implementation Guide V-274018CAT IIAmazon Linux 2023 must produce audit records containing information to establish what type of events occurred.Amazon Linux 2023 Security Technical Implementation Guide V-268090CAT IIThe NixOS audit package must be installed.Anduril NixOS Security Technical Implementation Guide V-252534CAT IIThe macOS system must enable System Integrity Protection.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257240CAT IThe macOS system must enable System Integrity Protection.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268555CAT IThe macOS system must ensure System Integrity Protection is enabled.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277165CAT IThe macOS system must ensure System Integrity Protection (SIP) is enabled.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222488CAT IIThe application must provide the capability to filter audit records for events of interest based upon organization-defined criteria.Application Security and Development Security Technical Implementation Guide V-272632CAT IICylanceON-PREM must be configured to support integration with a third-party Security Information and Event Management (SIEM) to support notifications.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-276014CAT IAx-OS must off-load audit records onto a different system or media than the system being audited.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-219225CAT IIThe Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238298CAT IIThe Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260590CAT IIUbuntu 22.04 LTS must have the "auditd" package installed.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260591CAT IIUbuntu 22.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270656CAT IIUbuntu 24.04 LTS must have the "auditd" package installed.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270657CAT IIUbuntu 24.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-206456CAT IIIThe Central Log Server must be configured to perform on-demand filtering of the log records for events of interest based on organization-defined criteria.Central Log Server Security Requirements Guide V-206495CAT IIIThe Central Log Server must be configured to perform on-demand sorting of log records for events of interest based on the content of organization-defined audit fields within log records.Central Log Server Security Requirements Guide V-206496CAT IIIThe Central Log Server must be configured to perform on-demand searches of log records for events of interest based on the content of organization-defined audit fields within log records.Central Log Server Security Requirements Guide V-269469CAT IIThe audit package must be installed on AlmaLinux OS 9.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269532CAT IIThe auditd service must be enabled on AlmaLinux OS 9.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-235779CAT IIThe host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-203614CAT IIThe operating system must provide the capability to filter audit records for events of interest based upon all audit fields within audit records.General Purpose Operating System Security Requirements Guide V-215242CAT IIAIX must provide the function to filter audit records for events of interest based upon all audit fields within audit records, support on-demand reporting requirements, and an audit reduction function that supports on-demand audit review and analysis and after-the-fact investigations of security incidents.IBM AIX 7.x Security Technical Implementation Guide V-205475CAT IIThe Mainframe Products must provide the capability to filter audit records for events of interest as defined in site security plan.Mainframe Product Security Requirements Guide V-254181CAT IINutanix AOS must provide the capability to centrally review and analyze audit records from multiple components within the system.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279565CAT IINutanix OS must have the audit.x86_64 package installed.Nutanix Acropolis GPOS Security Technical Implementation Guide V-248519CAT IIThe OL 8 audit package must be installed.Oracle Linux 8 Security Technical Implementation Guide V-248520CAT IIOL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.Oracle Linux 8 Security Technical Implementation Guide V-271519CAT IIOL 9 must have the audit package installed.Oracle Linux 9 Security Technical Implementation Guide V-271520CAT IIOL 9 audit service must be enabled.Oracle Linux 9 Security Technical Implementation Guide V-280993CAT IIRHEL 10 must have the "audit" package installed.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-280994CAT IIRHEL 10 must enable the audit service.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-258151CAT IIRHEL 9 audit package must be installed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258152CAT IIRHEL 9 audit service must be enabled.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-275677CAT IIUbuntu OS must have the "auditd" package installed.Riverbed NetIM OS Security Technical Implementation Guide V-275678CAT IIUbuntu OS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.Riverbed NetIM OS Security Technical Implementation Guide V-261411CAT IISLEM 5 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217191CAT IISUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-216249CAT IIThe operating system must provide the capability to automatically process audit records for events of interest based upon selectable, event criteria.Solaris 11 SPARC Security Technical Implementation Guide V-216014CAT IIThe operating system must provide the capability to automatically process audit records for events of interest based upon selectable, event criteria.Solaris 11 X86 Security Technical Implementation Guide V-241024CAT IIThe Tanium Connect module must be configured to forward Tanium IOC Detect events to identified destinations.Tanium 7.0 Security Technical Implementation Guide V-234085CAT IIThe Tanium Connect module must be configured to forward Tanium Detect events to identified destinations.Tanium 7.3 Security Technical Implementation Guide V-254900CAT IIThe Tanium applications must provide the capability to filter audit records for events of interest based upon organization-defined criteria.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-253844CAT IIThe Tanium applications must be configured to filter audit records for events of interest based on organization-defined criteria.Tanium 7.x Security Technical Implementation Guide V-207361CAT IIThe VMM must support the capability to filter audit records for events of interest based upon all audit fields within audit records.Virtual Machine Manager Security Requirements Guide V-269586CAT IXylok Security Suite must use a central log server for auditing records.Xylok Security Suite 20.x Security Technical Implementation Guide