STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AU-9 — Protection of Audit Information

CCI-000162

Definition

Protect audit information from unauthorized access.

Parent Control

AU-9Protection of Audit InformationAudit and Accountability

Linked STIG Checks (200)

V-279036CAT IIThe ColdFusion log information must be protected from any type of unauthorized read access by having file ownership set properly.Adobe ColdFusion Security Technical Implementation Guide V-279055CAT IColdFusion must be using an enterprise solution for authentication.Adobe ColdFusion Security Technical Implementation Guide V-274108CAT IIAmazon Linux 2023 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access.Amazon Linux 2023 Security Technical Implementation Guide V-274109CAT IIAmazon Linux 2023 audit log directory must be owned by root to prevent unauthorized read access.Amazon Linux 2023 Security Technical Implementation Guide V-274110CAT IIAmazon Linux 2023 audit logs file must have mode "0600" or less permissive to prevent unauthorized access to the audit log.Amazon Linux 2023 Security Technical Implementation Guide V-274187CAT IIAmazon Linux 2023 audit system must protect logon user identifiers (UIDs) from unauthorized change.Amazon Linux 2023 Security Technical Implementation Guide V-268110CAT IINixOS audit daemon must generate logs that are group-owned by root.Anduril NixOS Security Technical Implementation Guide V-268111CAT IINixOS audit directory and logs must be owned by root to prevent unauthorized read access.Anduril NixOS Security Technical Implementation Guide V-268112CAT IINixOS audit directory and logs must be group-owned by root to prevent unauthorized read access.Anduril NixOS Security Technical Implementation Guide V-268113CAT IINixOS audit log directory must have a mode of 0700 or less permissive.Anduril NixOS Security Technical Implementation Guide V-268114CAT IINixOS audit logs must have a mode of 0600 or less permissive.Anduril NixOS Security Technical Implementation Guide V-268115CAT IINixOS journald directory and logs must be owned by root to prevent unauthorized read access.Anduril NixOS Security Technical Implementation Guide V-268116CAT IINixOS journald directory and logs must be group-owned by systemd-journald to prevent unauthorized read access.Anduril NixOS Security Technical Implementation Guide V-268117CAT IINixOS systemd-journald directory must have a mode of 2755 or less permissive.Anduril NixOS Security Technical Implementation Guide V-268118CAT IINixOS systemd-journald logs must have a mode of 0640 or less permissive.Anduril NixOS Security Technical Implementation Guide V-214235CAT IIThe Apache web server log files must only be accessible by privileged users.Apache Server 2.4 UNIX Server Security Technical Implementation Guide V-214314CAT IIThe Apache web server log files must only be accessible by privileged users.Apache Server 2.4 Windows Server Security Technical Implementation Guide V-222943CAT II$CATALINA_BASE/logs folder permissions must be set to 750.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-222944CAT IIFiles in the $CATALINA_BASE/logs/ folder must have their permissions set to 640.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-252452CAT IIThe macOS system must be configured so that log files must not contain access control lists (ACLs).Apple macOS 12 (Monterey) Security Technical Implementation Guide V-252453CAT IIThe macOS system must be configured so that log folders must not contain access control lists (ACLs).Apple macOS 12 (Monterey) Security Technical Implementation Guide V-252466CAT IIThe macOS system must be configured with audit log files owned by root.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-252467CAT IIThe macOS system must be configured with audit log folders owned by root.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-252468CAT IIThe macOS system must be configured with audit log files group-owned by wheel.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-252469CAT IIThe macOS system must be configured with audit log folders group-owned by wheel.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-252470CAT IIThe macOS system must be configured with audit log files set to mode 440 or less permissive.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-252471CAT IIThe macOS system must be configured with audit log folders set to mode 700 or less permissive.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257158CAT IIThe macOS system must be configured so that log files do not contain access control lists (ACLs).Apple macOS 13 (Ventura) Security Technical Implementation Guide V-257159CAT IIThe macOS system must be configured so that log folders do not contain access control lists (ACLs).Apple macOS 13 (Ventura) Security Technical Implementation Guide V-257172CAT IIThe macOS system must be configured with audit log files owned by root.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-257173CAT IIThe macOS system must be configured with audit log folders owned by root.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-257174CAT IIThe macOS system must be configured with audit log files group-owned by wheel.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-257175CAT IIThe macOS system must be configured with audit log folders group-owned by wheel.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-257176CAT IIThe macOS system must be configured with audit log files set to mode 440 or less permissive.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-257177CAT IIThe macOS system must be configured with audit log folders set to mode 700 or less permissive.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-259432CAT IIThe macOS system must configure audit log files to not contain access control lists.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259433CAT IIThe macOS system must configure audit log folders to not contain access control lists.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259456CAT IIThe macOS system must configure audit log files to be owned by root.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259457CAT IIThe macOS system must configure audit log folders to be owned by root.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259458CAT IIThe macOS system must configure audit log files group to wheel.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259459CAT IIThe macOS system must configure audit log folders group to wheel.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259460CAT IIThe macOS system must configure audit log files to mode 440 or less permissive.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259461CAT IIThe macOS system must configure audit log folders to mode 700 or less permissive.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259462CAT IIThe macOS system must be configured to audit all deletions of object attributes.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259463CAT IIThe macOS system must be configured to audit all changes of object attributes.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259464CAT IIThe macOS system must be configured to audit all failed read actions on the system.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259465CAT IIThe macOS system must be configured to audit all failed write actions on the system.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259473CAT IIThe macOS system must configure audit_control group to wheel.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259474CAT IIThe macOS system must configure audit_control owner to root.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259475CAT IIThe macOS system must configure audit_control to mode 440 or less permissive.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259476CAT IIThe macOS system must configure audit_control to not contain access control lists.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-268432CAT IIThe macOS system must configure audit log files to not contain access control lists (ACLs).Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268433CAT IIThe macOS system must configure the audit log folder to not contain access control lists (ACLs).Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268456CAT IIThe macOS system must configure audit log files to be owned by root.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268457CAT IIThe macOS system must configure audit log folders to be owned by root.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268458CAT IIThe macOS system must configure the audit log files group to wheel.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268459CAT IIThe macOS system must configure the audit log folders group to wheel.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268460CAT IIThe macOS system must configure audit log files to mode 440 or less permissive.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268461CAT IIThe macOS system must configure audit log folders to mode 700 or less permissive.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268462CAT IIThe macOS system must be configured to audit all deletions of object attributes.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268463CAT IIThe macOS system must be configured to audit all changes of object attributes.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268464CAT IIThe macOS system must be configured to audit all failed read actions on the system.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268465CAT IIThe macOS system must be configured to audit all failed write actions on the system.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268473CAT IIThe macOS system must configure audit_control group to wheel.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268474CAT IIThe macOS system must configure audit_control owner to root.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268475CAT IIThe macOS system must configure audit_control owner to mode 440 or less permissive.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268555CAT IThe macOS system must ensure System Integrity Protection is enabled.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-269095CAT IIThe macOS system must configure audit_control to not contain access control lists (ACLs).Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277040CAT IIThe macOS system must configure audit log files to not contain access control lists (ACLs).Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277041CAT IIThe macOS system must configure the audit log folder to not contain access control lists (ACLs).Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277063CAT IIThe macOS system must configure audit log files to be owned by root.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277064CAT IIThe macOS system must configure audit log folders to be owned by root.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277065CAT IIThe macOS system must configure the audit log files group to wheel.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277066CAT IIThe macOS system must configure the audit log folders group to wheel.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277067CAT IIThe macOS system must configure audit log files to mode 440 or less permissive.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277068CAT IIThe macOS system must configure audit log folders to mode 700 or less permissive.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277069CAT IIThe macOS system must be configured to audit all deletions of object attributes.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277070CAT IIThe macOS system must be configured to audit all changes of object attributes.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277071CAT IIThe macOS system must be configured to audit all failed read actions on the system.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277072CAT IIThe macOS system must be configured to audit all failed write actions on the system.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277080CAT IIThe macOS system must configure audit_control group to wheel.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277081CAT IIThe macOS system must configure audit_control owner to root.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277082CAT IIThe macOS system must configure audit_control owner to mode 440 or less permissive.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277083CAT IIThe macOS system must configure audit_control to not contain access control lists (ACLs).Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277165CAT IThe macOS system must ensure System Integrity Protection (SIP) is enabled.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-204936CAT IIThe ALG must protect audit information from unauthorized read access.Application Layer Gateway Security Requirements Guide V-222500CAT IIThe application must protect audit information from any type of unauthorized read access.Application Security and Development Security Technical Implementation Guide V-204732CAT IIThe application server must protect log information from any type of unauthorized read access.Application Server Security Requirements Guide V-237324CAT IIThe ArcGIS Server must protect audit information from any type of unauthorized read access, modification or deletion.ArcGIS for Server 10.3 Security Technical Implementation Guide V-272627CAT IIICylanceON-PREM must be configured to use a third-party identity provider.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-276014CAT IAx-OS must off-load audit records onto a different system or media than the system being audited.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-79003CAT IIThe BlackBerry Enterprise Mobility Server (BEMS) must protect log information from any type of unauthorized read access.BlackBerry Enterprise Mobility Server 2.x Security Technical Implementation Guide V-254706CAT IIThe BlackBerry Enterprise Mobility Server (BEMS) must protect log information from any type of unauthorized read access.BlackBerry Enterprise Mobility Server 3.x Security Technical Implementation Guide V-237356CAT IIThe CA API Gateway must protect audit information from unauthorized read access.CA API Gateway ALG Security Technical Implementation Guide V-219228CAT IIThe Ubuntu operating system must be configured so that audit log files cannot be read or write-accessible by unauthorized users.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219229CAT IIThe Ubuntu operating system must permit only authorized accounts ownership of the audit log files.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219230CAT IIThe Ubuntu operating system must permit only authorized groups to own the audit log files.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238245CAT IIThe Ubuntu operating system must be configured so that audit log files are not read or write-accessible by unauthorized users.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238246CAT IIThe Ubuntu operating system must be configured to permit only authorized users ownership of the audit log files.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238247CAT IIThe Ubuntu operating system must permit only authorized groups ownership of the audit log files.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260597CAT IIUbuntu 22.04 LTS must be configured so that audit log files are not read- or write-accessible by unauthorized users.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260598CAT IIUbuntu 22.04 LTS must be configured to permit only authorized users ownership of the audit log files.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260599CAT IIUbuntu 22.04 LTS must permit only authorized groups ownership of the audit log files.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270827CAT IIUbuntu 24.04 LTS must be configured so that audit log files are not read or write-accessible by unauthorized users.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270828CAT IIUbuntu 24.04 LTS must be configured to permit only authorized users ownership of the audit log files.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270829CAT IIUbuntu 24.04 LTS must permit only authorized groups ownership of the audit log files.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-221914CAT IIThe Central Log Server must protect audit information from any type of unauthorized read access.Central Log Server Security Requirements Guide V-269536CAT IIAlmaLinux OS 9 audit log directory must be owned by root to prevent unauthorized read access.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269537CAT IIAlmaLinux OS 9 audit log directory must have 0700 permissions to prevent unauthorized read access.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269538CAT IIAlmaLinux OS 9 audit logs must be owned by the root group to prevent unauthorized read access.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269539CAT IIAlmaLinux OS 9 audit logs must be owned by root to prevent unauthorized read access.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269540CAT IIAlmaLinux OS 9 audit logs must have 0600 permissions to prevent unauthorized read access.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233056CAT IIThe container platform must protect audit information from any type of unauthorized read access.Container Platform Security Requirements Guide V-233549CAT IIThe audit information produced by PostgreSQL must be protected from unauthorized read access.Crunchy Data PostgreSQL Security Technical Implementation Guide V-261875CAT IIThe audit information produced by PostgreSQL must be protected from unauthorized read access.Crunchy Data Postgres 16 Security Technical Implementation Guide V-206538CAT IIThe audit information produced by the DBMS must be protected from unauthorized read access.Database Security Requirements Guide V-224148CAT IIThe audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized read access.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213579CAT IIThe audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized read access.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-260003CAT IIThe Enterprise Voice, Video, and Messaging Session Manager must protect session (call) records from unauthorized read access.Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide V-259228CAT IIThe audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized read access.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-228985CAT IIThe BIG-IP appliance must be configured to protect audit information from any type of unauthorized read access.F5 BIG-IP Device Management Security Technical Implementation Guide V-215749CAT IIThe BIG-IP Core implementation must be configured to protect audit information from unauthorized read access.F5 BIG-IP Local Traffic Manager Security Technical Implementation Guide V-278388CAT IINGINX must protect audit information from unauthorized access.F5 NGINX Security Technical Implementation Guide V-234141CAT IIThe FortiGate firewall must protect traffic log records from unauthorized access while in transit to the central audit server.Fortinet FortiGate Firewall Security Technical Implementation Guide V-203616CAT IIThe operating system must protect audit information from unauthorized read access.General Purpose Operating System Security Requirements Guide V-230165CAT IIThe HP FlexFabric Switch must protect audit information from any type of unauthorized read access.HP FlexFabric Switch NDM Security Technical Implementation Guide V-215243CAT IIAudit logs on the AIX system must be owned by root.IBM AIX 7.x Security Technical Implementation Guide V-215244CAT IIAudit logs on the AIX system must be group-owned by system.IBM AIX 7.x Security Technical Implementation Guide V-215245CAT IIAudit logs on the AIX system must be set to 660 or less permissive.IBM AIX 7.x Security Technical Implementation Guide V-252559CAT IIThe IBM Aspera Console must protect audit information from unauthorized read access.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252592CAT IIIBM Aspera Faspex must protect audit information from unauthorized modification.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252609CAT IIIBM Aspera Shares must protect audit information from unauthorized deletion.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-213682CAT IIThe audit information produced by DB2 must be protected from unauthorized read access.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-65211CAT IIThe DataPower Gateway must protect audit information from unauthorized read access.IBM DataPower ALG Security Technical Implementation Guide V-65075CAT IIThe DataPower Gateway must protect audit information from any type of unauthorized read access.IBM DataPower Network Device Management Security Technical Implementation Guide V-250325CAT IIThe WebSphere Liberty Server must log remote session and security activity.IBM WebSphere Liberty Server Security Technical Implementation Guide V-250330CAT IIThe WebSphere Liberty Server must be configured to encrypt log information.IBM WebSphere Liberty Server Security Technical Implementation Guide V-255848CAT IIIThe WebSphere Application Server must be configured to protect log information from any type of unauthorized read access.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-223554CAT IIIBM z/OS SMF collection files (i.e., SYS1.MANx) access must be limited to appropriate users and/or batch jobs that perform SMF dump processing.IBM z/OS ACF2 Security Technical Implementation Guide V-223701CAT IIIBM z/OS must limit access for SMF collection files (i.e., SYS1.MANx) to appropriate users and/or batch jobs that perform SMF dump processing.IBM z/OS RACF Security Technical Implementation Guide V-223881CAT IIIBM z/OS must limit access for SMF collection files (i.e., SYS1.MANx) to appropriate users and/or batch jobs that perform SMF dump processing.IBM z/OS TSS Security Technical Implementation Guide V-237907CAT IICA VM:Secure product AUDIT file must be restricted to authorized personnel.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-213513CAT IIFile permissions must be configured to protect log information from any type of unauthorized read access.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-213820CAT IIThe audit information produced by SQL Server must be protected from unauthorized read access.MS SQL Server 2014 Instance Security Technical Implementation Guide V-213944CAT IIThe audit information produced by SQL Server must be protected from unauthorized access, modification, and deletion.MS SQL Server 2016 Instance Security Technical Implementation Guide V-205477CAT IIThe Mainframe Product must protect audit information from any type of unauthorized read access.Mainframe Product Security Requirements Guide V-253679CAT IIThe audit information produced by MariaDB must be protected from unauthorized read access.MariaDB Enterprise 10.x Security Technical Implementation Guide V-220349CAT IIThe audit information produced by MarkLogic Server must be protected from unauthorized read access.MarkLogic Server v9 Security Technical Implementation Guide V-255330CAT IIThe audit information produced by Azure SQL Database must be protected from unauthorized read access.Microsoft Azure SQL Database Security Technical Implementation Guide V-276298CAT IIThe audit information produced by Azure SQL Managed Instance must be protected from unauthorized access.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-221211CAT IIExchange Audit data must be protected against unauthorized access (read access).Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide V-228365CAT IIExchange must protect audit data against unauthorized read access.Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide V-259585CAT IIExchange audit data must be protected against unauthorized access (read access).Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide V-259660CAT IIExchange must protect audit data against unauthorized read access.Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide V-271282CAT IIThe audit information produced by SQL Server must be protected from unauthorized access, modification, and deletion.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-220782CAT IIWindows 10 permissions for the Application event log must prevent access by non-privileged accounts.Microsoft Windows 10 Security Technical Implementation Guide V-220783CAT IIWindows 10 permissions for the Security event log must prevent access by non-privileged accounts.Microsoft Windows 10 Security Technical Implementation Guide V-220784CAT IIWindows 10 permissions for the System event log must prevent access by non-privileged accounts.Microsoft Windows 10 Security Technical Implementation Guide V-220978CAT IIThe Manage auditing and security log user right must only be assigned to the Administrators group.Microsoft Windows 10 Security Technical Implementation Guide V-253340CAT IIWindows 11 permissions for the Application event log must prevent access by non-privileged accounts.Microsoft Windows 11 Security Technical Implementation Guide V-253341CAT IIWindows 11 permissions for the Security event log must prevent access by non-privileged accounts.Microsoft Windows 11 Security Technical Implementation Guide V-253342CAT IIWindows 11 permissions for the System event log must prevent access by non-privileged accounts.Microsoft Windows 11 Security Technical Implementation Guide V-253501CAT IIThe "Manage auditing and security log" user right must only be assigned to the Administrators group.Microsoft Windows 11 Security Technical Implementation Guide V-224877CAT IIPermissions for the Application event log must prevent access by non-privileged accounts.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224878CAT IIPermissions for the Security event log must prevent access by non-privileged accounts.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224879CAT IIPermissions for the System event log must prevent access by non-privileged accounts.Microsoft Windows Server 2016 Security Technical Implementation Guide V-225086CAT IIThe Manage auditing and security log user right must only be assigned to the Administrators group.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205640CAT IIWindows Server 2019 permissions for the Application event log must prevent access by non-privileged accounts.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205641CAT IIWindows Server 2019 permissions for the Security event log must prevent access by non-privileged accounts.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205642CAT IIWindows Server 2019 permissions for the System event log must prevent access by non-privileged accounts.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205643CAT IIWindows Server 2019 Manage auditing and security log user right must only be assigned to the Administrators group.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254296CAT IIWindows Server 2022 permissions for the Application event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254297CAT IIWindows Server 2022 permissions for the Security event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254298CAT IIWindows Server 2022 permissions for the System event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254507CAT IIWindows Server 2022 manage auditing and security log user right must only be assigned to the Administrators group.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278043CAT IIWindows Server 2025 permissions for the Application event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278044CAT IIWindows Server 2025 permissions for the Security event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278045CAT IIWindows Server 2025 permissions for the System event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278257CAT IIThe Windows Server 2025 "Manage auditing and security log" user right must only be assigned to the Administrators group.Microsoft Windows Server 2025 Security Technical Implementation Guide V-221161CAT IIThe audit information produced by MongoDB must be protected from unauthorized read access.MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide V-252135CAT IIThe audit information produced by MongoDB must be protected from unauthorized access.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-265908CAT IIThe audit information produced by MongoDB must be protected from unauthorized access.MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide V-279336CAT IIThe audit information produced by MongoDB must be protected from unauthorized access, modification, and deletion.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-254107CAT IINutanix AOS must protect log information from any type of unauthorized access.Nutanix AOS 5.20.x Application Security Technical Implementation Guide V-254183CAT IINutanix AOS must protect audit information from unauthorized access.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279427CAT IINutanix AOS must be configured to protect the application server log files from unauthorized access.Nutanix Acropolis Application Server Security Technical Implementation Guide V-279575CAT IINutanix OS must configure audit log permissions for 0600 or less.Nutanix Acropolis GPOS Security Technical Implementation Guide V-219761CAT IIThe DBMS must protect audit information from any type of unauthorized access.Oracle Database 11.2g Security Technical Implementation Guide V-220277CAT IIThe system must protect audit information from any type of unauthorized access.Oracle Database 12c Security Technical Implementation Guide V-270510CAT IIThe audit information produced by the Oracle Database must be protected from unauthorized access, modification, or deletion.Oracle Database 19c Security Technical Implementation Guide V-221334CAT IIOHS log files must only be accessible by privileged users.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221899CAT IIThe Oracle Linux operating system must protect audit information from unauthorized read, modification, or deletion.Oracle Linux 7 Security Technical Implementation Guide V-248732CAT IIOL 8 audit logs must have a mode of "0600" or less permissive to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248733CAT IIOL 8 audit logs must be owned by root to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248734CAT IIOL 8 audit logs must be group-owned by root to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248735CAT IIThe OL 8 audit log directory must be owned by root to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248736CAT IIThe OL 8 audit log directory must be group-owned by root to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248737CAT IIThe OL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248738CAT IIThe OL 8 audit system must protect auditing rules from unauthorized change.Oracle Linux 8 Security Technical Implementation Guide V-248739CAT IIThe OL 8 audit system must protect logon UIDs from unauthorized change.Oracle Linux 8 Security Technical Implementation Guide