STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AU-9 — Protection of Audit Information

CCI-000163

Definition

Protect audit information from unauthorized modification.

Parent Control

AU-9Protection of Audit InformationAudit and Accountability

Linked STIG Checks (200)

V-279036CAT IIThe ColdFusion log information must be protected from any type of unauthorized read access by having file ownership set properly.Adobe ColdFusion Security Technical Implementation Guide V-274108CAT IIAmazon Linux 2023 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access.Amazon Linux 2023 Security Technical Implementation Guide V-274109CAT IIAmazon Linux 2023 audit log directory must be owned by root to prevent unauthorized read access.Amazon Linux 2023 Security Technical Implementation Guide V-274110CAT IIAmazon Linux 2023 audit logs file must have mode "0600" or less permissive to prevent unauthorized access to the audit log.Amazon Linux 2023 Security Technical Implementation Guide V-274187CAT IIAmazon Linux 2023 audit system must protect logon user identifiers (UIDs) from unauthorized change.Amazon Linux 2023 Security Technical Implementation Guide V-268090CAT IIThe NixOS audit package must be installed.Anduril NixOS Security Technical Implementation Guide V-268119CAT IINixOS audit system must protect logon UIDs from unauthorized change.Anduril NixOS Security Technical Implementation Guide V-214236CAT IIThe log information from the Apache web server must be protected from unauthorized modification or deletion.Apache Server 2.4 UNIX Server Security Technical Implementation Guide V-214315CAT IIThe log information from the Apache web server must be protected from unauthorized deletion and modification.Apache Server 2.4 Windows Server Security Technical Implementation Guide V-222945CAT IIFiles in the $CATALINA_BASE/conf/ folder must have their permissions set to 640.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-222946CAT II$CATALINA_BASE/conf folder permissions must be set to 750.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-252471CAT IIThe macOS system must be configured with audit log folders set to mode 700 or less permissive.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257177CAT IIThe macOS system must be configured with audit log folders set to mode 700 or less permissive.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268432CAT IIThe macOS system must configure audit log files to not contain access control lists (ACLs).Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268433CAT IIThe macOS system must configure the audit log folder to not contain access control lists (ACLs).Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268456CAT IIThe macOS system must configure audit log files to be owned by root.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268457CAT IIThe macOS system must configure audit log folders to be owned by root.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268458CAT IIThe macOS system must configure the audit log files group to wheel.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268459CAT IIThe macOS system must configure the audit log folders group to wheel.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268460CAT IIThe macOS system must configure audit log files to mode 440 or less permissive.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268461CAT IIThe macOS system must configure audit log folders to mode 700 or less permissive.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268462CAT IIThe macOS system must be configured to audit all deletions of object attributes.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268463CAT IIThe macOS system must be configured to audit all changes of object attributes.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268464CAT IIThe macOS system must be configured to audit all failed read actions on the system.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268465CAT IIThe macOS system must be configured to audit all failed write actions on the system.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268473CAT IIThe macOS system must configure audit_control group to wheel.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268474CAT IIThe macOS system must configure audit_control owner to root.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268475CAT IIThe macOS system must configure audit_control owner to mode 440 or less permissive.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268555CAT IThe macOS system must ensure System Integrity Protection is enabled.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-269095CAT IIThe macOS system must configure audit_control to not contain access control lists (ACLs).Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277040CAT IIThe macOS system must configure audit log files to not contain access control lists (ACLs).Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277041CAT IIThe macOS system must configure the audit log folder to not contain access control lists (ACLs).Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277063CAT IIThe macOS system must configure audit log files to be owned by root.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277064CAT IIThe macOS system must configure audit log folders to be owned by root.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277065CAT IIThe macOS system must configure the audit log files group to wheel.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277066CAT IIThe macOS system must configure the audit log folders group to wheel.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277067CAT IIThe macOS system must configure audit log files to mode 440 or less permissive.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277068CAT IIThe macOS system must configure audit log folders to mode 700 or less permissive.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277069CAT IIThe macOS system must be configured to audit all deletions of object attributes.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277070CAT IIThe macOS system must be configured to audit all changes of object attributes.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277071CAT IIThe macOS system must be configured to audit all failed read actions on the system.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277072CAT IIThe macOS system must be configured to audit all failed write actions on the system.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277080CAT IIThe macOS system must configure audit_control group to wheel.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277081CAT IIThe macOS system must configure audit_control owner to root.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277082CAT IIThe macOS system must configure audit_control owner to mode 440 or less permissive.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277083CAT IIThe macOS system must configure audit_control to not contain access control lists (ACLs).Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277165CAT IThe macOS system must ensure System Integrity Protection (SIP) is enabled.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-204937CAT IIThe ALG must protect audit information from unauthorized modification.Application Layer Gateway Security Requirements Guide V-222501CAT IIThe application must protect audit information from unauthorized modification.Application Security and Development Security Technical Implementation Guide V-204733CAT IIThe application server must protect log information from unauthorized modification.Application Server Security Requirements Guide V-237324CAT IIThe ArcGIS Server must protect audit information from any type of unauthorized read access, modification or deletion.ArcGIS for Server 10.3 Security Technical Implementation Guide V-255966CAT IThe Arista network Arista device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.Arista MLS EOS 4.2x NDM Security Technical Implementation Guide V-255966CAT IThe Arista network Arista device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-79005CAT IIThe BlackBerry Enterprise Mobility Server (BEMS) must protect log information from unauthorized modification.BlackBerry Enterprise Mobility Server 2.x Security Technical Implementation Guide V-254707CAT IIThe BlackBerry Enterprise Mobility Server (BEMS) must protect log information from unauthorized modification.BlackBerry Enterprise Mobility Server 3.x Security Technical Implementation Guide V-219228CAT IIThe Ubuntu operating system must be configured so that audit log files cannot be read or write-accessible by unauthorized users.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219229CAT IIThe Ubuntu operating system must permit only authorized accounts ownership of the audit log files.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219230CAT IIThe Ubuntu operating system must permit only authorized groups to own the audit log files.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238245CAT IIThe Ubuntu operating system must be configured so that audit log files are not read or write-accessible by unauthorized users.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260597CAT IIUbuntu 22.04 LTS must be configured so that audit log files are not read- or write-accessible by unauthorized users.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260598CAT IIUbuntu 22.04 LTS must be configured to permit only authorized users ownership of the audit log files.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260599CAT IIUbuntu 22.04 LTS must permit only authorized groups ownership of the audit log files.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270827CAT IIUbuntu 24.04 LTS must be configured so that audit log files are not read or write-accessible by unauthorized users.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270828CAT IIUbuntu 24.04 LTS must be configured to permit only authorized users ownership of the audit log files.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270829CAT IIUbuntu 24.04 LTS must permit only authorized groups ownership of the audit log files.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270832CAT IIUbuntu 24.04 LTS audit system must protect auditing rules from unauthorized change.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-221915CAT IIThe Central Log Server must protect audit information from unauthorized modification.Central Log Server Security Requirements Guide V-215675CAT IIThe Cisco router must be configured to protect audit information from unauthorized modification.Cisco IOS Router NDM Security Technical Implementation Guide V-220583CAT IIThe Cisco switch must be configured to protect audit information from unauthorized modification.Cisco IOS Switch NDM Security Technical Implementation Guide V-215820CAT IIThe Cisco router must be configured to protect audit information from unauthorized modification.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220531CAT IIThe Cisco switch must be configured to protect audit information from unauthorized modification.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-269544CAT IIAlmaLinux OS 9 audit system must protect logon UIDs from unauthorized change.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269546CAT IIAlmaLinux OS 9 audit system must protect auditing rules from unauthorized change.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233057CAT IIThe container platform must protect audit information from unauthorized modification.Container Platform Security Requirements Guide V-233514CAT IIThe audit information produced by PostgreSQL must be protected from unauthorized modification.Crunchy Data PostgreSQL Security Technical Implementation Guide V-261876CAT IIThe audit information produced by PostgreSQL must be protected from unauthorized modification.Crunchy Data Postgres 16 Security Technical Implementation Guide V-206539CAT IIThe audit information produced by the DBMS must be protected from unauthorized modification.Database Security Requirements Guide V-224149CAT IIThe audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized modification.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213580CAT IIThe audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized modification.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-260004CAT IIThe Enterprise Voice, Video, and Messaging Session Manager must protect session (call) records from unauthorized modification.Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide V-259229CAT IIThe audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized modification.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-217392CAT IIThe BIG-IP appliance must be configured to protect audit information from unauthorized modification.F5 BIG-IP Device Management Security Technical Implementation Guide V-215750CAT IIThe BIG-IP Core implementation must be configured to protect audit information from unauthorized modification.F5 BIG-IP Local Traffic Manager Security Technical Implementation Guide V-278388CAT IINGINX must protect audit information from unauthorized access.F5 NGINX Security Technical Implementation Guide V-206687CAT IIThe firewall must protect the traffic log from unauthorized modification of local log records.Firewall Security Requirements Guide V-234142CAT IIThe FortiGate firewall must protect the traffic log from unauthorized modification of local log records.Fortinet FortiGate Firewall Security Technical Implementation Guide V-203617CAT IIThe operating system must protect audit information from unauthorized modification.General Purpose Operating System Security Requirements Guide V-217448CAT IIThe HP FlexFabric Switch must protect audit information from unauthorized modification.HP FlexFabric Switch NDM Security Technical Implementation Guide V-215243CAT IIAudit logs on the AIX system must be owned by root.IBM AIX 7.x Security Technical Implementation Guide V-215244CAT IIAudit logs on the AIX system must be group-owned by system.IBM AIX 7.x Security Technical Implementation Guide V-215245CAT IIAudit logs on the AIX system must be set to 660 or less permissive.IBM AIX 7.x Security Technical Implementation Guide V-252559CAT IIThe IBM Aspera Console must protect audit information from unauthorized read access.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252592CAT IIIBM Aspera Faspex must protect audit information from unauthorized modification.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252609CAT IIIBM Aspera Shares must protect audit information from unauthorized deletion.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-213683CAT IIThe audit information produced by DB2 must be protected from unauthorized modification.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-250328CAT IIThe WebSphere Liberty Server must protect log information from unauthorized access or changes.IBM WebSphere Liberty Server Security Technical Implementation Guide V-255849CAT IIThe WebSphere Application Server must protect log information from unauthorized modification.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-223554CAT IIIBM z/OS SMF collection files (i.e., SYS1.MANx) access must be limited to appropriate users and/or batch jobs that perform SMF dump processing.IBM z/OS ACF2 Security Technical Implementation Guide V-223701CAT IIIBM z/OS must limit access for SMF collection files (i.e., SYS1.MANx) to appropriate users and/or batch jobs that perform SMF dump processing.IBM z/OS RACF Security Technical Implementation Guide V-223881CAT IIIBM z/OS must limit access for SMF collection files (i.e., SYS1.MANx) to appropriate users and/or batch jobs that perform SMF dump processing.IBM z/OS TSS Security Technical Implementation Guide V-237907CAT IICA VM:Secure product AUDIT file must be restricted to authorized personnel.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-258600CAT IThe ICS must be configured to prevent nonprivileged users from executing privileged functions.Ivanti Connect Secure NDM Security Technical Implementation Guide V-213514CAT IIFile permissions must be configured to protect log information from unauthorized modification.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-253896CAT IIThe Juniper EX switch must be configured to protect audit information from unauthorized modification.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-217317CAT IIThe Juniper router must be configured to protect audit information from unauthorized modification.Juniper Router NDM Security Technical Implementation Guide V-213821CAT IIThe audit information produced by SQL Server must be protected from unauthorized modification.MS SQL Server 2014 Instance Security Technical Implementation Guide V-213944CAT IIThe audit information produced by SQL Server must be protected from unauthorized access, modification, and deletion.MS SQL Server 2016 Instance Security Technical Implementation Guide V-205478CAT IIThe Mainframe Product must protect audit information from unauthorized modification.Mainframe Product Security Requirements Guide V-253680CAT IIThe audit information produced by MariaDB must be protected from unauthorized modification.MariaDB Enterprise 10.x Security Technical Implementation Guide V-220350CAT IIThe audit information produced by MarkLogic Server must be protected from unauthorized modification.MarkLogic Server v9 Security Technical Implementation Guide V-255331CAT IIThe audit information produced by Azure SQL Database must be protected from unauthorized modification.Microsoft Azure SQL Database Security Technical Implementation Guide V-276298CAT IIThe audit information produced by Azure SQL Managed Instance must be protected from unauthorized access.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-221213CAT IIExchange audit data must be protected against unauthorized access for modification.Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide V-228367CAT IIExchange must protect audit data against unauthorized access.Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide V-259586CAT IIExchange audit data must be protected against unauthorized access for modification.Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide V-259661CAT IIExchange must protect audit data against unauthorized access.Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide V-271282CAT IIThe audit information produced by SQL Server must be protected from unauthorized access, modification, and deletion.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-220782CAT IIWindows 10 permissions for the Application event log must prevent access by non-privileged accounts.Microsoft Windows 10 Security Technical Implementation Guide V-220783CAT IIWindows 10 permissions for the Security event log must prevent access by non-privileged accounts.Microsoft Windows 10 Security Technical Implementation Guide V-220784CAT IIWindows 10 permissions for the System event log must prevent access by non-privileged accounts.Microsoft Windows 10 Security Technical Implementation Guide V-220978CAT IIThe Manage auditing and security log user right must only be assigned to the Administrators group.Microsoft Windows 10 Security Technical Implementation Guide V-224877CAT IIPermissions for the Application event log must prevent access by non-privileged accounts.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224878CAT IIPermissions for the Security event log must prevent access by non-privileged accounts.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224879CAT IIPermissions for the System event log must prevent access by non-privileged accounts.Microsoft Windows Server 2016 Security Technical Implementation Guide V-225086CAT IIThe Manage auditing and security log user right must only be assigned to the Administrators group.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205640CAT IIWindows Server 2019 permissions for the Application event log must prevent access by non-privileged accounts.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205641CAT IIWindows Server 2019 permissions for the Security event log must prevent access by non-privileged accounts.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205642CAT IIWindows Server 2019 permissions for the System event log must prevent access by non-privileged accounts.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205643CAT IIWindows Server 2019 Manage auditing and security log user right must only be assigned to the Administrators group.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254296CAT IIWindows Server 2022 permissions for the Application event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254297CAT IIWindows Server 2022 permissions for the Security event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254298CAT IIWindows Server 2022 permissions for the System event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254507CAT IIWindows Server 2022 manage auditing and security log user right must only be assigned to the Administrators group.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278043CAT IIWindows Server 2025 permissions for the Application event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278044CAT IIWindows Server 2025 permissions for the Security event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278045CAT IIWindows Server 2025 permissions for the System event log must prevent access by nonprivileged accounts.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278257CAT IIThe Windows Server 2025 "Manage auditing and security log" user right must only be assigned to the Administrators group.Microsoft Windows Server 2025 Security Technical Implementation Guide V-221161CAT IIThe audit information produced by MongoDB must be protected from unauthorized read access.MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide V-252135CAT IIThe audit information produced by MongoDB must be protected from unauthorized access.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-265908CAT IIThe audit information produced by MongoDB must be protected from unauthorized access.MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide V-279336CAT IIThe audit information produced by MongoDB must be protected from unauthorized access, modification, and deletion.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-202040CAT IIThe network device must protect audit information from unauthorized modification.Network Device Management Security Requirements Guide V-254107CAT IINutanix AOS must protect log information from any type of unauthorized access.Nutanix AOS 5.20.x Application Security Technical Implementation Guide V-254183CAT IINutanix AOS must protect audit information from unauthorized access.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279427CAT IINutanix AOS must be configured to protect the application server log files from unauthorized access.Nutanix Acropolis Application Server Security Technical Implementation Guide V-279575CAT IINutanix OS must configure audit log permissions for 0600 or less.Nutanix Acropolis GPOS Security Technical Implementation Guide V-219762CAT IIThe DBMS must protect audit information from unauthorized modification.Oracle Database 11.2g Security Technical Implementation Guide V-220278CAT IIThe system must protect audit information from unauthorized modification.Oracle Database 12c Security Technical Implementation Guide V-270510CAT IIThe audit information produced by the Oracle Database must be protected from unauthorized access, modification, or deletion.Oracle Database 19c Security Technical Implementation Guide V-221335CAT IIThe log information from OHS must be protected from unauthorized modification.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-221899CAT IIThe Oracle Linux operating system must protect audit information from unauthorized read, modification, or deletion.Oracle Linux 7 Security Technical Implementation Guide V-248732CAT IIOL 8 audit logs must have a mode of "0600" or less permissive to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248733CAT IIOL 8 audit logs must be owned by root to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248734CAT IIOL 8 audit logs must be group-owned by root to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248735CAT IIThe OL 8 audit log directory must be owned by root to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248736CAT IIThe OL 8 audit log directory must be group-owned by root to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248737CAT IIThe OL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access.Oracle Linux 8 Security Technical Implementation Guide V-248738CAT IIThe OL 8 audit system must protect auditing rules from unauthorized change.Oracle Linux 8 Security Technical Implementation Guide V-248739CAT IIThe OL 8 audit system must protect logon UIDs from unauthorized change.Oracle Linux 8 Security Technical Implementation Guide V-271583CAT IIOL 9 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access.Oracle Linux 9 Security Technical Implementation Guide V-271584CAT IIOL 9 audit log directory must be owned by root to prevent unauthorized read access.Oracle Linux 9 Security Technical Implementation Guide V-271585CAT IIOL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log.Oracle Linux 9 Security Technical Implementation Guide V-271885CAT IIOL 9 audit system must protect logon UIDs from unauthorized change.Oracle Linux 9 Security Technical Implementation Guide V-271886CAT IIOL 9 audit system must protect auditing rules from unauthorized change.Oracle Linux 9 Security Technical Implementation Guide V-235100CAT IIThe audit information produced by the MySQL Database Server 8.0 must be protected from unauthorized modification.Oracle MySQL 8.0 Security Technical Implementation Guide V-214051CAT IIThe audit information produced by PostgreSQL must be protected from unauthorized modification.PostgreSQL 9.x Security Technical Implementation Guide V-252843CAT IRancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-281050CAT IIRHEL 10 must enforce group ownership of audit logs by "root" or by a restricted logging group to prevent unauthorized read access.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281051CAT IIRHEL 10 must enforce "root" ownership of the audit log directory to prevent unauthorized read access.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281052CAT IIRHEL 10 must enforce "root" ownership of audit logs to prevent unauthorized access.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281053CAT IIRHEL 10 must enforce group ownership by "root" or a restricted logging group for audit log files to prevent unauthorized access.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281054CAT IIRHEL 10 must set mode "0600" or less permissive for the audit logs file to prevent unauthorized access to the audit log.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281055CAT IIRHEL 10 must enforce the audit log directory to have a mode of "0750" or less permissive to prevent unauthorized read access.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281099CAT IIRHEL 10 must write audit records to disk.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281365CAT IIRHEL 10 must prevent unauthorized changes to the audit system.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-228564CAT IIThe Red Hat Enterprise Linux operating system must protect audit information from unauthorized read, modification, or deletion.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-258165CAT IIRHEL 9 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258166CAT IIRHEL 9 audit log directory must be owned by root to prevent unauthorized read access.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258167CAT IIRHEL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258228CAT IIRHEL 9 audit system must protect logon UIDs from unauthorized change.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258229CAT IIRHEL 9 audit system must protect auditing rules from unauthorized change.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257533CAT IIOpenShift must protect audit information from unauthorized modification.Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide V-257533CAT IIOpenShift must protect audit information from unauthorized modification.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-251203CAT IIThe audit information produced by Redis Enterprise DBMS must be protected from unauthorized modification.Redis Enterprise 6.x Security Technical Implementation Guide V-275683CAT IIUbuntu OS must be configured so that audit log files are not read- or write-accessible by unauthorized users.Riverbed NetIM OS Security Technical Implementation Guide V-275684CAT IIUbuntu OS must be configured to permit only authorized users ownership of the audit log files.Riverbed NetIM OS Security Technical Implementation Guide V-275685CAT IIUbuntu OS must permit only authorized groups ownership of the audit log files.Riverbed NetIM OS Security Technical Implementation Guide V-256079CAT IThe Riverbed NetProfiler must be configured to authenticate each administrator prior to authorizing privileges based on roles.Riverbed NetProfiler Security Technical Implementation Guide V-261418CAT IISLEM 5 must protect audit rules from unauthorized modification.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217202CAT IIThe SUSE operating system must protect audit rules from unauthorized modification.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-22369CAT IIAll system audit files must not have extended ACLs.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-22702CAT IISystem audit logs must be group-owned by root, bin, sys, or system.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-813CAT IISystem audit logs must have mode 0640 or less permissive.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-216277CAT IIThe operating system must protect audit information from unauthorized access.Solaris 11 SPARC Security Technical Implementation Guide V-216042CAT IIThe operating system must protect audit information from unauthorized access.Solaris 11 X86 Security Technical Implementation Guide V-221935CAT IISplunk Enterprise installation directories must be secured.Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-251672CAT IISplunk Enterprise installation directories must be secured.Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-279251CAT IThe Edge SWG must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.Symantec Edge SWG NDM Security Technical Implementation Guide V-240977CAT IIAccess to Tanium logs on each endpoint must be restricted by permissions.Tanium 7.0 Security Technical Implementation Guide V-234036CAT IIAccess to Tanium logs on each endpoint must be restricted by permissions.Tanium 7.3 Security Technical Implementation Guide