STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AU-12 — Audit Record Generation

CCI-000169

Definition

Provide audit record generation capability for the event types the system is capable of auditing as defined in AU-2 a on organization-defined information system components.

Parent Control

AU-12Audit Record GenerationAudit and Accountability

Linked STIG Checks (200)

V-204645CAT IIAAA Services must be configured to audit each authentication and authorization transaction.AAA Services Security Requirements Guide V-76481CAT IIIThe Akamai Luna Portal must provide audit record generation capability for DoD-defined auditable events within the network device.Akamai KSD Service Impact Level 2 NDM Security Technical Implementation Guide V-274017CAT IIAmazon Linux 2023 must have the audit package installed.Amazon Linux 2023 Security Technical Implementation Guide V-274018CAT IIAmazon Linux 2023 must produce audit records containing information to establish what type of events occurred.Amazon Linux 2023 Security Technical Implementation Guide V-274081CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Amazon Linux 2023 Security Technical Implementation Guide V-274082CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.Amazon Linux 2023 Security Technical Implementation Guide V-274083CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Amazon Linux 2023 Security Technical Implementation Guide V-274084CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Amazon Linux 2023 Security Technical Implementation Guide V-274085CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.Amazon Linux 2023 Security Technical Implementation Guide V-274087CAT IIAmazon Linux 2023 must audit all uses of the chmod, fchmod, and fchmodat system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274088CAT IIAmazon Linux 2023 must audit all uses of the chown, fchown, fchownat, and lchown system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274089CAT IIAmazon Linux 2023 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274090CAT IIAmazon Linux 2023 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274091CAT IIAmazon Linux 2023 must audit all uses of the init_module and finit_module system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274092CAT IIAmazon Linux 2023 must audit all uses of the create_module system call.Amazon Linux 2023 Security Technical Implementation Guide V-274093CAT IIAmazon Linux 2023 must audit all uses of the kmod command.Amazon Linux 2023 Security Technical Implementation Guide V-274094CAT IIAmazon Linux 2023 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.Amazon Linux 2023 Security Technical Implementation Guide V-274095CAT IIAmazon Linux 2023 must audit all uses of the chcon command.Amazon Linux 2023 Security Technical Implementation Guide V-274097CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.Amazon Linux 2023 Security Technical Implementation Guide V-274104CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274105CAT IIAmazon Linux 2023 must audit all successful/unsuccessful uses of the chage command.Amazon Linux 2023 Security Technical Implementation Guide V-274112CAT IIAmazon Linux 2023 must audit all uses of the sudo command.Amazon Linux 2023 Security Technical Implementation Guide V-274113CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Amazon Linux 2023 Security Technical Implementation Guide V-274114CAT IIAmazon Linux 2023 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Amazon Linux 2023 Security Technical Implementation Guide V-274167CAT IIAmazon Linux 2023 must enable auditing of processes that start prior to the audit daemon.Amazon Linux 2023 Security Technical Implementation Guide V-268091CAT IINixOS must generate audit records for all usage of privileged commands.Anduril NixOS Security Technical Implementation Guide V-214232CAT IIThe Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events.Apache Server 2.4 UNIX Server Security Technical Implementation Guide V-214310CAT IIThe Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events.Apache Server 2.4 Windows Server Security Technical Implementation Guide V-222930CAT IIAccessLogValve must be configured for each application context.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-222937CAT IITomcat servers behind a proxy or load balancer must log client IP.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-252534CAT IIThe macOS system must enable System Integrity Protection.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257240CAT IThe macOS system must enable System Integrity Protection.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268555CAT IThe macOS system must ensure System Integrity Protection is enabled.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277165CAT IThe macOS system must ensure System Integrity Protection (SIP) is enabled.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-274517CAT IIThe API must enable monitoring and alerts.Application Programming Interface (API) Security Requirements Guide V-222441CAT IIThe application must provide audit record generation capability for the creation of session IDs.Application Security and Development Security Technical Implementation Guide V-222442CAT IIThe application must provide audit record generation capability for the destruction of session IDs.Application Security and Development Security Technical Implementation Guide V-222443CAT IIThe application must provide audit record generation capability for the renewal of session IDs.Application Security and Development Security Technical Implementation Guide V-222444CAT IIThe application must not write sensitive data into the application logs.Application Security and Development Security Technical Implementation Guide V-222445CAT IIThe application must provide audit record generation capability for session timeouts.Application Security and Development Security Technical Implementation Guide V-222446CAT IIThe application must record a time stamp indicating when the event occurred.Application Security and Development Security Technical Implementation Guide V-222447CAT IIThe application must provide audit record generation capability for HTTP headers including User-Agent, Referer, GET, and POST.Application Security and Development Security Technical Implementation Guide V-222448CAT IIThe application must provide audit record generation capability for connecting system IP addresses.Application Security and Development Security Technical Implementation Guide V-222449CAT IIThe application must record the username or user ID of the user associated with the event.Application Security and Development Security Technical Implementation Guide V-204717CAT IIThe application server must generate log records for access and authentication events.Application Server Security Requirements Guide V-237323CAT IThe ArcGIS Server must provide audit record generation capability for DoD-defined auditable events within all application components.ArcGIS for Server 10.3 Security Technical Implementation Guide V-255962CAT IIThe Arista network device must be configured to capture all DOD auditable events.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-272371CAT IIA BIND 9.x server implementation must be configured to allow DNS administrators to audit all DNS server components based on selectable event criteria and produce audit records within all DNS server components that contain information for failed security verification tests, information to establish the outcome and source of the events, any information necessary to determine cause of failure, and any information necessary to return to operations with least disruption to mission processes.BIND 9.x Security Technical Implementation Guide V-272418CAT IIIn the event of an error when validating the binding of other DNS servers' identity to the BIND 9.x information, when anomalies in the operation of the signed zone transfers are discovered, for the success and failure of start and stop of the name server service or daemon, and for the success and failure of all name server events, a BIND 9.x server implementation must generate a log entry.BIND 9.x Security Technical Implementation Guide V-251599CAT IIDMS must use the ESM to generate auditable records for resources when DoD-defined auditable events occur.CA IDMS Security Technical Implementation Guide V-251600CAT IIDMS must use the ESM to generate auditable records for commands and utilities when DoD-defined auditable events occur.CA IDMS Security Technical Implementation Guide V-219225CAT IIThe Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238298CAT IIThe Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260590CAT IIUbuntu 22.04 LTS must have the "auditd" package installed.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260591CAT IIUbuntu 22.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270656CAT IIUbuntu 24.04 LTS must have the "auditd" package installed.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270657CAT IIUbuntu 24.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-206453CAT IIThe Central Log Server must be configured to retain the DoD-defined attributes of the log records sent by the devices and hosts.Central Log Server Security Requirements Guide V-271944CAT IIThe Cisco ACI must generate log records for a locally developed list of auditable events.Cisco ACI NDM Security Technical Implementation Guide V-239878CAT IIThe Cisco ASA must be configured to log events based on policy access control rules, signatures, and anomaly analysis.Cisco ASA IPS Security Technical Implementation Guide V-239880CAT IIThe Cisco ASA must be configured to send log records to the syslog server for specific facility and severity level.Cisco ASA IPS Security Technical Implementation Guide V-242636CAT IIThe Cisco ISE must generate log records for a locally developed list of auditable events.Cisco ISE NDM Security Technical Implementation Guide V-269129CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269130CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269131CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269132CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269133CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269134CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269135CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect the files within /etc/sudoers.d/Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269458CAT IIAlmaLinux OS 9 audit system must audit local events.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269469CAT IIThe audit package must be installed on AlmaLinux OS 9.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269470CAT IIAlmaLinux OS 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269471CAT IIAlmaLinux OS 9 must generate audit records for any use of the "mount" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269472CAT IIAlmaLinux OS 9 must generate audit records for any use of the "umount" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269473CAT IISuccessful/unsuccessful uses of the umount2 system call in AlmaLinux OS 9 must generate an audit record.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269474CAT IIAlmaLinux OS 9 must enable auditing of processes that start prior to the audit daemon.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269475CAT IIAlmaLinux OS 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269476CAT IIAlmaLinux OS 9 must generate audit records for any use of the "chacl" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269477CAT IIAlmaLinux OS 9 must generate audit records for any use of the "chage" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269478CAT IIAlmaLinux OS 9 must generate audit records for any use of the "chcon" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269479CAT IIAlmaLinux OS 9 must audit all uses of the chmod, fchmod, and fchmodat system calls.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269480CAT IIAlmaLinux OS 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269481CAT IIAlmaLinux OS 9 must generate audit records for any use of the "chsh" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269482CAT IIAlmaLinux OS 9 must generate audit records for any use of the "crontab" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269483CAT IIAlmaLinux OS 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269485CAT IIAlmaLinux OS 9 must generate audit records for any use of the "gpasswd" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269486CAT IIAlmaLinux OS 9 must audit all uses of the kmod command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269487CAT IIAlmaLinux OS 9 must generate audit records for any use of the "newgrp" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269488CAT IIAlmaLinux OS 9 must generate audit records for any use of the "passwd" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269489CAT IIAlmaLinux OS 9 must generate audit records for any use of the "postdrop" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269490CAT IIAlmaLinux OS 9 must generate audit records for any use of the "postqueue" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269491CAT IIAlmaLinux OS 9 must generate audit records for any use of the "su" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269492CAT IIAlmaLinux OS 9 must generate audit records for any use of the "sudo" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269493CAT IIAlmaLinux OS 9 must generate audit records for any use of the "semanage" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269494CAT IIAlmaLinux OS 9 must generate audit records for any use of the "setfacl" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269495CAT IIAlmaLinux OS 9 must generate audit records for any use of the "setfiles" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269496CAT IIAlmaLinux OS 9 must generate audit records for any use of the "setsebool" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269497CAT IIAlmaLinux OS 9 must generate audit records for any use of the "ssh-agent" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269498CAT IIAlmaLinux OS 9 must generate audit records for any use of the "ssh-keysign" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269499CAT IIAlmaLinux OS 9 must generate audit records for any use of the "sudoedit" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269500CAT IIAlmaLinux OS 9 must generate audit records for any use of the "pam_timestamp_check" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269501CAT IIAlmaLinux OS 9 must generate audit records for any use of the "unix_chkpwd" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269502CAT IIAlmaLinux OS 9 must generate audit records for any use of the "unix_update" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269503CAT IIAlmaLinux OS 9 must generate audit records for any use of the "userhelper" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269504CAT IIAlmaLinux OS 9 must generate audit records for any use of the "usermod" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269505CAT IIAlmaLinux OS 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269532CAT IIThe auditd service must be enabled on AlmaLinux OS 9.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233038CAT IIThe container platform must generate audit records for all DoD-defined auditable events within all components in the platform.Container Platform Security Requirements Guide V-233580CAT IIPostgreSQL must be configured to provide audit record generation for DoD-defined auditable events within all DBMS/database components.Crunchy Data PostgreSQL Security Technical Implementation Guide V-261861CAT IIPostgreSQL must provide audit record generation capability for DOD-defined auditable events within all DBMS/database components.Crunchy Data Postgres 16 Security Technical Implementation Guide V-237558CAT IIThe DBN-6300 must generate log events for detection events based on anomaly analysis.DBN-6300 IDPS Security Technical Implementation Guide V-255535CAT IIThe DBN-6300 must provide audit record generation capability for DoD-defined auditable events within the DBN-6300.DBN-6300 NDM Security Technical Implementation Guide V-206523CAT IIThe DBMS must provide audit record generation capability for DoD-defined auditable events within all DBMS/database components.Database Security Requirements Guide V-269800CAT IIThe Dell OS10 Switch must generate log records for a locally developed list of auditable events.Dell OS10 Switch NDM Security Technical Implementation Guide V-235778CAT IIThe audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-235779CAT IIThe host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-205160CAT IIThe DNS server implementation must be configured to provide audit record generation capability for DoD-defined auditable events within all DNS server components.Domain Name System (DNS) Security Requirements Guide V-224134CAT IIThe EDB Postgres Advanced Server must be configured to provide audit record generation capability for DoD-defined auditable events within all EDB Postgres Advanced Server/database components.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213565CAT IIThe EDB Postgres Advanced Server must provide audit record generation capability for DoD-defined auditable events within all EDB Postgres Advanced Server/database components.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-259961CAT IIThe Enterprise Voice, Video, and Messaging Endpoint must be configured to provide session (call detail) record generation capability.Enterprise Voice, Video, and Messaging Endpoint Security Requirements Guide V-260006CAT IIThe Enterprise Voice, Video, and Messaging Session Manager must produce session (call) records for events determined to be significant and relevant by local policy.Enterprise Voice, Video, and Messaging Session Management Security Requirements Guide V-259214CAT IIThe EDB Postgres Advanced Server must provide audit record generation capability for DOD-defined auditable events within all EDB Postgres Advanced Server/database components.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-266068CAT IIThe F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-278385CAT IINGINX must provide audit records for DOD-defined auditable events.F5 NGINX Security Technical Implementation Guide V-230955CAT IIForescout must generate log records for a locally developed list of auditable events.Forescout Network Device Management Security Technical Implementation Guide V-234194CAT IIThe FortiGate device must generate log records for a locally developed list of auditable events.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-203619CAT IIThe operating system must provide audit record generation capability for DoD-defined auditable events for all operating system components.General Purpose Operating System Security Requirements Guide V-254777CAT IIGoogle Android 13 must be configured to generate audit records for the following auditable events: Detected integrity violations.Google Android 13 COPE Security Technical Implementation Guide V-258390CAT IIGoogle Android 14 must be configured to generate audit records for the following auditable events: Detected integrity violations.Google Android 14 COBO Security Technical Implementation Guide V-258421CAT IIGoogle Android 14 must be configured to generate audit records for the following auditable events: Detected integrity violations.Google Android 14 COPE Security Technical Implementation Guide V-267443CAT IIGoogle Android 15 must be configured to generate audit records for the following auditable events: Detected integrity violations.Google Android 15 COBO Security Technical Implementation Guide V-267538CAT IIGoogle Android 15 must be configured to generate audit records for the following auditable events: Detected integrity violations.Google Android 15 COPE Security Technical Implementation Guide V-276761CAT IIGoogle Android 16 must be configured to generate audit records for the following auditable events: Detected integrity violations.Google Android 16 COBO Security Technical Implementation Guide V-276863CAT IIGoogle Android 16 must be configured to generate audit records for the following auditable events: Detected integrity violations.Google Android 16 COPE Security Technical Implementation Guide V-221562CAT IIExtensions installation must be blocklisted by default.Google Chrome Current Windows Security Technical Implementation Guide V-221586CAT IIDeletion of browser history must be disabled.Google Chrome Current Windows Security Technical Implementation Guide V-221587CAT IIPrompt for download location must be enabled.Google Chrome Current Windows Security Technical Implementation Guide V-221588CAT IIDownload restrictions must be configured.Google Chrome Current Windows Security Technical Implementation Guide V-275780CAT IICreate Themes with AI must be disabled.Google Chrome Current Windows Security Technical Implementation Guide V-275781CAT IIDevTools Generative AI features must be disabled.Google Chrome Current Windows Security Technical Implementation Guide V-275782CAT IIGenAI local foundational model must be disabled.Google Chrome Current Windows Security Technical Implementation Guide V-275783CAT IIHelp Me Write must be disabled.Google Chrome Current Windows Security Technical Implementation Guide V-275784CAT IIAI-powered History Search must be disabled.Google Chrome Current Windows Security Technical Implementation Guide V-275785CAT IITab Compare Settings must be disabled.Google Chrome Current Windows Security Technical Implementation Guide V-230164CAT IIIThe HP FlexFabric Switch must provide audit record generation capability for DoD-defined auditable events within the HP FlexFabric Switch.HP FlexFabric Switch NDM Security Technical Implementation Guide V-255249CAT IIISSMC must provide audit record generation capability for DOD-defined auditable events for all operating system components.HPE 3PAR SSMC Operating System Security Technical Implementation Guide V-255267CAT IISSMC web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events.HPE 3PAR SSMC Web Server Security Technical Implementation Guide V-266968CAT IIAOS must generate log records for a locally developed list of auditable events.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-268244CAT IIThe HYCU virtual appliance must generate log records for a locally developed list of auditable events.HYCU Protege Security Technical Implementation Guide V-274300CAT IIHoneywell Android 13 must be configured to generate audit records for the following auditable events: Detected integrity violations.Honeywell Android 13 COBO Security Technical Implementation Guide V-274395CAT IIHoneywell Android 13 must be configured to generate audit records for the following auditable events: Detected integrity violations.Honeywell Android 13 COPE Security Technical Implementation Guide V-235052CAT IIIThe Honeywell Mobility Edge Android Pie device must be configured to generate audit records for the following auditable events: detected integrity violations.Honeywell Android 9.x COBO Security Technical Implementation Guide V-235081CAT IIIThe Honeywell Mobility Edge Android Pie device must be configured to generate audit records for the following auditable events: detected integrity violations.Honeywell Android 9.x COPE Security Technical Implementation Guide V-215246CAT IIAIX must provide audit record generation functionality for DoD-defined auditable events.IBM AIX 7.x Security Technical Implementation Guide V-213674CAT IIDB2 must provide audit record generation capability for DoD-defined auditable events within all DBMS/database components.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-65069CAT IIThe DataPower Gateway must provide audit record generation capability for DoD-defined auditable events within DataPower.IBM DataPower Network Device Management Security Technical Implementation Guide V-24343CAT IThe ESCON Director Application Console Event log must be enabled.IBM Hardware Management Console (HMC) STIG V-24352CAT IIThe Hardware Management Console Event log must be active.IBM Hardware Management Console (HMC) STIG V-256859CAT IThe ESCON Director Application Console Event log must be enabled.IBM Hardware Management Console (HMC) Security Technical Implementation Guide V-256874CAT IIThe Hardware Management Console Event log must be active.IBM Hardware Management Console (HMC) Security Technical Implementation Guide V-255803CAT IIThe MQ Appliance messaging server must generate log records for access and authentication events.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-82175CAT IIIThe MaaS360 MDM server must be configured to enable all required audit events (if function is not automatically implemented during MDM/MAS server install): a. Failure to push a new application on a managed mobile device.IBM MaaS360 with Watson v10.x MDM Security Technical Implementation Guide V-82181CAT IIIThe MaaS360 server must be configured to enable all required audit events (if function is not automatically implemented during MDM/MAS server install): b. Failure to update an existing application on a managed mobile device.IBM MaaS360 with Watson v10.x MDM Security Technical Implementation Guide V-82193CAT IIThe MaaS360 MDM Agent must be configured to implement the management setting: periodicity of reachability events equals six hours or less.IBM MaaS360 with Watson v10.x MDM Security Technical Implementation Guide V-250325CAT IIThe WebSphere Liberty Server must log remote session and security activity.IBM WebSphere Liberty Server Security Technical Implementation Guide V-255823CAT IIThe WebSphere Application Server audit event type filters must be configured.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-237899CAT IICA VM:Secure product must be installed and operating.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-34594CAT IIThe IDPS must provide audit record generation capability for events where communication traffic is blocked or restricted based on policy filters, rules, signatures, and anomaly analysis.Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-55319CAT IIThe IDPS must provide audit record generation capability for detection events based on implementation of policy filters, rules, signatures, and anomaly analysis.Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-55321CAT IIThe IDPS must provide audit record generation with a configurable severity and escalation level capability.Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-206875CAT IIThe IDPS must provide audit record generation capability for detection events based on implementation of policy filters, rules, signatures, and anomaly analysis.Intrusion Detection and Prevention Systems Security Requirements Guide V-206876CAT IIThe IDPS must provide audit record generation capability for events where communication traffic is blocked or restricted based on policy filters, rules, signatures, and anomaly analysis.Intrusion Detection and Prevention Systems Security Requirements Guide V-206877CAT IIThe IDPS must provide audit record generation with a configurable severity and escalation level capability.Intrusion Detection and Prevention Systems Security Requirements Guide V-213503CAT IIThe JBoss server must generate log records for access and authentication events to the management interface.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-253939CAT IIThe Juniper EX switch must be configured to generate log records for a locally developed list of auditable events.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-217349CAT IIThe Juniper router must be configured to generate log records for a locally developed list of auditable events.Juniper Router NDM Security Technical Implementation Guide V-66377CAT IIThe Juniper Networks SRX Series Gateway IDPS must provide audit record generation capability for detecting events based on implementation of policy filters, rules, and signatures.Juniper SRX SG IDPS Security Technical Implementation Guide V-66377CAT IIThe Juniper Networks SRX Series Gateway IDPS must provide audit record generation capability for detecting events based on implementation of policy filters, rules, and signatures.Juniper SRX SG IDPS Security Technical Implementation Guide V-66387CAT IIThe Juniper Networks SRX Series Gateway IDPS must provide audit record generation with a configurable severity and escalation level capability.Juniper SRX SG IDPS Security Technical Implementation Guide V-66387CAT IIThe Juniper Networks SRX Series Gateway IDPS must provide audit record generation with a configurable severity and escalation level capability.Juniper SRX SG IDPS Security Technical Implementation Guide V-66475CAT IIThe Juniper SRX Services Gateway must enable log record generation for DoD-defined auditable events within the Juniper SRX Service Gateway.Juniper SRX SG NDM Security Technical Implementation Guide V-214610CAT IIThe Juniper Networks SRX Series Gateway IDPS must provide audit record generation capability for detecting events based on implementation of policy filters, rules, and signatures.Juniper SRX Services Gateway IDPS Security Technical Implementation Guide V-214613CAT IIThe Juniper Networks SRX Series Gateway IDPS must provide audit record generation with a configurable severity and escalation level capability.Juniper SRX Services Gateway IDPS Security Technical Implementation Guide V-229014CAT IIThe Juniper SRX Services Gateway must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-213765CAT IISQL Server must generate Trace or Audit records for organization-defined auditable events.MS SQL Server 2014 Database Security Technical Implementation Guide V-213936CAT IISQL Server must be configured to generate audit records for DoD-defined auditable events within all DBMS/database components.MS SQL Server 2016 Instance Security Technical Implementation Guide V-205459CAT IIThe Mainframe Product must provide audit record generation capability for DoD-defined auditable events within all application components.Mainframe Product Security Requirements Guide V-253670CAT IIMariaDB must provide audit record generation capability for DoD-defined auditable events within all DBMS/database components.MariaDB Enterprise 10.x Security Technical Implementation Guide V-220343CAT IIMarkLogic Server must be configured to provide audit record generation capability for DoD-defined auditable events within all DBMS/database components.MarkLogic Server v9 Security Technical Implementation Guide V-255324CAT IIThe Azure SQL Database must be configured to generate audit records for DOD-defined auditable events within all DBMS/database components.Microsoft Azure SQL Database Security Technical Implementation Guide V-276295CAT IIAzure SQL Managed Instance must be configured to generate audit records for DOD-defined auditable events within all DBMS/database components.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-221207CAT IIThe Exchange email Diagnostic log level must be set to the lowest level.Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide V-221208CAT IIExchange Connectivity logging must be enabled.Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide V-228357CAT IIExchange Connectivity logging must be enabled.Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide V-228358CAT IIThe Exchange Email Diagnostic log level must be set to the lowest level.Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide V-228359CAT IIIExchange Audit record parameters must be set.Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide V-259581CAT IIThe Exchange email diagnostic log level must be set to the lowest level.Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide V-259582CAT IIExchange connectivity logging must be enabled.Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide V-259652CAT IIExchange connectivity logging must be enabled.Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide V-259653CAT IIThe Exchange email diagnostic log level must be set to the lowest level.Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide