STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AU-12 — Audit Record Generation

CCI-000171

Definition

Allow organization-defined personnel or roles to select the event types that are to be logged by specific components of the system.

Parent Control

AU-12Audit Record GenerationAudit and Accountability

Linked STIG Checks (138)

V-255590CAT IIThe A10 Networks ADC must allow only the ISSM (or individuals or roles appointed by the ISSM) Root, Read Write, or Read Only privileges.A10 Networks ADC NDM Security Technical Implementation Guide V-279072CAT IIThe ColdFusion error messages must be restricted to only authorized users.Adobe ColdFusion Security Technical Implementation Guide V-274111CAT IIAmazon Linux 2023 must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Amazon Linux 2023 Security Technical Implementation Guide V-268120CAT IINixOS audit configuration files must have a mode of 444 or less permissive.Anduril NixOS Security Technical Implementation Guide V-268121CAT IINixOS system configuration file directories must have a mode of "0755" or less permissive.Anduril NixOS Security Technical Implementation Guide V-268122CAT IINixOS system configuration files and directories must be owned by root.Anduril NixOS Security Technical Implementation Guide V-268123CAT IINixOS system configuration files and directories must be group-owned by root.Anduril NixOS Security Technical Implementation Guide V-222938CAT IIAccessLogValve must be configured per each virtual host.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-268473CAT IIThe macOS system must configure audit_control group to wheel.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268474CAT IIThe macOS system must configure audit_control owner to root.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268475CAT IIThe macOS system must configure audit_control owner to mode 440 or less permissive.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-269095CAT IIThe macOS system must configure audit_control to not contain access control lists (ACLs).Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277080CAT IIThe macOS system must configure audit_control group to wheel.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277081CAT IIThe macOS system must configure audit_control owner to root.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277082CAT IIThe macOS system must configure audit_control owner to mode 440 or less permissive.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277083CAT IIThe macOS system must configure audit_control to not contain access control lists (ACLs).Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-204718CAT IIThe application server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which logable events are to be logged.Application Server Security Requirements Guide V-276014CAT IAx-OS must off-load audit records onto a different system or media than the system being audited.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-219234CAT IIThe Ubuntu operating system must be configured so that audit configuration files are not write-accessible by unauthorized users.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219235CAT IIThe Ubuntu operating system must permit only authorized accounts to own the audit configuration files.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-219236CAT IIThe Ubuntu operating system must permit only authorized groups to own the audit configuration files.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238249CAT IIThe Ubuntu operating system must be configured so that audit configuration files are not write-accessible by unauthorized users.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238250CAT IIThe Ubuntu operating system must permit only authorized accounts to own the audit configuration files.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238251CAT IIThe Ubuntu operating system must permit only authorized groups to own the audit configuration files.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260601CAT IIUbuntu 22.04 LTS must be configured so that audit configuration files are not write-accessible by unauthorized users.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260602CAT IIUbuntu 22.04 LTS must permit only authorized accounts to own the audit configuration files.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260603CAT IIUbuntu 22.04 LTS must permit only authorized groups to own the audit configuration files.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270775CAT IIUbuntu 24.04 LTS must be configured so that audit configuration files are not write-accessible by unauthorized users.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270776CAT IIUbuntu 24.04 LTS must permit only authorized accounts to own the audit configuration files.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270777CAT IIUbuntu 24.04 LTS must permit only authorized groups to own the audit configuration files.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-206454CAT IIIThe Central Log Server must be configured to allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be retained.Central Log Server Security Requirements Guide V-234223CAT IICitrix License Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Citrix Virtual Apps and Desktop 7.x License Server Security Technical Implementation Guide V-213201CAT IIXenDesktop License Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Citrix XenDesktop 7.x License Server Security Technical Implementation Guide V-269459CAT IIAlmaLinux OS 9 /etc/audit/auditd.conf file must have 0640 or less permissive to prevent unauthorized access.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269460CAT IIAlmaLinux OS 9 must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233039CAT IIThe container platform must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Container Platform Security Requirements Guide V-233534CAT IIPostgreSQL must allow only the Information System Security Manager (ISSM), or individuals or roles appointed by the ISSM, to select which auditable events are to be audited.Crunchy Data PostgreSQL Security Technical Implementation Guide V-261862CAT IIPostgreSQL must allow only the information system security manager (ISSM), or individuals or roles appointed by the ISSM, to select which events are to be audited.Crunchy Data Postgres 16 Security Technical Implementation Guide V-255536CAT IIIThe DBN-6300 must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be generated and forwarded to the audit log.DBN-6300 NDM Security Technical Implementation Guide V-206524CAT IIThe DBMS must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Database Security Requirements Guide V-235779CAT IIThe host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-235786CAT IIlog-opts on all Docker Engine - Enterprise nodes must be configured.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-224135CAT IIThe EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213566CAT IIThe EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-259215CAT IIThe EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-278386CAT IINGINX must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.F5 NGINX Security Technical Implementation Guide V-203620CAT IIThe operating system must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.General Purpose Operating System Security Requirements Guide V-215315CAT IIThe AIX audit configuration files must be owned by root.IBM AIX 7.x Security Technical Implementation Guide V-215316CAT IIThe AIX audit configuration files must be group-owned by audit.IBM AIX 7.x Security Technical Implementation Guide V-215317CAT IIThe AIX audit configuration files must be set to 640 or less permissive.IBM AIX 7.x Security Technical Implementation Guide V-213675CAT IIDB2 must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-65071CAT IIThe DataPower Gateway must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.IBM DataPower Network Device Management Security Technical Implementation Guide V-255822CAT IIThe WebSphere Application Server users in the WebSphere auditor role must be configured in accordance with the System Security Plan.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-223463CAT IIBM z/OS SYS1.PARMLIB must be properly protected.IBM z/OS ACF2 Security Technical Implementation Guide V-223697CAT IIBM z/OS SYS1.PARMLIB must be properly protected.IBM z/OS RACF Security Technical Implementation Guide V-223882CAT IIBM z/OS SYS1.PARMLIB must be properly protected.IBM z/OS TSS Security Technical Implementation Guide V-224764CAT IIThe ISEC7 SPHERE server must be configured to have at least one user in the following Administrator roles: Security Administrator, Site Administrator, and Help Desk User.ISEC7 Sphere Security Technical Implementation Guide V-224791CAT IIA manager role must be assigned to the Apache Tomcat Web apps (Manager, Host-Manager).ISEC7 Sphere Security Technical Implementation Guide V-213504CAT IIJBoss must be configured to allow only the ISSM (or individuals or roles appointed by the ISSM) to select which loggable events are to be logged.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-66557CAT IIIThe Juniper SRX Services Gateway must allow only the ISSM (or administrators/roles appointed by the ISSM) to select which auditable events are to be generated and forwarded to the syslog and/or local logs.Juniper SRX SG NDM Security Technical Implementation Guide V-229015CAT IIFor local accounts, the Juniper SRX Services Gateway must generate an alert message to the management console and generate a log event record that can be forwarded to the ISSO and designated system administrators when local accounts are created.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-213766CAT IIWhere SQL Server Audit is in use at the database level, SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited at the database level.MS SQL Server 2014 Database Security Technical Implementation Guide V-213810CAT IIWhere SQL Server Trace is in use for auditing purposes, SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be traced.MS SQL Server 2014 Instance Security Technical Implementation Guide V-213811CAT IIWhere SQL Server Audit is in use, SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited at the server level.MS SQL Server 2014 Instance Security Technical Implementation Guide V-213905CAT IISQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.MS SQL Server 2016 Database Security Technical Implementation Guide V-213937CAT IISQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.MS SQL Server 2016 Instance Security Technical Implementation Guide V-205460CAT IIThe Mainframe Product must allow only the information system security manager (ISSM) or individuals or roles appointed by the ISSM to select which auditable events are to be audited.Mainframe Product Security Requirements Guide V-253671CAT IIMariaDB must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.MariaDB Enterprise 10.x Security Technical Implementation Guide V-220344CAT IIMarkLogic Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.MarkLogic Server v9 Security Technical Implementation Guide V-255325CAT IIAzure SQL Database must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Microsoft Azure SQL Database Security Technical Implementation Guide V-276296CAT IIAzure SQL Managed Instance must allow only documented and approved individuals or roles to select which auditable events are to be audited.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-259655CAT IIThe RBAC role for audit log management must be defined and restricted.Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide V-271124CAT IISQL Server must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Microsoft SQL Server 2022 Database Security Technical Implementation Guide V-271271CAT IISQL Server must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-220978CAT IIThe Manage auditing and security log user right must only be assigned to the Administrators group.Microsoft Windows 10 Security Technical Implementation Guide V-253501CAT IIThe "Manage auditing and security log" user right must only be assigned to the Administrators group.Microsoft Windows 11 Security Technical Implementation Guide V-215652CAT IIThe Windows 2012 DNS Server logging criteria must only be configured by the ISSM or individuals appointed by the ISSM.Microsoft Windows 2012 Server Domain Name System Security Technical Implementation Guide V-225086CAT IIThe Manage auditing and security log user right must only be assigned to the Administrators group.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205643CAT IIWindows Server 2019 Manage auditing and security log user right must only be assigned to the Administrators group.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254507CAT IIWindows Server 2022 manage auditing and security log user right must only be assigned to the Administrators group.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278257CAT IIThe Windows Server 2025 "Manage auditing and security log" user right must only be assigned to the Administrators group.Microsoft Windows Server 2025 Security Technical Implementation Guide V-221160CAT IIMongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide V-252134CAT IIMongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-265907CAT IIMongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide V-279334CAT IIMongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-254141CAT IINutanix AOS must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279557CAT IINutanix OS must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Nutanix Acropolis GPOS Security Technical Implementation Guide V-219752CAT IIThe DBMS must allow designated organizational personnel to select which auditable events are to be audited by the database.Oracle Database 11.2g Security Technical Implementation Guide V-220268CAT IIThe DBMS must allow designated organizational personnel to select which auditable events are to be audited by the database.Oracle Database 12c Security Technical Implementation Guide V-270503CAT IIOracle Database must allow designated organizational personnel to select which auditable events are to be audited by the database.Oracle Database 19c Security Technical Implementation Guide V-248806CAT IIOL 8 must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Oracle Linux 8 Security Technical Implementation Guide V-271587CAT IIOL 9 must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Oracle Linux 9 Security Technical Implementation Guide V-271588CAT IIOL 9 /etc/audit/auditd.conf file must have 0640 or less permissive to prevent unauthorized access.Oracle Linux 9 Security Technical Implementation Guide V-235104CAT IIThe MySQL Database Server 8.0 must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Oracle MySQL 8.0 Security Technical Implementation Guide V-214071CAT IIPostgreSQL must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.PostgreSQL 9.x Security Technical Implementation Guide V-252844CAT IIRancher MCM must generate audit records for all DoD-defined auditable events within all components in the platform.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-281056CAT IIRHEL 10 must enforce root ownership of the "/etc/audit/" directory.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281057CAT IIRHEL 10 must enforce root group ownership of the "/etc/audit/" directory.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281101CAT IIRHEL 10 must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281364CAT IIRHEL 10 must enforce mode "0640" or less for the "/etc/audit/auditd.conf" file to prevent unauthorized access.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-230471CAT IIRHEL 8 must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-258171CAT IIRHEL 9 must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257517CAT IIOpenShift must generate audit records for all DOD-defined auditable events within all components in the platform.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-251191CAT IIRedis Enterprise DBMS must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Redis Enterprise 6.x Security Technical Implementation Guide V-275534CAT IIUbuntu OS must be configured so that audit configuration files are not write-accessible by unauthorized users.Riverbed NetIM OS Security Technical Implementation Guide V-275687CAT IIUbuntu OS must permit only authorized accounts to own the audit configuration files.Riverbed NetIM OS Security Technical Implementation Guide V-275688CAT IIUbuntu OS must permit only authorized groups to own the audit configuration files.Riverbed NetIM OS Security Technical Implementation Guide V-254089CAT IIInnoslate must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.SPEC Innovations Innoslate 4.x Security Technical Implementation Guide V-221623CAT IIISplunk Enterprise must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to be assigned to the Power User role.Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-251667CAT IIISplunk Enterprise must allow only the individuals appointed by the information system security manager (ISSM) to have full admin rights to the system.Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-241120CAT IITrend Deep Security must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-253008CAT IITOSS must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282440CAT IITOSS 5 must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-282441CAT IITOSS 5 /etc/audit/auditd.conf file must have 0640 or less permissive to prevent unauthorized access.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-234325CAT IIThe UEM server must be configured to allow only specific administrator roles to select which auditable events are to be audited.Unified Endpoint Management Server Security Requirements Guide V-240277CAT IIThe vRA PostgreSQL configuration file must not be accessible by unauthorized users.VMW vRealize Automation 7.x PostgreSQL Security Technical Implementation Guide V-239774CAT IIThe vROps PostgreSQL DB must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.VMW vRealize Operations Manager 6.x PostgreSQL Security Technical Implementation Guide V-246890CAT IIThe Horizon Connection Server must limit access to the global configuration privilege.VMware Horizon 7.13 Connection Server Security Technical Implementation Guide V-240376CAT IIThe SLES for vRealize must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - Permissions.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-240377CAT IIThe SLES for vRealize must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - ownership.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-240378CAT IIThe SLES for vRealize must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - group-ownership.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-240928CAT IIThe vAMI configuration file must be owned by root.VMware vRealize Automation 7.x vAMI Security Technical Implementation Guide V-239474CAT IIThe SLES for vRealize must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - Permissions.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-239475CAT IIThe SLES for vRealize must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - ownership.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-239476CAT IIThe SLES for vRealize must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - group ownership.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256396CAT IIThe ESXi host must produce audit records containing information to establish what type of events occurred.VMware vSphere 7.0 ESXi Security Technical Implementation Guide V-256496CAT IIThe Photon operating system must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256593CAT IIVMware Postgres configuration files must not be accessible by unauthorized users.VMware vSphere 7.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide V-258733CAT IIThe ESXi must produce audit records containing information to establish what type of events occurred.VMware vSphere 8.0 ESXi Security Technical Implementation Guide V-259006CAT IIThe vCenter ESX Agent Manager service must produce log records containing sufficient information regarding event details.VMware vSphere 8.0 vCenter Appliance ESX Agent Manager (EAM) Security Technical Implementation Guide V-259040CAT IIThe vCenter Lookup service must produce log records containing sufficient information regarding event details.VMware vSphere 8.0 vCenter Appliance Lookup Service Security Technical Implementation Guide V-259074CAT IIThe vCenter Perfcharts service must produce log records containing sufficient information regarding event details.VMware vSphere 8.0 vCenter Appliance Perfcharts Security Technical Implementation Guide V-258812CAT IIThe Photon operating system must allow only authorized users to configure the auditd service.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-259168CAT IIThe vCenter PostgreSQL service configuration files must not be accessible by unauthorized users.VMware vSphere 8.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide V-258974CAT IIThe vCenter STS service must produce log records containing sufficient information regarding event details.VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide V-259107CAT IIThe vCenter UI service must produce log records containing sufficient information regarding event details.VMware vSphere 8.0 vCenter Appliance User Interface (UI) Security Technical Implementation Guide V-207367CAT IIThe VMM must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.Virtual Machine Manager Security Requirements Guide V-269574CAT IXylok Security Suite must use a centralized user management solution.Xylok Security Suite 20.x Security Technical Implementation Guide