STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 4 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AU-12 (1) — Audit Record Generation

CCI-000174

Definition

Compile audit records from organization-defined information system components into a system-wide (logical or physical) audit trail that is time-correlated to within an organization-defined level of tolerance for relationship between time stamps of individual records in the audit trail.

Parent Control

AU-12 (1)Audit Record GenerationAudit and Accountability

Linked STIG Checks (15)

V-222439CAT IIFor applications providing audit record aggregation, the application must compile audit records from organization-defined information system components into a system-wide audit trail that is time-correlated with an organization-defined level of tolerance for the relationship between time stamps of individual records in the audit trail.Application Security and Development Security Technical Implementation Guide V-204716CAT IIFor application servers providing log record aggregation, the application server must compile log records from organization-defined information system components into a system-wide log trail that is time-correlated with an organization-defined level of tolerance for the relationship between time stamps of individual records in the log trail.Application Server Security Requirements Guide V-276014CAT IAx-OS must off-load audit records onto a different system or media than the system being audited.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-206449CAT IIIThe Central Log Server must be configured to aggregate log records from organization-defined devices and hosts within its scope of coverage.Central Log Server Security Requirements Guide V-206450CAT IIITime stamps recorded on the log records in the Central Log Server must be configured to synchronize to within one second of the host server or, if NTP is configured directly in the log server, the NTP time source must be the same as the host and devices within its scope of coverage.Central Log Server Security Requirements Guide V-206451CAT IIWhere multiple log servers are installed in the enclave, each log server must be configured to aggregate log records to a central aggregation server or other consolidated events repository.Central Log Server Security Requirements Guide V-241810CAT IIThe Jamf Pro EMM local accounts must be configured with password maximum lifetime of 3 months.Jamf Pro v10.x EMM Security Technical Implementation Guide V-205458CAT IIFor Mainframe Products providing audit record aggregation, the Mainframe Product must compile audit records from mainframe components into a system-wide audit trail that is time-correlated with a tolerance for the relationship between time stamps of individual records in the audit trail in accordance with the site security plan.Mainframe Product Security Requirements Guide V-272889CAT IMicrosoft Defender for Endpoint (MDE) must be connected to a central log server.Microsoft Defender for Endpoint Security Technical Implementation Guide V-235940CAT IIIOracle WebLogic must compile audit records from multiple components within the system into a system-wide (logical or physical) audit trail that is time-correlated to within an organization-defined level of tolerance.Oracle WebLogic Server 12c Security Technical Implementation Guide V-245528CAT IIThe Samsung SDS EMM local accounts must be configured with password maximum lifetime of 60 Days.Samsung SDS EMM Security Technical Implementation Guide V-221621CAT IIISplunk Enterprise must be configured to aggregate log records from organization-defined devices and hosts within its scope of coverage.Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-251663CAT IIISplunk Enterprise must be configured to aggregate log records from organization-defined devices and hosts within its scope of coverage.Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-251664CAT IIIn a distributed environment, Splunk Enterprise indexers must be configured to ingest log records from its forwarders.Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-251261CAT IThe Workspace ONE UEM local accounts must be configured with password maximum lifetime of 60 days.VMware Workspace ONE UEM Security Technical Implementation Guide