STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AU-14 (1) — Session Audit

CCI-001464

Definition

Initiates session audits automatically at system start-up.

Parent Control

AU-14 (1)Session AuditAudit and Accountability

Linked STIG Checks (117)

V-274017CAT IIAmazon Linux 2023 must have the audit package installed.Amazon Linux 2023 Security Technical Implementation Guide V-274018CAT IIAmazon Linux 2023 must produce audit records containing information to establish what type of events occurred.Amazon Linux 2023 Security Technical Implementation Guide V-274167CAT IIAmazon Linux 2023 must enable auditing of processes that start prior to the audit daemon.Amazon Linux 2023 Security Technical Implementation Guide V-274168CAT IIAmazon Linux 2023 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon.Amazon Linux 2023 Security Technical Implementation Guide V-268080CAT IINixOS must enable the audit daemon.Anduril NixOS Security Technical Implementation Guide V-214232CAT IIThe Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events.Apache Server 2.4 UNIX Server Security Technical Implementation Guide V-214310CAT IIThe Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events.Apache Server 2.4 Windows Server Security Technical Implementation Guide V-252464CAT IIThe macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT), in order to generate audit records containing information to establish what type of events occurred, the identity of any individual or process associated with the event, including individual identities of group account users, establish where the events occurred, source of the event, and outcome of the events including all account enabling actions, full-text recording of privileged commands, and information about the use of encryption for access wireless access to and from the system.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257170CAT IIThe macOS system must produce audit records containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268454CAT IIThe macOS system must enable security auditing.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277062CAT IIThe macOS system must enable security auditing.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222468CAT IIThe application must initiate session auditing upon startup.Application Security and Development Security Technical Implementation Guide V-204720CAT IIThe application server must initiate session logging upon startup.Application Server Security Requirements Guide V-219149CAT IIThe Ubuntu operating system must initiate session audits at system startup.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238299CAT IIThe Ubuntu operating system must initiate session audits at system start-up.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260471CAT IIUbuntu 22.04 LTS must initiate session audits at system startup.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270676CAT IIUbuntu 24.04 LTS must initiate session audits at system startup.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-221907CAT IIIThe Central Log Server must initiate session auditing upon startup.Central Log Server Security Requirements Guide V-242662CAT IIThe Cisco ISE must initiate session auditing upon startup.Cisco ISE NDM Security Technical Implementation Guide V-269474CAT IIAlmaLinux OS 9 must enable auditing of processes that start prior to the audit daemon.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233041CAT IIThe container platform must initiate session auditing upon startup.Container Platform Security Requirements Guide V-233589CAT IIPostgreSQL must initiate session auditing upon startup.Crunchy Data PostgreSQL Security Technical Implementation Guide V-261865CAT IIPostgreSQL must initiate session auditing upon startup.Crunchy Data Postgres 16 Security Technical Implementation Guide V-255538CAT IIIThe DBN-6300 must initiate session auditing upon startup.DBN-6300 NDM Security Technical Implementation Guide V-206527CAT IIThe DBMS must initiate session auditing upon startup.Database Security Requirements Guide V-269774CAT IIThe Dell OS10 Switch must initiate session auditing upon startup.Dell OS10 Switch NDM Security Technical Implementation Guide V-235778CAT IIThe audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-235779CAT IIThe host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-224138CAT IIThe EDB Postgres Advanced Server must initiate support of session auditing upon startup.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-213569CAT IIThe EDB Postgres Advanced Server must initiate support of session auditing upon startup.EDB Postgres Advanced Server v9.6 Security Technical Implementation Guide V-259218CAT IIThe EDB Postgres Advanced Server must initiate support of session auditing upon startup.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-203670CAT IIThe operating system must initiate session audits at system start-up.General Purpose Operating System Security Requirements Guide V-217439CAT IIIThe HP FlexFabric Switch must initiate session auditing upon startup.HP FlexFabric Switch NDM Security Technical Implementation Guide V-255267CAT IISSMC web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events.HPE 3PAR SSMC Web Server Security Technical Implementation Guide V-255268CAT IISSMC web server must initiate session logging upon start up.HPE 3PAR SSMC Web Server Security Technical Implementation Guide V-268248CAT IIThe HYCU virtual appliance must initiate session auditing upon startup.HYCU Protege Security Technical Implementation Guide V-215247CAT IIAIX must start audit at boot.IBM AIX 7.x Security Technical Implementation Guide V-213678CAT IIDB2 must initiate session auditing upon startup.IBM DB2 V10.5 LUW Security Technical Implementation Guide V-250350CAT IIThe WebSphere Liberty Server must generate log records for authentication and authorization events.IBM WebSphere Liberty Server Security Technical Implementation Guide V-255820CAT IIThe WebSphere Application Server security auditing must be enabled.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-223546CAT IIIBM z/OS must specify SMF data options to assure appropriate activation.IBM z/OS ACF2 Security Technical Implementation Guide V-223769CAT IIIBM z/OS must specify SMF data options to assure appropriate activation.IBM z/OS RACF Security Technical Implementation Guide V-224001CAT IIIBM z/OS must specify SMF data options to ensure appropriate activation.IBM z/OS TSS Security Technical Implementation Guide V-237930CAT IIThe IBM z/VM JOURNALING statement must be coded on the configuration file.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-213505CAT IIJBoss must be configured to initiate session logging upon startup.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-242402CAT IIThe Kubernetes API Server must have an audit log path set.Kubernetes Security Technical Implementation Guide V-213940CAT IISQL Server must initiate session auditing upon startup.MS SQL Server 2016 Instance Security Technical Implementation Guide V-205462CAT IIThe Mainframe Product must initiate session auditing upon startup.Mainframe Product Security Requirements Guide V-253674CAT IIMariaDB must initiate session auditing upon startup.MariaDB Enterprise 10.x Security Technical Implementation Guide V-220347CAT IIMarkLogic Server must initiate session auditing upon startup.MarkLogic Server v9 Security Technical Implementation Guide V-255328CAT IIAzure SQL Database must initiate session auditing upon startup.Microsoft Azure SQL Database Security Technical Implementation Guide V-276243CAT IIAzure SQL Managed Instance must initiate session auditing upon startup.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-218786CAT IIBoth the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled.Microsoft IIS 10.0 Server Security Technical Implementation Guide V-218739CAT IIBoth the log file and Event Tracing for Windows (ETW) for each IIS 10.0 website must be enabled.Microsoft IIS 10.0 Site Security Technical Implementation Guide V-271273CAT IISQL Server must initiate session auditing upon startup.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-260914CAT IIAudit logging must be enabled on MKE.Mirantis Kubernetes Engine Security Technical Implementation Guide V-221160CAT IIMongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide V-252134CAT IIMongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-265907CAT IIMongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide V-279334CAT IIMongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-202029CAT IIThe network device must initiate session auditing upon startup.Network Device Management Security Requirements Guide V-254163CAT IINutanix AOS must initiate session audits at system start-up.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279464CAT IINutanix UI must initiate session logging upon startup.Nutanix Acropolis Application Server Security Technical Implementation Guide V-279565CAT IINutanix OS must have the audit.x86_64 package installed.Nutanix Acropolis GPOS Security Technical Implementation Guide V-221764CAT IIThe Oracle Linux operating system must be configured so that auditing is configured to produce records containing information to establish what type of events occurred, where the events occurred, the source of the events, and the outcome of the events. These audit records must also identify individual identities of group account users.Oracle Linux 7 Security Technical Implementation Guide V-248519CAT IIThe OL 8 audit package must be installed.Oracle Linux 8 Security Technical Implementation Guide V-248520CAT IIOL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.Oracle Linux 8 Security Technical Implementation Guide V-271519CAT IIOL 9 must have the audit package installed.Oracle Linux 9 Security Technical Implementation Guide V-271520CAT IIOL 9 audit service must be enabled.Oracle Linux 9 Security Technical Implementation Guide V-271577CAT IIIOL 9 must enable auditing of processes that start prior to the audit daemon.Oracle Linux 9 Security Technical Implementation Guide V-271592CAT IIIOL 9 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon.Oracle Linux 9 Security Technical Implementation Guide V-235159CAT IIThe MySQL Database Server 8.0 must initiate session auditing upon startup.Oracle MySQL 8.0 Security Technical Implementation Guide V-214123CAT IIPostgreSQL must initiate session auditing upon startup.PostgreSQL 9.x Security Technical Implementation Guide V-273788CAT IIThe RUCKUS ICX device must initiate session auditing upon startup.RUCKUS ICX NDM Security Technical Implementation Guide V-252844CAT IIRancher MCM must generate audit records for all DoD-defined auditable events within all components in the platform.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-254555CAT IIRancher RKE2 components must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs.Rancher Government Solutions RKE2 Security Technical Implementation Guide V-280993CAT IIRHEL 10 must have the "audit" package installed.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-280994CAT IIRHEL 10 must enable the audit service.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-281102CAT IIRHEL 10 must allocate an "audit_backlog_limit" of sufficient size to capture processes that start prior to the audit daemon.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-257796CAT IIIRHEL 9 must enable auditing of processes that start prior to the audit daemon.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258151CAT IIRHEL 9 audit package must be installed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258152CAT IIRHEL 9 audit service must be enabled.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258173CAT IIIRHEL 9 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257519CAT IRed Hat Enterprise Linux CoreOS (RHCOS) must initiate session audits at system startup.Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide V-257519CAT IRed Hat Enterprise Linux CoreOS (RHCOS) must initiate session audits at system startup.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-257524CAT IIOpenShift components must provide the ability to send audit logs to a central enterprise repository for review and analysis.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-275452CAT IThe Riverbed NetIM must enable and configure user audit logging.Riverbed NetIM NDM Security Technical Implementation Guide V-256072CAT IThe Riverbed NetProfiler must be configured to automatically generate DOD-required audit records with sufficient information to support incident reporting to a central log server.Riverbed NetProfiler Security Technical Implementation Guide V-254092CAT IIInnoslate must generate comprehensive audit records.SPEC Innovations Innoslate 4.x Security Technical Implementation Guide V-261411CAT IISLEM 5 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217191CAT IISUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-241122CAT IITrend Deep Security must initiate session auditing upon startup.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-252973CAT IITOSS audit records must contain information to establish what type of events occurred, when the events occurred, the source of events, where events occurred, and the outcome of events.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282529CAT IIITOSS 5 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-234327CAT IIThe UEM server must initiate session auditing upon startup.Unified Endpoint Management Server Security Requirements Guide V-240279CAT IIThe vRA PostgreSQL database must set the log_statement to all.VMW vRealize Automation 7.x PostgreSQL Security Technical Implementation Guide V-239776CAT IIThe vROps PostgreSQL DB must initiate session auditing upon startup.VMW vRealize Operations Manager 6.x PostgreSQL Security Technical Implementation Guide V-240487CAT IIThe SLES for vRealize must initiate session audits at system start-up.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-240748CAT IItc Server ALL must initiate logging during service start-up.VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide V-239580CAT IIThe SLES for vRealize must initiate session audits at system start-up.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-241598CAT IItc Server ALL must initiate logging during service start-up.VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide V-256677CAT IIESX Agent Manager must record user access in a format that enables monitoring of remote access.VMware vSphere 7.0 vCenter Appliance EAM Security Technical Implementation Guide V-256711CAT IILookup Service must generate log records for system startup and shutdown.VMware vSphere 7.0 vCenter Appliance Lookup Service Security Technical Implementation Guide V-256616CAT IIPerformance Charts must generate log records for system startup and shutdown.VMware vSphere 7.0 vCenter Appliance Perfcharts Security Technical Implementation Guide V-256521CAT IIThe Photon operating system must initiate auditing as part of the boot process.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256607CAT IIVMware Postgres must have log collection enabled.VMware vSphere 7.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide V-256750CAT IIThe Security Token Service must generate log records during Java startup and shutdown.VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide V-256783CAT IIvSphere UI must generate log records for system startup and shutdown.VMware vSphere 7.0 vCenter Appliance UI Security Technical Implementation Guide V-259005CAT IIThe vCenter ESX Agent Manager service must initiate session logging upon startup.VMware vSphere 8.0 vCenter Appliance ESX Agent Manager (EAM) Security Technical Implementation Guide V-259039CAT IIThe vCenter Lookup service must initiate session logging upon startup.VMware vSphere 8.0 vCenter Appliance Lookup Service Security Technical Implementation Guide V-259073CAT IIThe vCenter Perfcharts service must initiate session logging upon startup.VMware vSphere 8.0 vCenter Appliance Perfcharts Security Technical Implementation Guide V-258836CAT IIThe Photon operating system must initiate session audits at system startup.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-259170CAT IIThe vCenter PostgreSQL service must initiate session auditing upon startup.VMware vSphere 8.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide V-258973CAT IIThe vCenter STS service must initiate session logging upon startup.VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide V-259106CAT IIThe vCenter UI service must initiate session logging upon startup.VMware vSphere 8.0 vCenter Appliance User Interface (UI) Security Technical Implementation Guide V-207419CAT IIThe VMM must initiate session audits at system startup.Virtual Machine Manager Security Requirements Guide V-206357CAT IIThe web server must initiate session logging upon start up.Web Server Security Requirements Guide