STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AU-7 — Audit Record Reduction and Report Generation

CCI-001876

Definition

Provide an audit reduction capability that supports on-demand reporting requirements.

Parent Control

AU-7Audit Record Reduction and Report GenerationAudit and Accountability

Linked STIG Checks (45)

V-279070CAT IIColdFusion must be configured to support integration with a third-party Security Information and Event Management (SIEM) to support notifications.Adobe ColdFusion Security Technical Implementation Guide V-274017CAT IIAmazon Linux 2023 must have the audit package installed.Amazon Linux 2023 Security Technical Implementation Guide V-274018CAT IIAmazon Linux 2023 must produce audit records containing information to establish what type of events occurred.Amazon Linux 2023 Security Technical Implementation Guide V-268080CAT IINixOS must enable the audit daemon.Anduril NixOS Security Technical Implementation Guide V-252534CAT IIThe macOS system must enable System Integrity Protection.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257240CAT IThe macOS system must enable System Integrity Protection.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268555CAT IThe macOS system must ensure System Integrity Protection is enabled.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277165CAT IThe macOS system must ensure System Integrity Protection (SIP) is enabled.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222489CAT IIThe application must provide an audit reduction capability that supports on-demand reporting requirements.Application Security and Development Security Technical Implementation Guide V-204759CAT IIThe application server must provide a log reduction capability that supports on-demand reporting requirements.Application Server Security Requirements Guide V-272632CAT IICylanceON-PREM must be configured to support integration with a third-party Security Information and Event Management (SIEM) to support notifications.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-276014CAT IAx-OS must off-load audit records onto a different system or media than the system being audited.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-219225CAT IIThe Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238298CAT IIThe Ubuntu operating system must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DoD-defined auditable events and actions in near real time.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260590CAT IIUbuntu 22.04 LTS must have the "auditd" package installed.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260591CAT IIUbuntu 22.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270656CAT IIUbuntu 24.04 LTS must have the "auditd" package installed.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270657CAT IIUbuntu 24.04 LTS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-206483CAT IIThe Central Log Server must be configured to perform audit reduction that supports on-demand reporting requirements.Central Log Server Security Requirements Guide V-269532CAT IIThe auditd service must be enabled on AlmaLinux OS 9.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233105CAT IIThe container platform must provide an audit reduction capability that supports on-demand reporting requirements.Container Platform Security Requirements Guide V-203651CAT IIThe operating system must provide an audit reduction capability that supports on-demand reporting requirements.General Purpose Operating System Security Requirements Guide V-215242CAT IIAIX must provide the function to filter audit records for events of interest based upon all audit fields within audit records, support on-demand reporting requirements, and an audit reduction function that supports on-demand audit review and analysis and after-the-fact investigations of security incidents.IBM AIX 7.x Security Technical Implementation Guide V-255795CAT IIThe MQ Appliance messaging server must provide a log reduction capability that supports on-demand reporting requirements.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-223801CAT IIIBM z/OS system administrator must develop a procedure to provide an audit reduction capability that supports on-demand reporting requirements.IBM z/OS RACF Security Technical Implementation Guide V-205511CAT IIThe Mainframe Product must provide an audit reduction capability that supports on-demand reporting requirements.Mainframe Product Security Requirements Guide V-272889CAT IMicrosoft Defender for Endpoint (MDE) must be connected to a central log server.Microsoft Defender for Endpoint Security Technical Implementation Guide V-254181CAT IINutanix AOS must provide the capability to centrally review and analyze audit records from multiple components within the system.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279565CAT IINutanix OS must have the audit.x86_64 package installed.Nutanix Acropolis GPOS Security Technical Implementation Guide V-248519CAT IIThe OL 8 audit package must be installed.Oracle Linux 8 Security Technical Implementation Guide V-248520CAT IIOL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.Oracle Linux 8 Security Technical Implementation Guide V-271519CAT IIOL 9 must have the audit package installed.Oracle Linux 9 Security Technical Implementation Guide V-271520CAT IIOL 9 audit service must be enabled.Oracle Linux 9 Security Technical Implementation Guide V-253530CAT IIPrisma Cloud Compute must be configured to send events to the hosts' syslog.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-252846CAT IIRancher MCM must allocate audit record storage and generate audit records associated with events, users, and groups.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-280993CAT IIRHEL 10 must have the "audit" package installed.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-280994CAT IIRHEL 10 must enable the audit service.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-258151CAT IIRHEL 9 audit package must be installed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258152CAT IIRHEL 9 audit service must be enabled.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-275677CAT IIUbuntu OS must have the "auditd" package installed.Riverbed NetIM OS Security Technical Implementation Guide V-275678CAT IIUbuntu OS must produce audit records and reports containing information to establish when, where, what type, the source, and the outcome for all DOD-defined auditable events and actions in near real time.Riverbed NetIM OS Security Technical Implementation Guide V-261411CAT IISLEM 5 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217191CAT IISUSE operating system audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-207397CAT IIThe VMM must support an audit reduction capability that supports on-demand reporting requirements.Virtual Machine Manager Security Requirements Guide V-269586CAT IXylok Security Suite must use a central log server for auditing records.Xylok Security Suite 20.x Security Technical Implementation Guide