STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AC-6 (9) — Least Privilege

CCI-002234

Definition

Log the execution of privileged functions.

Parent Control

AC-6 (9)Least PrivilegeAccess Control

Linked STIG Checks (200)

V-76479CAT IIThe Akamai Luna Portal must audit the execution of privileged functions.Akamai KSD Service Impact Level 2 NDM Security Technical Implementation Guide V-274086CAT IIAmazon Linux 2023 must audit uses of the "execve" system call.Amazon Linux 2023 Security Technical Implementation Guide V-268090CAT IIThe NixOS audit package must be installed.Anduril NixOS Security Technical Implementation Guide V-222985CAT IIIApplication user name must be logged.Apache Tomcat Application Server 9 Security Technical Implementation Guide V-252462CAT IIThe macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all non-local maintenance and diagnostic sessions.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257168CAT IIThe macOS system must generate audit records for all account creations, modifications, disabling, and termination events; privileged activities or other system-level access; all kernel module load, unload, and restart actions; all program initiations; and organizationally defined events for all nonlocal maintenance and diagnostic sessions.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-268452CAT IIThe macOS system must be configured to audit all administrative action events.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277060CAT IIThe macOS system must be configured to audit all administrative action events.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-222431CAT IIThe application must audit the execution of privileged functions.Application Security and Development Security Technical Implementation Guide V-204785CAT IIThe application server must provide access logging that ensures users who are granted a privileged role (or roles) have their privileged activity logged.Application Server Security Requirements Guide V-237323CAT IThe ArcGIS Server must provide audit record generation capability for DoD-defined auditable events within all application components.ArcGIS for Server 10.3 Security Technical Implementation Guide V-255951CAT IIThe Arista network device must be configured to audit all administrator activity.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-219281CAT IIThe Ubuntu operating system must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238304CAT IIThe Ubuntu operating system must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260648CAT IIUbuntu 22.04 LTS must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270689CAT IIUbuntu 24.04 LTS must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-271939CAT IIThe Cisco ACI must automatically audit account creation.Cisco ACI NDM Security Technical Implementation Guide V-239921CAT IIThe Cisco ASA must be configured to audit the execution of privileged functions.Cisco ASA NDM Security Technical Implementation Guide V-215670CAT IIThe Cisco device must be configured to audit all administrator activity.Cisco IOS Router NDM Security Technical Implementation Guide V-220578CAT IIThe Cisco device must be configured to audit all administrator activity.Cisco IOS Switch NDM Security Technical Implementation Guide V-215815CAT IIThe Cisco device must be configured to audit all administrator activity.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220526CAT IIThe Cisco device must be configured to audit all administrator activity.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-220495CAT IIThe Cisco switch must be configured to audit the execution of privileged functions.Cisco NX OS Switch NDM Security Technical Implementation Guide V-269146CAT IIAlmaLinux OS 9 must audit uses of the "execve" system call.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269359CAT IIAlmaLinux OS 9 must require users to provide authentication for privilege escalation.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269360CAT IIAlmaLinux OS 9 must require users to provide a password for privilege escalation.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269361CAT IIAlmaLinux OS 9 must not be configured to bypass password requirements for privilege escalation.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269362CAT IIAlmaLinux OS 9 must require reauthentication when using the "sudo" command.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233164CAT IIThe container platform must audit the execution of privileged functions.Container Platform Security Requirements Guide V-255566CAT IIThe DBN-6300 must audit the execution of privileged functions.DBN-6300 NDM Security Technical Implementation Guide V-269774CAT IIThe Dell OS10 Switch must initiate session auditing upon startup.Dell OS10 Switch NDM Security Technical Implementation Guide V-235778CAT IIThe audit log configuration level must be set to request in the Universal Control Plane (UCP) component of Docker Enterprise.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-235779CAT IIThe host operating systems auditing policies for the Docker Engine - Enterprise component of Docker Enterprise must be set.Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-235831CAT IIAn appropriate Docker Engine - Enterprise log driver plugin must be configured to collect audit events from Universal Control Plane (UCP) and Docker Trusted Registry (DTR).Docker Enterprise 2.x Linux/UNIX Security Technical Implementation Guide V-266068CAT IIThe F5 BIG-IP appliance must be configured to audit the execution of privileged functions such as accounts additions and changes.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-234167CAT IIThe FortiGate device must audit the execution of privileged functions.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-203697CAT IIThe operating system must audit the execution of privileged functions.General Purpose Operating System Security Requirements Guide V-266950CAT IIAOS must audit the execution of privileged functions.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-268226CAT IIThe HYCU virtual appliance must audit the execution of privileged functions.HYCU Protege Security Technical Implementation Guide V-215246CAT IIAIX must provide audit record generation functionality for DoD-defined auditable events.IBM AIX 7.x Security Technical Implementation Guide V-65139CAT IIThe DataPower Gateway must audit the execution of privileged functions.IBM DataPower Network Device Management Security Technical Implementation Guide V-255784CAT IIThe MQ Appliance messaging server must provide access logging that ensures users who are granted a privileged role (or roles) have their privileged activity logged.IBM MQ Appliance V9.0 AS Security Technical Implementation Guide V-250325CAT IIThe WebSphere Liberty Server must log remote session and security activity.IBM WebSphere Liberty Server Security Technical Implementation Guide V-255820CAT IIThe WebSphere Application Server security auditing must be enabled.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-255821CAT IIThe WebSphere Application Server groups in the user registry mapped to WebSphere auditor roles must be configured in accordance with the security plan.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-255822CAT IIThe WebSphere Application Server users in the WebSphere auditor role must be configured in accordance with the System Security Plan.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-255823CAT IIThe WebSphere Application Server audit event type filters must be configured.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-255824CAT IIThe WebSphere Application Server audit service provider must be enabled.IBM WebSphere Traditional V9.x Security Technical Implementation Guide V-223544CAT IIIBM z/OS Required SMF data record types must be collected.IBM z/OS ACF2 Security Technical Implementation Guide V-255933CAT IIIBM Integrated Crypto Service Facility (ICSF) install data sets must be properly protected.IBM z/OS ACF2 Security Technical Implementation Guide V-223694CAT IIIBM RACF OPERAUDIT SETROPTS value must set to OPERAUDIT.IBM z/OS RACF Security Technical Implementation Guide V-223767CAT IIIBM z/OS required SMF data record types must be collected.IBM z/OS RACF Security Technical Implementation Guide V-223962CAT IICA-TSS ADMINBY Control Option must be set to ADMINBY.IBM z/OS TSS Security Technical Implementation Guide V-223963CAT IICA-TSS LOG Control Option must be set to (SMF,INIT, SEC9, MSG).IBM z/OS TSS Security Technical Implementation Guide V-223964CAT IICA-TSS MSCA ACID password changes must be documented in the change log.IBM z/OS TSS Security Technical Implementation Guide V-223998CAT IIIBM z/OS required SMF data record types must be collected.IBM z/OS TSS Security Technical Implementation Guide V-259734CAT IIThe IBM Security zSecure programs CKFCOLL and CKGRACF, and the APF-authorized version of program CKRCARLA, must be restricted to security administrators, security batch jobs performing External Security Manager (ESM) maintenance, auditors, and systems programmers, and must be audited.IBM zSecure Suite Security Technical Implementation Guide V-258601CAT IIThe ICS must be configured to audit the execution of privileged functions such as accounts additions and changes.Ivanti Connect Secure NDM Security Technical Implementation Guide V-213540CAT IIThe JBoss server must be configured to log all admin activity.JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide V-217330CAT IIThe Juniper router must be configured to audit the execution of privileged functions.Juniper Router NDM Security Technical Implementation Guide V-66551CAT IIIThe Juniper SRX Services Gateway must generate a log event when privileged commands are executed.Juniper SRX SG NDM Security Technical Implementation Guide V-223187CAT IIIThe Juniper SRX Services Gateway must generate a log event when privileged commands are executed.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-205546CAT IIThe Mainframe Product must audit the execution of privileged functions.Mainframe Product Security Requirements Guide V-220750CAT IIThe system must be configured to audit Account Management - Security Group Management successes.Microsoft Windows 10 Security Technical Implementation Guide V-220751CAT IIThe system must be configured to audit Account Management - User Account Management failures.Microsoft Windows 10 Security Technical Implementation Guide V-220752CAT IIThe system must be configured to audit Account Management - User Account Management successes.Microsoft Windows 10 Security Technical Implementation Guide V-220768CAT IIThe system must be configured to audit Policy Change - Authentication Policy Change successes.Microsoft Windows 10 Security Technical Implementation Guide V-220770CAT IIThe system must be configured to audit Privilege Use - Sensitive Privilege Use failures.Microsoft Windows 10 Security Technical Implementation Guide V-220771CAT IIThe system must be configured to audit Privilege Use - Sensitive Privilege Use successes.Microsoft Windows 10 Security Technical Implementation Guide V-220775CAT IIThe system must be configured to audit System - Security State Change successes.Microsoft Windows 10 Security Technical Implementation Guide V-220776CAT IIThe system must be configured to audit System - Security System Extension successes.Microsoft Windows 10 Security Technical Implementation Guide V-220777CAT IIThe system must be configured to audit System - System Integrity failures.Microsoft Windows 10 Security Technical Implementation Guide V-220778CAT IIThe system must be configured to audit System - System Integrity successes.Microsoft Windows 10 Security Technical Implementation Guide V-257589CAT IIWindows 10 must have command line process auditing events enabled for failures.Microsoft Windows 10 Security Technical Implementation Guide V-253328CAT IIThe system must be configured to audit Privilege Use - Sensitive Privilege Use failures.Microsoft Windows 11 Security Technical Implementation Guide V-257770CAT IIWindows 11 must have command line process auditing events enabled for failures.Microsoft Windows 11 Security Technical Implementation Guide V-224883CAT IIWindows Server 2016 must be configured to audit Account Management - Other Account Management Events successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224888CAT IIWindows Server 2016 must be configured to audit Detailed Tracking - Process Creation successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224900CAT IIWindows Server 2016 must be configured to audit Policy Change - Audit Policy Change successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224901CAT IIWindows Server 2016 must be configured to audit Policy Change - Audit Policy Change failures.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224902CAT IIWindows Server 2016 must be configured to audit Policy Change - Authentication Policy Change successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224903CAT IIWindows Server 2016 must be configured to audit Policy Change - Authorization Policy Change successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224904CAT IIWindows Server 2016 must be configured to audit Privilege Use - Sensitive Privilege Use successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224905CAT IIWindows Server 2016 must be configured to audit Privilege Use - Sensitive Privilege Use failures.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224906CAT IIWindows Server 2016 must be configured to audit System - IPsec Driver successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224907CAT IIWindows Server 2016 must be configured to audit System - IPsec Driver failures.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224908CAT IIWindows Server 2016 must be configured to audit System - Other System Events successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224909CAT IIWindows Server 2016 must be configured to audit System - Other System Events failures.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224910CAT IIWindows Server 2016 must be configured to audit System - Security State Change successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224911CAT IIWindows Server 2016 must be configured to audit System - Security System Extension successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224912CAT IIWindows Server 2016 must be configured to audit System - System Integrity successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224913CAT IIWindows Server 2016 must be configured to audit System - System Integrity failures.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224980CAT IIActive Directory Group Policy objects must be configured with proper audit settings.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224981CAT IIThe Active Directory Domain object must be configured with proper audit settings.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224982CAT IIThe Active Directory Infrastructure object must be configured with proper audit settings.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224983CAT IIThe Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224984CAT IIThe Active Directory AdminSDHolder object must be configured with proper audit settings.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224985CAT IIThe Active Directory RID Manager$ object must be configured with proper audit settings.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224987CAT IIWindows Server 2016 must be configured to audit DS Access - Directory Service Access successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224988CAT IIWindows Server 2016 must be configured to audit DS Access - Directory Service Access failures.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224989CAT IIWindows Server 2016 must be configured to audit DS Access - Directory Service Changes successes.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205769CAT IIWindows Server 2019 must be configured to audit Account Management - Other Account Management Events successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205770CAT IIWindows Server 2019 must be configured to audit Detailed Tracking - Process Creation successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205771CAT IIWindows Server 2019 must be configured to audit Policy Change - Audit Policy Change successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205772CAT IIWindows Server 2019 must be configured to audit Policy Change - Audit Policy Change failures.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205773CAT IIWindows Server 2019 must be configured to audit Policy Change - Authentication Policy Change successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205774CAT IIWindows Server 2019 must be configured to audit Policy Change - Authorization Policy Change successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205775CAT IIWindows Server 2019 must be configured to audit Privilege Use - Sensitive Privilege Use successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205776CAT IIWindows Server 2019 must be configured to audit Privilege Use - Sensitive Privilege Use failures.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205777CAT IIWindows Server 2019 must be configured to audit System - IPsec Driver successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205778CAT IIWindows Server 2019 must be configured to audit System - IPsec Driver failures.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205779CAT IIWindows Server 2019 must be configured to audit System - Other System Events successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205780CAT IIWindows Server 2019 must be configured to audit System - Other System Events failures.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205781CAT IIWindows Server 2019 must be configured to audit System - Security State Change successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205782CAT IIWindows Server 2019 must be configured to audit System - Security System Extension successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205783CAT IIWindows Server 2019 must be configured to audit System - System Integrity successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205784CAT IIWindows Server 2019 must be configured to audit System - System Integrity failures.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205785CAT IIWindows Server 2019 Active Directory Group Policy objects must be configured with proper audit settings.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205786CAT IIWindows Server 2019 Active Directory Domain object must be configured with proper audit settings.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205787CAT IIWindows Server 2019 Active Directory Infrastructure object must be configured with proper audit settings.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205788CAT IIWindows Server 2019 Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205789CAT IIWindows Server 2019 Active Directory AdminSDHolder object must be configured with proper audit settings.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205790CAT IIWindows Server 2019 Active Directory RID Manager$ object must be configured with proper audit settings.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205791CAT IIWindows Server 2019 must be configured to audit DS Access - Directory Service Access successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205792CAT IIWindows Server 2019 must be configured to audit DS Access - Directory Service Access failures.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205793CAT IIWindows Server 2019 must be configured to audit DS Access - Directory Service Changes successes.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254302CAT IIWindows Server 2022 must be configured to audit Account Management - Other Account Management Events successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254307CAT IIWindows Server 2022 must be configured to audit Detailed Tracking - Process Creation successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254319CAT IIWindows Server 2022 must be configured to audit Policy Change - Audit Policy Change successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254320CAT IIWindows Server 2022 must be configured to audit Policy Change - Audit Policy Change failures.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254321CAT IIWindows Server 2022 must be configured to audit Policy Change - Authentication Policy Change successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254322CAT IIWindows Server 2022 must be configured to audit Policy Change - Authorization Policy Change successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254323CAT IIWindows Server 2022 must be configured to audit Privilege Use - Sensitive Privilege Use successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254324CAT IIWindows Server 2022 must be configured to audit Privilege Use - Sensitive Privilege Use failures.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254325CAT IIWindows Server 2022 must be configured to audit System - IPsec Driver successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254326CAT IIWindows Server 2022 must be configured to audit System - IPsec Driver failures.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254327CAT IIWindows Server 2022 must be configured to audit System - Other System Events successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254328CAT IIWindows Server 2022 must be configured to audit System - Other System Events failures.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254329CAT IIWindows Server 2022 must be configured to audit System - Security State Change successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254330CAT IIWindows Server 2022 must be configured to audit System - Security System Extension successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254331CAT IIWindows Server 2022 must be configured to audit System - System Integrity successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254332CAT IIWindows Server 2022 must be configured to audit System - System Integrity failures.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254401CAT IIWindows Server 2022 Active Directory Group Policy objects must be configured with proper audit settings.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254402CAT IIWindows Server 2022 Active Directory Domain object must be configured with proper audit settings.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254403CAT IIWindows Server 2022 Active Directory Infrastructure object must be configured with proper audit settings.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254404CAT IIWindows Server 2022 Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254405CAT IIWindows Server 2022 Active Directory AdminSDHolder object must be configured with proper audit settings.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254406CAT IIWindows Server 2022 Active Directory RID Manager$ object must be configured with proper audit settings.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254408CAT IIWindows Server 2022 must be configured to audit DS Access - Directory Service Access successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254409CAT IIWindows Server 2022 must be configured to audit DS Access - Directory Service Access failures.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254410CAT IIWindows Server 2022 must be configured to audit DS Access - Directory Service Changes successes.Microsoft Windows Server 2022 Security Technical Implementation Guide V-278049CAT IIWindows Server 2025 must be configured to audit Account Management - Other Account Management Events successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278054CAT IIWindows Server 2025 must be configured to audit Detailed Tracking - Process Creation successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278066CAT IIWindows Server 2025 must be configured to audit Policy Change - Audit Policy Change successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278067CAT IIWindows Server 2025 must be configured to audit Policy Change - Audit Policy Change failures.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278068CAT IIWindows Server 2025 must be configured to audit Policy Change - Authentication Policy Change successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278069CAT IIWindows Server 2025 must be configured to audit Policy Change - Authorization Policy Change successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278070CAT IIWindows Server 2025 must be configured to audit Privilege Use - Sensitive Privilege Use successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278071CAT IIWindows Server 2025 must be configured to audit Privilege Use - Sensitive Privilege Use failures.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278072CAT IIWindows Server 2025 must be configured to audit System - IPsec Driver successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278073CAT IIWindows Server 2025 must be configured to audit System - IPsec Driver failures.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278074CAT IIWindows Server 2025 must be configured to audit System - Other System Events successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278075CAT IIWindows Server 2025 must be configured to audit System - Other System Events failures.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278076CAT IIWindows Server 2025 must be configured to audit System - Security State Change successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278077CAT IIWindows Server 2025 must be configured to audit System - Security System Extension successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278078CAT IIWindows Server 2025 must be configured to audit System - System Integrity successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278079CAT IIWindows Server 2025 must be configured to audit System - System Integrity failures.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278148CAT IIWindows Server 2025 Active Directory Group Policy Objects (GPOs) must be configured with proper audit settings.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278149CAT IIWindows Server 2025 Active Directory (AD) Domain object must be configured with proper audit settings.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278150CAT IIWindows Server 2025 Active Directory (AD) Infrastructure object must be configured with proper audit settings.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278151CAT IIWindows Server 2025 Active Directory (AD) Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278152CAT IIWindows Server 2025 Active Directory (AD) AdminSDHolder object must be configured with proper audit settings.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278153CAT IIWindows Server 2025 Active Directory (AD) RID Manager$ object must be configured with proper audit settings.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278155CAT IIWindows Server 2025 must be configured to audit DS Access - Directory Service Access successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278156CAT IIWindows Server 2025 must be configured to audit DS Access - Directory Service Access failures.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278157CAT IIWindows Server 2025 must be configured to audit DS Access - Directory Service Changes successes.Microsoft Windows Server 2025 Security Technical Implementation Guide V-278158CAT IIWindows Server 2025 must be configured to audit DS Access - Directory Service Changes failures.Microsoft Windows Server 2025 Security Technical Implementation Guide V-260914CAT IIAudit logging must be enabled on MKE.Mirantis Kubernetes Engine Security Technical Implementation Guide V-202094CAT IIThe network device must audit the execution of privileged functions.Network Device Management Security Requirements Guide V-254130CAT IINutanix AOS must audit the execution of privileged functions.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279545CAT IINutanix OS must audit the execution of privileged functions.Nutanix Acropolis GPOS Security Technical Implementation Guide V-221777CAT IIThe Oracle Linux operating system must audit all executions of privileged functions.Oracle Linux 7 Security Technical Implementation Guide V-248722CAT IIThe OL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.Oracle Linux 8 Security Technical Implementation Guide V-271570CAT IIOL 9 must audit uses of the execve system call.Oracle Linux 9 Security Technical Implementation Guide V-271724CAT IIOL 9 must require users to reauthenticate for privilege escalation.Oracle Linux 9 Security Technical Implementation Guide V-271725CAT IIOL 9 must require users to provide a password for privilege escalation.Oracle Linux 9 Security Technical Implementation Guide V-271726CAT IIOL 9 must not be configured to bypass password requirements for privilege escalation.Oracle Linux 9 Security Technical Implementation Guide V-273788CAT IIThe RUCKUS ICX device must initiate session auditing upon startup.RUCKUS ICX NDM Security Technical Implementation Guide V-252844CAT IIRancher MCM must generate audit records for all DoD-defined auditable events within all components in the platform.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-254555CAT IIRancher RKE2 components must be configured in accordance with the security configuration settings based on DOD security configuration or implementation guidance, including SRGs, STIGs, NSA configuration guides, CTOs, and DTMs.Rancher Government Solutions RKE2 Security Technical Implementation Guide V-281116CAT IIRHEL 10 must generate audit records for successful and unsuccessful uses of the "execve" system call.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-204516CAT IIThe Red Hat Enterprise Linux operating system must audit all executions of privileged functions.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-258176CAT IIRHEL 9 must audit uses of the "execve" system call.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257560CAT IIOpenShift must enforce access restrictions and support auditing of the enforcement actions.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-275452CAT IThe Riverbed NetIM must enable and configure user audit logging.Riverbed NetIM NDM Security Technical Implementation Guide V-275733CAT IIUbuntu OS must prevent all software from executing at higher privilege levels than users executing the software, and the audit system must be configured to audit the execution of privileged functions.Riverbed NetIM OS Security Technical Implementation Guide V-256072CAT IThe Riverbed NetProfiler must be configured to automatically generate DOD-required audit records with sufficient information to support incident reporting to a central log server.Riverbed NetProfiler Security Technical Implementation Guide V-254089CAT IIInnoslate must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.SPEC Innovations Innoslate 4.x Security Technical Implementation Guide V-261462CAT IISLEM 5 must generate audit records for all uses of privileged functions.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217209CAT IIIThe SUSE operating system must generate audit records for all uses of the privileged functions.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide