STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 4 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← AU-6 (4) — Audit Record Review, Analysis, and Reporting

CCI-003821

Definition

Implement the capability to centrally review and analyze audit records from multiple components within the system.

Parent Control

AU-6 (4)Audit Record Review, Analysis, and ReportingAudit and Accountability

Linked STIG Checks (14)

V-272632CAT IICylanceON-PREM must be configured to support integration with a third-party Security Information and Event Management (SIEM) to support notifications.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-276014CAT IAx-OS must off-load audit records onto a different system or media than the system being audited.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-263558CAT IIThe Central Log Server must implement the capability to centrally review and analyze audit records from multiple components within the system.Central Log Server Security Requirements Guide V-263587CAT IIThe container platform must implement the capability to centrally review and analyze audit records from multiple components within the system.Container Platform Security Requirements Guide V-263604CAT IIThe DBMS must implement the capability to centrally review and analyze audit records from multiple components within the system.Database Security Requirements Guide V-263625CAT IIThe DNS server implementation must implement the capability to centrally review and analyze audit records from multiple components within the system.Domain Name System (DNS) Security Requirements Guide V-263671CAT IIThe Mainframe Product must implement the capability to centrally review and analyze audit records from multiple components within the system.Mainframe Product Security Requirements Guide V-276267CAT IIAzure SQL Managed Instance must implement the capability to centrally review and analyze audit records from multiple components within the system using a service such as Azure Log Analytics.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-272889CAT IMicrosoft Defender for Endpoint (MDE) must be connected to a central log server.Microsoft Defender for Endpoint Security Technical Implementation Guide V-279334CAT IIMongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components.MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide V-221621CAT IIISplunk Enterprise must be configured to aggregate log records from organization-defined devices and hosts within its scope of coverage.Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-251663CAT IIISplunk Enterprise must be configured to aggregate log records from organization-defined devices and hosts within its scope of coverage.Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-264339CAT IIThe web server must implement the capability to centrally review and analyze audit records from multiple components within the system.Web Server Security Requirements Guide V-269586CAT IXylok Security Suite must use a central log server for auditing records.Xylok Security Suite 20.x Security Technical Implementation Guide